Open Source Yearbook 2016

Authors opensource.com

Plaintext

.................... OPENSOURCE.COM

Opensource.com publishes stories about creating, adopting, and sharing
open source solutions. Visit Opensource.com to learn more about how the
open source way is improving technologies, education, business, government,
health, law, entertainment, humanitarian efforts, and more.

Submit a story idea: https://opensource.com/story

Email us: open@opensource.com

Chat with us in Freenode IRC: #opensource.com

Open Source Yearbook 2016 .O
pensource.com 3
..............
.. ... . . . . . . .
.. .. .... A U T O G R A P H S . . .. .. .. . . . . . . .
..............
.. ... . . . . . . .
.. .. .... A U T O G R A P H S . . .. .. .. . . . . . . .
. ........
... .. ...
O P E N S O U R C E . C O M .. .. .. ....
. .
W R I T E F O R U S
.............. ..
.............
7 big reasons to contribute to Opensource.com:
1 Career benefits: “I probably would not have gotten my most recent job if it had not been for my articles on
Opensource.com.”

2 Raise awareness: “The platform and publicity that is available through Opensource.com is extremely
valuable.”

3 Grow your network: “I met a lot of interesting people after that, boosted my blog stats immediately, and
even got some business offers!”

4 Contribute back to open source communities: “Writing for Opensource.com has allowed me to give
back to a community of users and developers from whom I have truly benefited for many years.”

5 Receive free, professional editing services: “The team helps me, through feedback, on improving my
writing skills.”

6 We’re loveable: “I love the Opensource.com team. I have known some of them for years and they are
good people.”

7 Writing for us is easy: “I couldn't have been more pleased with my writing experience.”

Email us to learn more or to share your feedback about writing for us: https://opensource.com/story
Visit our Participate page to more about joining in the Opensource.com community: https://opensource.com/participate
Find our editorial team, moderators, authors, and readers on Freenode IRC at #opensource.com: https://opensource.com/irc

F O L L O W U S
.............. ..
.............
Twitter @opensourceway: https://twitter.com/opensourceway
Google+: https://plus.google.com/+opensourceway
Facebook: https://www.facebook.com/opensourceway
Instagram: https://www.instagram.com/opensourceway
IRC: # opensource.com on Freenode

All lead images by Opensource.com or the author under CC BY-SA 4.0 unless otherwise noted.

6 Open Source Yearbook 2016 .O
pensource.com
FROM THE
. ........
... .. ...
E D I T O R .. .. .. ....
. .
Dear Open Source Yearbook reader,
In 2015, Opensource.com published the first Open Source Yearbook [1], a collaboration with open
source communities to collect a diverse range of stories from the year. Thanks to contributions from
more than 25 writers, the 2016 edition is even bigger and highlights more than 100 organizations,
projects, technologies, and events. Here are a few of the many individuals who help create the 2016
Open Source Yearbook:
• Anderson Silva–Release Engineer in IT at Red Hat
• Anna Morrow–Marketing Manager at No Starch Press
• Ben Cotton–Meteorologist, high-performance computing engineer, technical evangelist
at Cycle Computing, and Opensource.com community moderator
• D Ruth Bavousett–Perl Developer at cPanel and Opensource.com community moderator
• Daniel J Walsh–Leads the RHEL Docker enablement team
• David Both–Linux and open source advocate, Opensource.com community moderator
• Gordon Haff–Red Hat’s cloud evangelist
• Greg Kroah-Hartman–Linux kernel maintainer and a Linux Foundation fellow
• Jason Baker–Technical editor and SEO specialist on Opensource.com
• Jen Wike Huger–Opensource.com content manager
• Jeremy Garcia–Founder of LinuxQuestions.org and Opensource.com community moderator
• Jono Bacon–Community manager, speaker, author, podcaster, consultant, and Opensource.com
community moderator
• Josh Simmons–Community organizer and short stack web developer who works on the
Google open source outreach team and sits on the OSI board of directors
• Libby Clark–Digital Content Editor at The Linux Foundation
• Máirín Duffy–Principal Interaction Designer at Red Hat
• Nithya A. Ruff–Director of Western Digital’s Open Source Office,
Opensource.com community moderator
• Paul Brown–Tech journalist and editor
• Rachel Roumeliotis–Strategic Content Director at O’Reilly Media, Inc., and a Programming
Chair of OSCON, O’Reilly’s Software Architecture Conference, and Fluent
• Rich Bowen–Community Liaison for the RDO project, which is a packaging of OpenStack for
CentOS/Fedora/RHEL
• Richard Fontana–Senior Commercial Counsel on the Products and Technologies team at Red Hat
• Richard Gall–Copywriter, Content Strategist, and Communications Manager at Packt
• Robin Muilwijk–Advisor Internet and e-Government, and Opensource.com community moderator
• Ruth Suehle–Community leadership manager for Red Hat’s Open Source and Standards team
• Scott Nesbitt–Writer, technology coach, and Opensource.com community moderator
• Seth Kenlon–Multimedia artist, technical writer, and former Opensource.com community moderator
• Shaun McCance–Community Documentation Liaison at Red Hat
• Shawn Powers–Associate editor for Linux Journal and IT trainer for CBT Nuggets
• Susan Conant–Supervising Editor, Programming, O’Reilly Media, Inc.
• Tom Callaway–Education Outreach team lead at Red Hat
Thank you to everyone who contributed to the 2016 Open Source Yearbook, and to the communities
who helped create, document, evangelize, and share open source technologies and methodologies
throughout the year.

