All posts by rbowen

Open Source and The Cloud

I had something of an epiphany in the shower this morning. I discovered that I actually agreed with Bradley Kuhn about something.

TLDR: Is “the cloud” a threat to Open Source? I stopped working on an Open Source calendaring project because of Google Calendars.

Several months ago I attended (part of) a talk by Bradley about how The Cloud (whatever that is) is a threat to Free Software. (Yes, I know what The Cloud is. Snarky remark in reference to all the different things The Cloud might mean to various people. See Simon Wardley’s wonderful talk about what the cloud is.)

His reasons struck me as so outside of my way of thinking about software that I ended up leaving the talk. Oh, also, Skippy wanted to go to lunch, and that sounded like a lot more fun. Nothing personal, Bradley. He was talking about how something like Google Calendar (actually his example was GMail, but hold on a minute) was a threat to Free Software because the code, even though it’s in Javascript and right there in front of you, can’t really be inspected (ie, you can’t learn from it) because it’s hugely obfuscated. Also, you can’t see the back end. So here’s a service you can use for “free”, but it’s not Free, because it’s in chains, metaphorically speaking.

Then, this morning, I was thinking about why people are involved in Free/Open Source software, but also why they stop being involved, and I realized something.

I used to have a web-based calendar thingy. It was written in Perl, and it was really very cool. In fact, it not only started my passion for Open Source (it was the first thing I ever had on CPAN, and it was the first software that I ever wrote which was featured in a book!) it also paid my mortgage for a few years. I used to write calendaring applications for the General Motors Desert Proving Grounds in Mesa, Arizona. Although that plant is long closed, their scheduling ran on my software. If you wanted to schedule a test on the dust track (tests a vehicles various rubber seals to make sure they keep out dust, as well as handling in those conditions) you used the web-based scheduling application, called D.U.S.T. (I forget what it stands for – Dusttrack Usage Scheduling Tool or something) and scheduled it. This worked better than grubby bits of paper, because it didn’t get lost, and you always could get to it without walking down the hallway.

Also, when I was at Databeam, back in the late 90s, I wrote a similar application for scheduling conference rooms (clever name: Conference Rooms). I went up to the front desk one day and stole the conference room scheduling book and hid it, forcing everyone to use the online scheduling app. Strangely, it worked, and I didn’t get fired.

Then, I got involved in a project called Reefknot, which was an implementation of various international calendaring standards, in Perl. That was humming along nicely. And I had a dozen different calendar modules on CPAN.

By the way, in case you don’t know, calendaring is hard. Sure, it looks easy, but then you get into things like “every other Monday at 10am, except during company vacations.” Or possibly “the last day of each month.” Think for a little while about how you’d implement that, and your brain will start to melt just a little. “every monday” suggests a simple solution, but as soon as you start having to deal with exceptions, things get very very complicated. And what with different length months and leap years … and don’t even get me started on time zones. *shudder*

Anyways, then something called Google Calendar came along. It worked with all of the various calendaring applications. It did the various calendaring specifications, including the long-elusive CalDav. We were all very excited in the calendaring community, but then an odd thing happened. People stopped working on calendaring stuff. Because, you know, it’s already done.

So, I stopped working on an Open Source project because there was an implementation in the cloud. (ie, online somewhere.)

So, was Bradley right? Did Google Calendar kill the Reefknot project specifically because it’s closed source? Yes, in a sense. I don’t believe, as the FSF does, that closed source is intrinsically immoral. But there’s a direct correlation between the projects I no longer work on, and great cloud based implementations of the same functionality, where I don’t have access to the source to participate.

Furthermore, as my interaction with software is increasingly via a browser, and not via running software on my own computer, I have less and less incentive – and ability – to tinker with those things.

Now, I’m weird, I still run several of my own servers. Granted, those servers are “in the cloud”, meaning that I have no idea where they are physically located. But I have root on them. I build software from source on them, and tinker with that source from time to time. I tinker with the source code of my blog, even though there’s a good blogging platform “in the cloud”, but I also have several blogs on Blogger, simply because it’s simple and I don’t want to monkey with it.

So, although I disagree with Bradley’s philosophically, I find that he may be completely right for more pragmatic reasons.

But at the same time, Open Source has a whole new rebirth of late, and there continue to be ever more exciting projects out there. I’m much more concerned about my kids, and what they will find to hack on. My son is a hacker. He likes to build stuff, take stuff apart, break it and fix it, figure out how it works. I don’t know if I’m doing an adequate job of encouraging this. I really need to get him a subscription to Make magazine. I wonder, however, when he gets a little older, if he’ll be interested in programming. I think he’d be really good at it, but it would be a great shame if the removal of applications to The Cloud also results in a lack of opportunities to hack on code.

