Open Source Forum 2018

Open source has helped numerous industries transition. The energy industry is challenged with new demands from electric vehicles, has new sources of renewable energy coming online and new capacity planning and operational capabilities that AI can unlock. Come hear about the open source community called LF Energy and how key participants in the industry are trying to collaborate on software that can help accelerate beneficial solutions.

As more devices come online and start sharing
data to clouds from the edge,  effective real-time interaction
has become crucial.   The Real-Time Linux project has been
working on getting the PRE-EMPT RT patches upstream in
mainline for the last couple of years, and improving the
kernel infrastructure in this area as it progress.   This talk will
provide an overview of the status of the Real-Time Linux project.  
It will also review what's happening in the ecosystem of devices where
Linux is too big and the progress the Zephyr project is making to
address the issues in this space.

Consider first what perfect security is: for an internet connected
computer you fear may be compromised into revealing its secrets pulling
out the network cable and powering it off makes it impregnable against
remote hackers; it's perfectly secure but also perfectly useless.  The
point in this facile example is that security is not an isolated
property to be sought but a tradeoff to be made among competing
priorities and for the rest of this talk we'll discuss how that
tradeoff is made and why people are often encouraged for political
reasons to make it wrongly.

The first example we'll explore is containerisation.  Everyone likely
knows about devops and immutable infrastructure, but few people
appreciate that containers actually significantly shifted the
boundaries of security responsibility in a way that makes it much
easeir for cloud tenants to secure their services.

Finally we'll look at snake oil in security ... like the patent
medicine salesmen of old, many claims are made, but few are
scientifically proven.  However, recent advances in security research
have changed this and we now have ways of accurately measuring what was
once dangerously heuristic and thanks to these new measurements we can
reveal a few surprising results.

Measuring individual, group and organizational performance is a complex, layered endeavor. The more it seems we can measure, the less clear the meaning of those measurements become. This session is framed to describe the challenges and opportunities for measuring the health and sustainability of Open Source Software Projects during the first two years of the CHAOSS[1] project’s operations. Licensing Risk is once of several considerations for project health assessment, and this session will pay particular attention to situating those kinds of risks in the CHAOSS ecosystem.
The CHAOSS Project aims to:
·       Establish standard implementation-agnostic metrics for measuring community activity, contributions, and health
·       Produce integrated open source software for analyzing software community development
·       Build reproducible project health reports/containers
Striving toward those goals, CHAOSS now defines a set of use cases, goals, questions and metrics. In “Growth Maturity and Decline”[2], the defined metrics number over 50, and many of them are now implemented in the two main open source software packages being developed around CHAOSS: GrimoireLab and Augur[3]. Working groups focused on “Diversity & Inclusion”[4], “Risk” and “Value” round out the CHAOSS project’s organization.

[1] http://chaoss.community
[2] https://github.com/chaoss/wg-gmd
[3] https://github.com/chaoss/augur
[4] https://github.com/chaoss/wg-diversity-inclusion