Best regards,

Rikki Endsley
Opensource.com community manager

[1] https://opensource.com/yearbook/2015

Open Source Yearbook 2016 .O pensource.com 7
CONTENTS
..............
.. ... .
.. .. .....
W O R K I N G
.............. ..
.............
10 5envelope
initiatives that pushed the free software
in Europe in 2016 Paul Brown 26 25 things to love about Linux Jen Wike Huger
Linux turned 25 years old in 2016, so we asked our readers
what they love about Linux.
Take a tour of top free software news from Russia, Bulgaria,
The Netherlands, Germany, and the EU in 2016.

12 10 open source tools for your sysadmin toolbox
Ben Cotton
27 4 hot skills for Linux pros in 2017 Shawn Powers
Which in-demand skills are you brushing up on in the
new year?
Sysadmins don’t lack for options when it comes to great Hot programming trends in 2016 Rachel Roumeliotis
open source software tools. We look at a few favorites.
28 Take a look at the year’s hottest languages for AI projects and

14 7 notable legal developments in open source
in 2016 Richard Fontana
containers, new languages, and more programming trends.

Learn about a few of the many open source-related legal
developments that made headlines in 2016.
30 50 ways to avoid getting hacked in 2017
Daniel J Walsh
Paul Simon rounded up 50 ways to leave a lover, and we

18 Troubleshooting tips for the 5 most common round up 50 ways to secure your systems.
Linux issues Jeremy Garcia
Learn how to tackle the most common challenges Linux
desktop users encounter. Best Couple of 2016
20 What’s new in OpenStack in 2016: A look at the Display manager and
Newton release Rich Bowen
We round up a few of the many notable updates in the window manager
latest OpenStack release. DAVID BOTH

23 Why the operating system matters even more
in 2017 Gordon Haff 34 Our pick for Best Couple this year is actually a
pair of program types—not specific commands
Operating systems don’t quite date back to the beginning of
or programs.
computing, but expect them to be around a long time to come.

COLL ABORATING
.............. ..
.............
37 10in 2017
steps to innersource in your organization
Jono Bacon 48 Top 10 Linux news stories of 2016 Scott Nesbitt
The past year was packed with Linux anniversaries and
announcements. See which ones made our top 10 list.
Is your company planning to implement innersource concepts
in 2017? We walk through steps for getting started.

40 7incool little open source projects that stood out 51 2016 Hacktoberfest ignites open source
participation Ben Cotton
Registration was up more than 97% over 2015.
2016 D Ruth Bavousett
We look at a few innovative open source projects that stood
out in 2016. 55 Open source diversity efforts gain momentum
in 2016 Nithya Ruff

44 9 lessons from 25 years of Linux kernel Efforts to increase diversity in open source aren’t new, but
development Greg Kroah-Hartman they are starting to show positive results. We look at the
It may be many years before we fully understand the keys 2016 landscape.
to the Linux kernel’s success, but there are a few lessons
that stand out even now.
Most Playful
46 A tour of Google’s 2016 open source releases
Josh Simmons
We look at 7 of the exciting open source projects Google
Top 7 Linux games of 2016
ROBIN MUILWIJK
rolled out in 2016.
52 What were the hot Linux games of the
year? We pick a few favorites.

8 Open Source Yearbook 2016 .O pensource.com
LEARNING
.............. ..
.............
62 Publisher’s picks: Top 2016 open source books
Rikki Endsley
Most Likely to Succeed
What were your favorite tech books of 2016: We round up
a few hot releases.
Top open source projects
66 8 fun Raspberry Pi projects to try Anderson Silva
We round up recent Pi projects for making a weather
to watch in 2017
station, media center, security system, and more fun Pi JASON BAKER
projects to try.
80 Explore some of the fastest-growing new
open source projects of 2016 and learn
why you might want to dig a little deeper
Most Popular into each in the new year.
Top 10 open source
projects of 2016
JEN WIKE HUGER

58 In our annual list of the year’s top open
.............. ..
.............
source projects, we look back at popular
projects our writers covered in 2016, plus CREATING
favorites Opensource.com community
moderators picked.
5 trends in open source documentation
68 Shaun McCance

OLD SCHOOL
.............. ..
.............
Certain trends in tech documentation stand out. We round
up five top trends from 2016.
11 wonderful wearable open source projects
70 Ruth Suehle

83 How Linux got to be Linux: Test driving 1993-2003
distros Seth Kenlon
Enjoy a trip down Linux memory lane as we take early
Browse through a few of our favorite open source
wearable projects from 2016, which feature 3D printing,
Arduinos, and more.
distros for a spin.