Podcasting with Open Source

For the last couple of weeks, I’ve been posting podcasts to the Sourceforge blog. (You can subscribe to our podcast HERE or in the iTunes store.)

Almost everything that I do in the process relies on Open Source software developed at Sourceforge, so I wanted to take a moment to thank those projects.

Recording and editing: Audacity

I record with a Blue Snowball with a shock mount, which is a USB mic that I can plug directly into my laptop. If you’re looking for a mic to get started with, I recommend this one. It’s easy to use, and gives excellent sound quality.

Usually I record the calls using Skype and Call Recorder. This is the one piece of non-free software that I use in the process. It’s free, in the sense that I didn’t pay for it, but it is closed-source. While there are alternatives, it’s not always reasonable to expect the person that I’m calling to install and configure new software just so that they can talk with me for ten minutes. Pragmatism has its place.

The editing is all done in Audacity. I’ve long been a big fan of Audacity. I have other recording programs, including some commercial ones, but haven’t yet found anything that beats Audacity for either functionality or ease of use. Some of the commercial apps do more, but so far it hasn’t been anything that I needed to do. Also, their documentation is simply wonderful, including detailed explanations of even simple features. Additionally, there are numerous community-created howto videos showing how to do various tasks.

Until recently, I was using GarageBand for one particular part of the podcast creation process involving merging several different tracks seamlessly, and found a video showing me how to do this in Audacity.

So, I use Audacity to clip out the smalltalk, the um’s and ah’s, and try to edit the conversation down to the essentials, so that you’re not forced to listen to a lot of extras. I know that I have trouble finding the time to listen to the few podcasts I follow, and if it’s much more than 10 minutes, I tend to move on. I try to respect your time in the same way.

Audacity exports in MP3 and Ogg Vorbis formats, which many commercial tools don’t do.

Editing ID3 tags: kid3

When necessary, I use Kid3 to update the ID3 tags on the MP3 and Ogg files. This is a final sanity check to make sure that the files we push out all have consistent tagging, so that they’ll show up in the same place in your various audio programs. Kid3 is one of those delightful pieces of software that just works. No unnecessary extras. It’s small and fast and efficient, and gets the job done.

Uploading: Filezilla

Yes, I could just use command-line scp, and often I do. But Filezilla integrates well into my workflow, so I use it sometimes to copy these resulting audio files up to the staging area so that the folks I’ve been interviewing can review the recording before I push it out to the blog. Filezilla is another piece of software that just works. It is intuitive and doesn’t require a great deal of setup or explanation in order to get it to do what you need.

That’s all

Sure, it’s not a big toolchain for this task. And I continue to look for ways that I can replace non-free components of it with Open Source software. I have, for example, come across a few references to projects that were presumably Open Source implementations of the Skype protocol. Unfortunately, they all seem to be abandoned projects, which was sad. However, as I said above, pragmatism has its place, and one has to get the job done.

Terrorists and Freedom Fighters

Today is Jamhuri Day – Republic Day – in Kenya, the day when we celebrate Kenya’s establishment as a republic in 1964.

Yesterday I was reading the Wikipedia article about it, and it stated that the day is often associated with Dedan Kimathi. I found this very odd because I had never heard that it was associated with him, and I had only ever heard of him as a terrorist, monster, and murderer. I had never once considered him as a national hero.

But it turns out that in 2006 the Kenya government erected a bronze statue of him right across from the Hilton. I was completely unaware of this, and it strikes me as revisionist history in the worst way.

However, this morning I was thinking, as I often have before, how the distinction between freedom fighter and terrorist is entirely one of perspective. After all, Castro, Khadaffi, Mugabe were all freedom fighters, and George Washington was a notorious terrorist.

It also makes me wonder how much of my understanding of Mau Mau is based on the fact that I was myself a white person in Kenya at a time when most people still remembered Mau Mau. The Mau Mau were savage monsters who massacred indiscriminately out of unrestrained bloodlust.

And of course that is most assuredly a grossly slanted view, too, with the truth being somewhere in the middle, as it usually is. Kenyatta, one of the early leaders of the movement, was arrested in 1952 and remained in prison for the entire period of the ‘Kenya Emergency’, as it was called, but after that he became Kenya’s first president.