88 Compute like it’s 1989 Seth Kenlon
Let’s look back at how people used to compute, back
72 Top open source creative tools in 2016
Máirín Duffy
Whether you want to manipulate images, edit audio, or
when a “desktop” computer was so called because it took animate stories, there’s a free and open source tool to do
up 80% of your desktop. the trick.

92 LinuxQuestions.org celebrates sweet 16 Jeremy Garcia
The founder of LinuxQuestions.org looks back on the site’s
humble beginnings and the years in between.
77 Top open innovations in 3D printing Tom Callaway
Open source continues to drive rapid innovation in the 3D
printing industry.

6 7 Reasons to Write for Us / Follow Us 94 Call for Papers / Editorial Calendar

All lead images by Opensource.com or the author under CC BY-SA 4.0 unless otherwise noted.

Open Source Yearbook 2016 .O pensource.com 9
W O R K I N G
.............. ..
.............

5
initiatives that pushed the
free software envelope in
Europe in 2016
BY PAUL BROWN

THE PUBLIC SECTOR tends to lag—
some would say
drag—behind the private sector when it comes to adopting
2. Amendments to Bulgarian’s Electronic Governance
Act pave the way for free software
Moving a bit westward, and in a similar a vein as the Rus-
new technologies. This is also true when it comes to adopt- sian law described above, Bulgaria amended its Electronic
ing free software: Governance Act [2]
Although companies to require that all
widely see free tech- software written for
nologies as a boon, the government be
government organi- open source and
zations often are still developed as such
locked into propri- in a public reposi-
etary software and tory (i.e., the Bul-
work with closed garian government
standards. is setting up its
That said, some own GitHub).
countries are mak- In his blog post
ing progress mov- about the news,
ing toward open Bozhidar Bozhan-
source technolo- ov [3], advisor to
gies. the Bulgarian Dep-
uty Prime Minister
1. Bill makes free software a priority in the Russian and the person who engineered the hacking of the Bul-
public sector garian law, says, “It means that whatever custom software
The draft of the bill [1], approved by the Russian Federa- the government procures will be visible and accessible to
tion’s State Duma (lower house) in mid-October, requires the everyone. After all, it’s paid by tax-payers money and they
public sector prioritize free software over proprietary alterna- should both be able to see it and benefit from it.”
tives, gives preference to local IT businesses that produce This is common sentiment, pushed hard by groups such
free software for public tenders, and recognizes the need as the FSFE [4] (the Free Software Foundation [5]’s Euro-
to encourage collaboration with the global network of free pean sister organization). In fact, European governments
software organizations and communities. adopting free software has become a bit of a trend in re-
The bill is intended to reduce the dependency of the cent years. EU directives that require more transparen-
Russian public sector on non-Russian proprietary vendors, cy in procurements often make adopting free licenses for
boost the local IT industry, and increase collaboration with software made by or for the public administration the only
free software organizations and communities. viable option.

10 Open Source Yearbook 2016 .O pensource.com
3. The Netherlands moves toward adopting open you need to connect your alternative router to use the Inter-
standards net and telephone network.
The Netherlands is taking steps toward making the use of
open standards [6] mandatory for public administrations Open progress
in the Netherlands. A law [7] proposed by Dutch MP Astrid The public sector does things at its own, often glacial, pace.
Oosenbrug [8] was adopted by the lower house of the par- Although there have been bold steps toward adopting free soft-
liament in October and goes into effect in 2017. Oosenbrug ware, often the steps are tiny. That said, the trend is toward
says the minister earlier agreed to make open standards open: Data generated by public organizations is opening
mandatory. “Ironically, the lower house published the adopt- up, open standards are being adopted, and free software is
ed law on its website by providing a download link to a doc- making its way onto publicly owned servers and workstations.
ument in a proprietary format,” Oosenbrug adds. The upper Hopefully the trend will continue—and accelerate—in 2017.
house, on the other hand, uses the Open Document Format,
an ISO standard. Baby steps, I guess. Resources
[1] http://www.bloomberg.com/news/articles/2016-10-05/
4. Members of the European Parliament vote for more russia-weighs-replacing-ibm-microsoft-with-open-source-
free software in the public sector software
The supranational organizations at the heart of the Euro- [2] https://thepolicy.us/bulgaria-got-a-law-requiring-open-
pean Union are also updating their regulations. In Janu- source-98bf626cf70a#.pg42r65iq
ary, the European Parliament adopted an initiative [9] that [3] https://twitter.com/bozhobg?lang=en
should bolster the adoption of free software within the EU’s [4] https://fsfe.org/index.en.html
public sector. [5] http://www.fsf.org/
The initiative requires the European Commission “better [6] https://opensource.com/resources/what-are-open-
promote the security advantages of open source software standards
upgrades to users” and “increase the share of free and open [7] https://joinup.ec.europa.eu/community/osor/news/nl-parlia-
source software and its reuse in and between public admin- ment-makes-open-standards-mandatory
istrations as a solution to increase interoperability.” [8] https://twitter.com/astridoosenbrug?lang=en
The initiative, however, was overshadowed by the fact that [9] http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//
it also considers licensing standard and essential patents EP//NONSGML+TA+P8-TA-2016-0009+0+DOC+PD-
under FRAND (fair, reasonable, and non-discriminatory) li- F+V0//EN
censes “in order to preserve R&amp;D and standardization [10] https://fsfe.org/news/2016/news-20160128-01.en.html
incentives and foster innovation.” (As the FSFE points out in [11] https://fsfe.org/activities/os/why-frand-is-bad-for-free-soft-
its analysis of the initiative [10], FRAND licenses are bad for ware.en.html
free software [11].) [12] https://fsfe.org/news/2016/news-20160725-01.en.html
All of the above is well and good, but if you’re not work-
ing in or with the public sector, it all seems a bit remote. Author
What about laws that favor the end user? Well, completely Paul Brown has worked as a tech journalist, specializing
out of the left field, comes this law that they passed in in Internet trends and free software, for about 20 years.
Germany: He started writing for the Spanish counter-cultural/hacker
magazine @RROBA in 1996, and from there moved on as
5. Germany forbids “compulsory routers” writer, editor, and later, editor-in-chief for Linux Magazine
Until recently, Internet service providers (ISPs) in Germany Spain, Android User Spain, Ubuntu User Spain and Ubuntu
decided which router users had to use to connect to the In- User International. He has also contributed articles to Linux
ternet. Users had no say in which devices they had to pay for Magazine International, Raspberry Pi Geek, and many other
and install in their homes. publications. He spends his free time as
This changed on August 1. A new law [12] allows users a volunteer teacher, teaching about open
choose the device that gets installed in their homes. Clients hardware to school children and writing
of German ISPs are now allowed by law to use any terminal fiction and scripts for short films and TV
device they choose. Regardless of whether it is a DSL or shows that never get made. Find Paul on
cable connection, the ISP will have to supply the information Twitter: @linux_spain

Open Source Yearbook 2016 .O pensource.com 11
W O R K I N G
.............. ..
.............

10 open source tools for
your sysadmin toolbox
BY BEN COTTON

Vim
SYSADMINS, no matter what platforms they
work on, are awash in great
open source software tools. In this article, I highlight well-
Just because the Windows/Linux battle has been laid to rest,
that doesn’t mean the editor wars are over, too. The vener-
known—and not-so-well-known—tools that released new able Vim [3] editor, which celebrated its 25th birthday [4] in
versions in 2016. November, is still under active development. This year saw
the release of version 8, the first major release in a decade.
Windows subsystem for Linux Vim 8 brings features such as support for GTK+ 3 and Di-
”Microsoft loves Linux” has been a constant refrain from rectX, asynchronous I/O for plugins, and jobs.
Redmond lately. With the announcement of the Windows
Subsystem for Linux [1] (WSL) in the spring, this sentiment Git
has become evident in a way never before seen. More Versioning is important for your scripts, your text files, and of
than just an emulation layer, WSL allows Windows users course your infrastructure-as-code. The Git version control
to run a real Ubuntu userspace. This includes the bash system [5] release version 2.10, which comes with a slew
shell and utilities of handy new fea-
like sed, awk, and tures. New color
grep. Linux sysad- controls allow, for
mins who have to example, git diff
parse log files oc- output to strike-
casionally on Win- through removed
dows servers will lines. Improved
love this feature. GPG signing for
tags and com-
PowerShell for mits is included,
Linux too. Pushes now
Of course, some show progress for
sysadmins primar- remote post-re-
ily work on Win- ceive operations.
dows and have to And for those
switch to Linux oc- forward-thinking
casionally. To help users, the internal
those folks, Microsoft dropped another bomb [2] over the date formatting can now handle dates beyond the year 2100.
summer: PowerShell is now open source (under the MIT
license) and ported to Linux. With these two announce- GitLab
ments, will we remember 2016 as the year the long-stand- Git is nice on its own, but it’s even better with a workflow
ing battle between Microsoft and open source communities system. GitLab [6] released version 8.11 this summer, which
finally came to a complete and total end? includes a killer feature: Issue boards. Now issues can be