It used to be that history was written by the winners. In the day of Wikipedia, history is as often written by people trying to clarify old oppression. I think I should finally read Facing Mount Kenya, and whatever other first-hand accounts of Mau Mau I can find. I’d really like to know how much of my “knowledge” about Mau Mau is just the British perspective I got in school.

Privacy, security, and data integrity in "The Cloud"

The following are thoughts I wrote up in anticipation of Thursday’s Ask Slashdot, where I was discussing “The Cloud” with the Slashdot community.

The Question:

“With so much personal data being kept on the cloud, including government and health records, do you have any concerns about it falling into the wrong hands? Do you think the cloud’s benefits are outweighed by continuing security issues?”

I used to be a security “expert” (at least according to my business card), but that was long enough ago, and things have changed sufficiently since then, that I no longer make that claim. However, back then, most of our customers happened to be in healthcare in some form or another, and I was appalled, on a daily basis, how insecure their data was. Any high school kid with some tools could completely own their network servers with very little effort. We hired one of those high school kids, and he frequently did.

Furthermore, with a little sweet talking, or looking under keyboards, we got access to all the stuff that he didn’t. Granted, this was in the days immediately before HIPAA, and in the first days after HIPAA (health care related data privacy/security legislation in the USA, circa 1996 and following, more stringently enforced after about 2002 or so) when people were trying to figure out how to implement the requirements. I naively hope that HIPAA has corrected some of the most glaring of these problems.

It’s hard to imagine that putting data “in the cloud”, whatever that happens to mean in the particular case under discussion, could be any less secure than where they’re already storing your data.

Every time I go to a doctor’s office and have to fill out all the same data, yet again, or when I have to fill out yet another government form with all the same information that they already have, often two or three times on the same set of forms, I think, why, in 2011, do I have to fill out these forms at all, when they already have so much information on me that should be readily accessible? A retinal scan, or even an ID number, should be sufficient to avoid this. Why haven’t we solved this problem yet? (Yes, that’s a very naive position, largely inspired by the frustration of filling out the 8th form while other peoples’ kids run around screaming and sneezing on me.)

One obvious requirement that should be placed on any “in the cloud” service where my medical information is stored is that the software securing it must be Open Source. This should be a requirement that we all demand. If you say that my data is secure, prove it to me by letting me inspect your code, do a security audit, and patch holes that I find.

I’ve long thought that government software should be software of the people, by the people, for the people. If I pay for the development of software that used to run, say, the TSA, then I should have access to that code. And if the IRS is using software to store my data, I should have access to that code so that I can verify that it’s secure, and is calculating my tax refund correctly.

I’m not sure, as a non-lawyer who has never worked as a government contractor, whether such demands are at all realistic or probable, but I still think it’s worth making the demands. While I’m confident that *my* congress critter didn’t understand the letter I sent him on the subject (at least, based on his content-free response), I would encourage you to contact yours, and maybe there’s one out there that would understand.

Now, having said all of that, it’s worth noting that the phrase “in the cloud” is, for the most part, rubbish. Servers “in the cloud” are installed, secured, and maintained, by sysadmins like you and me. Some of those sysadmins are good at what they do, and some of them aren’t. “The cloud” is not intrinsically secure or insecure, because “the cloud” is not a definable entity, as much as the tech press wants it to be. This is a misnomer perpetrated by the poorly-informed press, and not really something that’s based in reality.

Every time we read an article about “the cloud”, it’s useful to take a moment to consider what it actually means in that particular scenario.

Although “the cloud” means “I don’t care where my servers are”, there are in fact actual servers somewhere, and there’s an actual person or team of persons responsible for maintaining that server or servers, and they are either good at their job, or they aren’t. Talking about “the cloud” as though it’s one homogeneous mush of data is nonsense, and leads to all sorts of false conclusions.

Ask Slashdot

I’ll be on “Ask Slashdot” tomorrow, answering questions about “The Cloud” and security. This is not exactly my area of expertise, which hardly means that I am without opinions. Being ignorant gives me free rein to have opinions.

I’m reminded, of course, of the last time I was on Slashdot. You’ll note, if you actually subject yourself to the comments, that practically every comment is either about my choice of Comic Sans font (it actually wasn’t Comic Sans, but another one that looks sort of like it), the fact that the presentation was written in Powerpoint (it wasn’t, actually, it was in Apple Keynote) or the fact that the file is a PDF (guilty).

Now, bear in mind that this was a JOKE presentation, given as a lightning talk at ApacheCon. It was intended to be humorous. It got a standing ovation. People still talk about that presentation at every ApacheCon since then.