12 Open Source Yearbook 2016 .O pensource.com
visually tracked on a Kanban-style system native to GitLab. ing improvement mean that sysadmins can install Kuber-
This is great for planning your infrastructure sprints without netes with their favorite package managers, such as yum
having to rely on an external tool. The other major feature in and apt-get.
8.11 is the ability to manage and resolve basic merge errors
directly from the GitLab web interface. Nextcloud
Early this summer, a group of ownCloud developers (including
SystemRescueCD a co-founder) forked the project to create Nextcloud [13]. Less
Computers are cruel, and they sometimes wind up in a bad than two weeks later, they published their first major release.
state to torment their sysadmins. Many sysadmins carry a Nextcloud 10 is the second release since the fork and con-
CD or USB disk with tools that help recover those machines. tains many new features. A new app allows for managing
SystemRescueCD [7] is an actively developed toolset for file retention policies. Improvements to the authentication
those cases. A regular Swiss Army knife, SystemRescueCD system allow for automatic revocation of users with disabled
is a bootable Linux distribution with tools for testing hard- LDAP accounts, user session revocation, a two-factor au-
ware, partitioning drives, and recovering data. Versions 4.8 thentication plugin system and more.
and 4.9 were released in 2016, bringing updates to a variety Did I leave your favorite open source tool for sysadmins
of components, including updated filesystem tools for the ext off the list?
family and BTRFS.
Resources
Clonezilla [1] https://blogs.msdn.microsoft.com/wsl/2016/04/22/win-
Sometimes the best thing to do is to reimage a machine. dows-subsystem-for-linux-overview/
Clonezilla [8] is the de facto standard for deploying disk im- [2] https://azure.microsoft.com/en-us/blog/powershell-is-open-
ages. The latest release adds support for detecting volumes sourced-and-is-available-on-linux/
encrypted with Windows bitlocker. A number of point releas- [3] http://www.vim.org/
es over the past year have kept Clonezilla tightly tracked to [4] https://opensource.com/life/16/11/happy-birthday-vim-25
the upstream Debian distribution and improved EFI support, [5] https://git-scm.com/
along with a wide array of bug fixes. [6] https://about.gitlab.com/
[7] https://www.system-rescue-cd.org/
Docker [8] http://clonezilla.org/
Docker continued with its active container technology de- [9] https://www.docker.com/
velopment in 2016. Docker [9] 1.12 added swarm mode: A [10] https://blog.docker.com/2016/09/dockerforws2016/
way to manage a self-healing, self-organizing group. In or- [11] https://blog.docker.com/2016/09/docker-microsoft-partner-
der to provide this, a health check mechanism was added. ship/
This framework allows for service-aware determination of [12] http://kubernetes.io/
when a container is healthy. Another noteworthy event was [13] https://nextcloud.com/
the announcement that Docker containers could run natively
on Windows [10] as part of a partnership between Docker Author
and Microsoft that provides enterprise support for Docker on Ben Cotton is a meteorologist by training and a high-perfor-
Windows [11]. mance computing engineer by trade. Ben works as a tech-
nical evangelist at Cycle Computing. He is a Fedora user
Kubernetes and contributor, co-founded a local open
Speaking of containers, Kubernetes [12] 1.4 added more source meetup group, and is a member
container management features in 2016. Clusters can of the Open Source Initiative and a sup-
now be created with only two commands. A dashboard UI porter of Software Freedom Conservancy.
provides 90% feature parity with the command-line tools Find him on Twitter (@FunnelFiasco) or at
for easier reporting and quick status awareness. Packag- FunnelFiasco.com.

Open Source Yearbook 2016 .O pensource.com 13
W O R K I N G
.............. ..
.............

7 notable legal developments
in open source in 2016
BY RICHARD FONTANA

A NUMBER of interesting and notable legal de-
velopments in open source took
place in 2016. These seven legal news stories stood out:
of relevant open source platforms centered around Java
development. Oracle leads the OpenJDK project, in which
the APIs at issue in this case, if we regard them as copy-
rightable, are licensed under GPLv2 along with the Class-
1. Victory for Google on fair use in Java API case path Exception [4]. The Android platform, which does not
In 2012 the jury in the first Oracle v. Google trial found that implement all Java core library APIs, is licensed mostly
Google’s inclusion of Java core library APIs in Android in- under the Apache License 2.0. Its Java core library API
fringed Oracle’s copyright. The district court overturned [1] implementations were generally taken from the Apache
the verdict, holding that the APIs as such were not copyright- Harmony [5] project, which began as a pre-OpenJDK ef-
able (either as individual method declarations or their “struc- fort to develop an open source Java runtime. Late last
ture, sequence and organization” [SSO]). The Court of Appeals year Google confirmed [6] that Android Nougat would
for the Federal Circuit, applying 9th Circuit law, reversed [2], use GPL-licensed [7] class library code from OpenJDK in
holding that the “declaring code and the [SSO] of the 37 place of the Apache Harmony code.
Java API packag-
es are entitled to 2. Censure
copyright protec- of Patrick
tion.” The U.S. Su- McHardy
preme Court de- Since 2014 there
clined to review the have been rumors
case, and in 2016 of GPL enforce-
a closely watched ment lawsuits be-
second trial was ing brought against
held on Google’s many companies
defense of fair in Germany by
use. In May 2016 Patrick McHardy,
the jury returned a a Linux kernel de-
unanimous verdict veloper who was
in favor of Google. formerly the chair
As Jeff Kaufman of the Netfilter [8]
Image by: Internet Archive Book Images. Modified by Opensource.com. CC BY-SA 4.0
explains [3], the core team. There is
verdict does not change the appellate ruling concerning API some discussion of the McHardy litigation in a recent Black
copyrightability, which, however, has limited precedential Duck/DLA Piper slide deck [9].
significance. Fair use involves a highly fact-specific determi- Until 2016 there has been something of a taboo on open
nation, and the verdict has no obvious broader legal signifi- discussion of the McHardy lawsuits. This ended on July
cance. Nonetheless the result was a clear victory for Google. 18th, when the Netfilter project announced [10] that it would
Oracle has filed an appeal. “suspend” McHardy from the Netfilter core team, the first
Although Oracle v. Google is not a “case about open such action it had ever taken, because “severe allegations
source” per se, it is notable that both sides are stewards have been brought forward against the style of his license

14 Open Source Yearbook 2016 .O pensource.com
enforcement activities.” Although the core team had no first- 4. U.S. government announces Federal Source
hand evidence for the allegations, which were consistent Code Policy
and came from “trusted sources,” they noted that despite In August the U.S. government’s Office of Management and
many attempts to reach McHardy he did not respond. The Budget announced the Federal Source Code Policy [15]. The
announcement was made in the name of the core team policy is aimed at reducing the problem of duplicative acqui-
members, including emeritus member Harald Welte, who is sition of substantially similar code by agencies and ensuring
well known for bringing a series of successful GPL enforce- that new custom-developed federal source code be made
ment lawsuits in Germany. broadly available for reuse across the federal government.
A few weeks earlier, the Netfilter core team published a Mark Bohannon has written an article [16] on the policy.
statement [11] officially endorsing the Principles of Commu- The Federal Source Code Policy establishes a three-year
nity-Oriented GPL Enforcement [12], which were released by pilot program that requires agencies (with some exclusions)
the Software Freedom Conservancy and the FSF in 2015. to release at least 20% of new custom-developed software as
The core team stated that “license enforcement is a nec- open source each year. The policy recognizes open source
essary tool to ensure all parties adhere to the same set of as a means of enabling continual improvement resulting
fair rules as set forth by the license,” but then, presumably from improvements to the software by the broader communi-
alluding to McHardy, declared that “any enforcement action ty. The policy also announced the launch of code.gov [17], a
should always be focused on compliance, never prioritize “discoverability portal” for custom-developed code, including
financial gain, never settle for less than compliance and code released as open source under the policy.
consider legal action in court only as a last resort.” In the The Federal Source Code Policy is notable for placing em-
July 18th announcement of McHardy’s suspension, the core phasis on adhering to proper standards for open develop-
team said that McHardy “continues to be welcome in the ment as well as open source licensing. Agencies releasing
project as soon as he is able to address the allegations and/ open source code are directed to do so in a manner that
or co-sign the [Conservancy/FSF Principles] in terms of any encourages engagement with existing communities, fos-
future enforcement activities.” ters growth of new communities, and facilitates contribution
The next day, Karen Sandler and Bradley Kuhn of the both by the community to the federal code and by federal
Software Freedom Conservancy published a blog post [13] employees and contractors to upstream projects. Agencies
addressing the subject of McHardy. They revealed that Con- must also ensure that their open source repositories include
servancy had engaged in largely unsuccessful attempted enough information to enable reuse and participation by third
communications with McHardy for two years. Conservancy parties, including details on licensing.
encouraged McHardy to co-draft the Principles with them
and later invited him to endorse the Principles after they 5. Moglen steps down as FSF general counsel
were published, but received no response from him. Sandler The Free Software Foundation announced [18] in October
and Kuhn denounced McHardy for apparently refusing to en- 2016 that Eben Moglen had “stepped down” as general
dorse the Principles and failing to publicly justify his conduct counsel to the FSF. Moglen, who is president of the Software
of GPL enforcement. Freedom Law Center and a law professor at Columbia, has
been one of the most influential lawyers in free software. His
3. Hellwig lawsuit dismissed career in free software has been closely associated in the
In 2015 Linux kernel developer Christoph Hellwig brought public mind with the FSF, for which he provided pro bono
a copyright infringement suit against VMware in a German legal representation for 23 years. I expect both Moglen and
district court, alleging violation of the GPL in VMware’s ESXi the FSF to remain as engaged as ever in matters of free
product. Hellwig’s legal expenses were funded by the Soft- software legal policy, but likely with more instances of public
ware Freedom Conservancy. The Hellwig lawsuit attracted disagreement or conflicting opinions.
significant attention because it is apparently the first litigat-
ed GPL compliance case that centers on the scope of the 6. Debian and Ubuntu ship ZFS
GPL’s copyleft requirement, sometimes thought of as the In the mid-2000s Sun Microsystems released its ZFS filesys-
“derivative work” issue. tem as part of OpenSolaris, licensed under the weak copyleft
In July 2016, as Scott Peterson has reported [14], the CDDL [19]. Efforts to port ZFS to Linux were inhibited for
court dismissed the case, concluding that Hellwig had many years by legal concerns, including concerns about li-
failed to identify in the VMware product the specific lines cense conflicts between GPLv2 and CDDL. In recent years
of code in which he owned copyright. The court discussed the “ZFS on Linux” [20] project has encouraged Linux distri-
the GPL issue, but it did not address the merits. The rul- butions to package its ZFS kernel module.
ing has no precedential significance for other cases. In a Although packaging of ZFS in Debian was held up for
brief statement, Hellwig announced that he would appeal some time by licensing concerns, in 2015 Debian Project
the ruling. Leader Lucas Nussbaum revealed [21] that Debian had