Note also, that the PDF file in question is 666k.

You’re not supposed to take this seriously.

But the Slashdot crowd saw it as an opportunity to be superior and cruel, without actually reading what they were commenting about.

My career has wandered many places since then. I’ve changed what I do a number of times, none so large a change as joining Sourceforge. But the ability of commenters, on Slashdot and elsewhere, to be superior and cruel has only grown since then. So, I’m a little trepidatious. (Yes, it’s a word.)

Advent Calendar

I’ve always loved advent calendars. They help kids deal with the seemingly endless stretch to Christmas. And I love seeing what’s behind the next door every morning.

This year, I made one. In part, it was an excuse to buy power tools, but also I had a lot of fun making it.

Advent Calendar

I used a jig saw to cut out the pieces, starting each piece by drilling a hole just large enough to insert my smallest jig saw blade, and also drilling a larger hole directly in the middle, exactly the same size as the dowel rod. You can see that in some of the pictures. After cutting out the piece, I sanded off the end of the dowel rod, cut a piece between one and two inches long, and inserted it into the center hole with some wood glue. Each piece was numbered (1 to 25) as I took them out.

When I was done cutting out all the pieces, I laid the board over the backboard, and traced out each hole on the backboard in pencil, and put the piece number on there too. Then I stained the front board and painted each piece and wrote the number on it in silver marker once it dried.

I then painted something in each space on the backboard, and erased the pencil marks, and wrote the number on there, too. I used a spray shellac to seal all of this so that it will last for a few years.

Finally, I used wood glue to put the front and back boards together, clamping them for several hours.

See the finished results on flickr.

Speedometer

Speedometer
November 26, 2011

He already doesn’t watch the road,
handlebars weaving about as his eyes are
everywhere
but in front.
Now he wants a speedometer
to gauge the break-neck speed
as he hurtles about
intent on breaking
something.
Anything.

Every father’s dilemma:
kill the joy,
or the son?

Twilight

Yes, I read Twilight. I wanted to be informed before dismissing it as teenage-girl boyfriend/girlfriend tripe masquerading as a vampire novel.

So, now that I’ve read it – it is indeed heavy on the tripe, light on the vampire. After reading Anne Rice, or Dracula, or anything else in that genre, this doesn’t really measure up.

After enduring about 80% of the book (according to the Kindle) there is a couple chapters of really good action, with something of a promise of character development that doesn’t quite develop, and then it goes back to the boyfriend/girlfriend tripe. Rather disappointing, and not promising enough that I’d consider reading the rest of the series.

But at least I’m no longer calling something rubbish that I haven’t read.

OmniTI: What I’ve learned

(This is long. Summary: OmniTI is the best technology company around, and they do a lot of things right.)

Today is my last day at OmniTI, after just over two years. Yesterday I had my exit interview, and I want to record some of my thoughts from that before they get away. Andi asked me a few questions, and I talked a lot.

OmniTI has been a great place to work. I have (almost) no complaints. It’s a fantastic company, with fantastic coworkers.

Several things stand out.

First – OmniTI has a way of telling the customer the truth without being discourteous. The customer is always right, except when they’re not. Many technology people have a way of telling the customer they’re wrong in an arrogant or condescending way. I’ve never seen that at OmniTI.

Sometimes customers come with a problem they want solved. Other times they come with a solution they want implemented. In this latter case, you have the choice of blindly doing what they ask, or helping them evaluate the options, and possibly steering them towards better solutions. Doing this without an “I know everything better than you” attitude is a skill that takes practice, and doesn’t generally come naturally to those of us who are computer guys. I’ve watched Theo and Clinton do this over the last two years, and have been continually impressed with their professionalism.

Second, I’ve been impressed with the intentional, dedicated way which people at OmniTI strive to better themselves – to learn, improve, and expand their skill set. I have been particularly impressed with my manager, Clinton, and his effort to become a better manager. Managing geeks isn’t easy. We are an unmanageable bunch. We are always right, and don’t like to be told otherwise.

I was put on Clinton’s team when he was a new manager, and watched him work really hard at becoming a better manager. He asked us how he was doing, and he took our comments seriously, and acted on them. He admitted when he’d realized he’d done something wrong, and he celebrated when we did things right, while still being very forthright with us when we did things wrong. He knows when to ask our opinion about decisions, and when to stop the discussion and make the decision.

And he demands excellence — which I’ll talk about more in my third point in a moment.