Open Source Yearbook 2016 .O pensource.com 15
W O R K I N G
.............. ..
.............
received legal advice from the Software Freedom Law Cen- because the conduct falls within the spirit or the “equity” of
ter concerning inclusion of ZFS in Debian, which he said the license.
“should unblock the situation ... and enable us to ship [ZFS] In SFLC’s view, given the tension between the literal
in Debian soon.” In January 2016, Nussbaum’s successor, and equitable interpretations of GPLv2, “the consensus of
Neil McGovern, said [22] that ZFS would be included in the kernel copyright holders’ intention … determines which
Debian as a DKMS package in source code form only, and mode of interpretation is to be employed.” Here, there was
would be segregated in the “contrib” archive, which contains no conclusive or convincing evidence of what type of inter-
packages that are not considered to be official Debian. pretation the kernel copyright holders intend. SFLC argued
Ubuntu had included a source-only DKMS ZFS package that for as long as the kernel copyright holders choose not to
for some time before Debian began doing so. In a blog object to Canonical’s distribution, it should be assumed that
post in February, Canonical’s Dustin Kirkland announced the consensus of the kernel licensors is to support the equi-
[23] that Ubuntu would begin shipping a binary ZFS kernel table interpretation. SFLC also pointed out that Canonical’s
module. Following a flurry of debate over the GPL/CDDL potential liability exposure was negligible.
issue, Kirkland said [24] in another blog post that Canonical Neil McGovern discussed his experience of the ZFS topic as
had discussed the legal issues with Eben Moglen (presi- Debian Project Leader in a talk [28] at Debconf. Other notewor-
dent of SFLC) and had concluded that distribution of the thy statements on the ZFS issue were made by Richard Stall-
binary kernel module would be compliant with both GPLv2 man [29] and by Linux kernel developer James Bottomley [30].
and CDDL. Kirkland stressed that the ZFS module was “self Little has been said about the issue in recent months.
contained” and was not a derivative work of the kernel, and
the kernel was not a derivative work of ZFS. Kirkland also 7. Apache Software Foundation bans JSON
argued that “[e]quivalent exceptions have existed for many license
years, for various other stand-alone, self-contained, non- For some of us involved in open source legal matters, Doug-
GPL kernel modules.” las Crockford’s JSON license [31] keeps turning up like a
Shortly after Kirkland’s second blog post, the Software bad penny. The JSON license famously modifies the MIT li-
Freedom Conservancy and SFLC published conflicting [25] cense by adding a sentence before the warranty disclaimer:
analyses [26] of the legality of Canonical’s distribution. (For “The Software shall be used for Good, not Evil.” It is not clear
those who don’t know: SFLC and Conservancy are indepen- whether Crockford intended the license purely as a joke, or
dent organizations.) They agreed, however, on two basic as an oblique political statement, or both. Many who care
points: (1) Debian’s distribution of a source-only module in about having a principled basis for classifying licenses as
contrib was license compliant, and (2) loadable kernel mod- free, or open source, see the “Good, not Evil” clause as con-
ules generally fall within the scope of the GPL copyleft on flicting with basic definitional norms that disallow field of use
the kernel. restrictions and discrimination based on field of endeavor.
Conservancy claimed to be speaking on its own behalf as Some have argued that the clause is not enforceable and
a Linux kernel copyright assignee as well as on behalf of thus should not be taken seriously; however, the FSF, which
kernel copyright holders participating in its GPL Compliance classifies the JSON license as non-free, argues [32] that it
Project for Linux Developers [27]. In Conservancy’s view, cannot be presumed that the restriction is unenforceable.
Canonical’s distribution of the binary kernel module violates Another objection to the license is that “Good” and “Evil” are
GPLv2 and thus infringes copyright on the kernel. Conser- undefined and thus the scope of conduct that is allowed and
vancy believes that derivative works involving GPL license prohibited is highly uncertain.
incompatibilities with other free software license s shoul d The reason the JSON license is not a matter of complete
be subjected to the same legal analysis as GPL/proprietary obscurity is that Crockford has applied it to software that
combinations. happens to have been widely adopted, including the tools
According to SFLC, Canonical’s binary ZFS module JSLint [33] and JSMin [34] and the JSON Java [35] library
must be regarded as licensed under GPLv2, since (“JSON-java”). Over the years Crockford has refused many
CDDL allows binaries to be under any license and any other requests from developers to change the license, although
interpretation would assume that Canonical was noncompli- he has boasted [36] of having granted special permission to
ant with the GPL. Therefore, distribution of the ZFS binary IBM and “its customers, partners, and minions, to use JSLint
module itself would not violate GPLv2; however, Canonical’s for evil.”
otherwise compliant distribution of corresponding source For many years the Apache Software Foundation, known
code for the ZFS kernel module and the Ubuntu kernel would for strict rules on licensing under which, for example, the
“literally” violate GPLv2, because Canonical would be pro- GPL and LGPL are relegated to a forbidden “Category X,”
viding the ZFS filesystem source code under CDDL. There [37] treated JSON-java as though it were in its most favored
are good reasons for a community of copyright holders of “Category A” [38] (which contains noncopyleft licenses, such
a GPL project not to object to this literal GPLv2 violation, as the Apache License 2.0 itself). Today several ASF proj-