On the whole, Clinton has turned into one of the better managers I’ve ever had.

My third point is about demanding excellence. I have worked a lot of code monkey jobs. You get vague requirements, and you slam out some code that does what you interpret them to mean, and you move on, hoping nobody ever looks at the code.

Not at OmniTI.

At OmniTI, software is a craft. It’s really the first time that I’ve taken the term Software Engineering seriously, or, rather, seen it done really seriously. I’ve had glimpses of it before, mostly with people like Schwern, and others in the Perl community in the late 90s and early 00’s. But at OmniTI, I had excellence demanded of me as never before. It has caused me to look at software development in a new way, and look back a little sheepishly at some of my earlier efforts.

Fourth, OmniTI has a philosophy of “everyone knows everything.” It’s not sufficient to be a Perl coder. You must also know JavaScript and CSS and HTML and a little Python, PHP, C, and Java, because that gives you a whole-picture view that informs your Perl code. That’s not to say that we don’t have experts. We do. We have some of the most amazing UI experts I’ve ever worked with. But they can read Perl code and debug PHP and can homebrew as well.

I have learned more Javascript, CSS, and Python in the last two years than in the previous 15.

And it’s more than just crosstraining so that the project can keep on if someone leaves. OmniTI really cares about the professional development of its employees. I’ve only worked one other place (Hi, Paul!) where I felt that the professional development of employees was this important.

One final thing – Openness. Several times, Andi asked “How could OmniTI do X better”, and each time, I had to answer, well, I had some suggestions to that end, and I talked with someone about them, and things got better. Every time.

I had some complaints with Clinton when I started working for him, as my Beloved will affirm. I talked with him. Things got better. This is not to say that I was right and he was wrong. Rather, we had several good conversations in which we understood one another better. This happened in manager/employee issues as well as technical issues. None of them were big deals, but I can see that other managers might have made them big deals by refusing to be open about things, or insisting that they were right in all things.

I’ve never had any patience with finding out things in an annual review. If you have a complaint about me, I want to hear about it when it happens, not months later. People at OmniTI consistently told me as soon as a problem came to light so that it could be addressed before it became a big deal. There should never be a surprise in an annual review.

So, there’s the gist of my exit interview. I expect I said other wise and insightful things. You could ask Andi to fill you in.

So, with all of these glowing things to say about OmniTI, why am I leaving? Well, I’ve been working in Open Source since about 1998. It’s my passion. My day job has always been something that I did to pay for the parts of my life that matter, but Open Source has always been relegated to the spare change of my time, when I’m tired and have other things to think about as well. If I don’t close those last 29 open documentation bugs on the Apache http server, nobody will think less of me. But it’s my passion.

Several weeks ago, Steve Jobs died. I’ve never been the Apple fanboy, nor have I been a resident of the Reality Distortion Field. But on the day Steve died, I watched his Stanford commencement address, and one thing struck me. Find your passion. If you haven’t found it yet, keep looking. Don’t settle for a job that you’re not passionate about.

When the position at Sourceforge opened up, it was immediately obvious to me that this was an opportunity that I couldn’t let slip by, even if it meant taking a huge risk. So here we are.

(If you haven’t watched that commencement address, you really should. It’s short, and it’s worth your time.)

A new opportunity to learn

Two years ago I had the opportunity to become a part of OmniTI, where I have learned more than I imagined possible. I learned about how serious software engineering is done. I learned about scalability, and redundancy. I learned how to deploy web apps in environments where there’s no tolerance for failure, as well as how to deal gracefully with that failure when it happens.

I’ve had the chance to work with some great people, and on some amazingly cool and interesting projects.

Now, I have the opportunity to learn something new.

At the beginning of November, I will be joining the team at SourceForge, where I will be the (tentatively titled) Community Growth Hacker. I’ll be working with tens of thousands of Open Source communities, spanning many technologies, licenses, and nations, and helping them be successful.

I wrote yesterday about the many definitions of success. I expect that conversation to continue for years to come.

In my office, I have the center panel of this Dilbert comic strip. I’ve long since forgotten the remainder of the strip. That, in combination with listening to a speech by Steve Jobs late last week, gave me the little extra nudge I needed to take this risk. It’s a big change in what I’m doing 9-to-5, but it’s in line with where my passions have been for the last 15 years.

I have a lot to learn, and I welcome this exciting opportunity to learn from thousands of talented people, and hope to share with them some of my experience from the last decade in Open Source. I think I might have a few things to teach, but I know I have much still to learn.