16 Open Source Yearbook 2016 .O pensource.com
ects have dependencies under the JSON license. In Octo- [16] https://opensource.com/government/16/8/us-government-
ber 2016, in a posting [39] to the ASF’s legal-discuss mailing releases-new-policy-free-code
list, Ted Dunning called on the ASF to revisit its decision, [17] https://www.code.gov/
noting that the JSON license was “substantially hindering [18] https://www.fsf.org/news/fsf-announces-change-in-general-
downstream adoption.” After discussion, Jim Jagielski, VP counsel
of Legal Affairs for the ASF, declared [40] that “the license is [19] https://opensource.org/licenses/CDDL-1.0
NOT CatA and is NOT approved,” placing the JSON license [20] http://zfsonlinux.org/
in Category X. Jagielski later clarified [41] that no new use of [21] https://lists.debian.org/debian-devel-announce/2015/04/
the JSON license by an ASF project would be allowed, but msg00006.html
some projects already using code under the license would [22] http://blog.halon.org.uk/2016/01/on-zfs-in-debian/
have a grace period of several months to transition to a [23] http://blog.dustinkirkland.com/2016/02/zfs-is-fs-for-containers-
replacement. The issue was covered in a November 2016 in-ubuntu-1604.html
LWN.net article [42]. [24] http://blog.dustinkirkland.com/2016/02/zfs-licensing-and-
Because so many ASF projects have been widely ad- linux.html
opted, the JSON license prohibition seems likely to have a [25] https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/
significant community impact in encouraging use of open [26] https://www.softwarefreedom.org/resources/2016/
source alternatives to JSON-licensed software. linux-kernel-cddl.html
[27] https://sfconservancy.org/linux-compliance/
Resources [28] http://bit.ly/2i4o7Q4
[1] https://opensource.com/law/12/6/oracle-v-google-and-api- [29] https://www.fsf.org/licensing/zfs-and-linux
copyrightability [30] http://blog.hansenpartnership.com/are-gplv2-and-cddl-in-
[2] http://www.cafc.uscourts.gov/content/oracle-america-inc-v- compatible/
google-inc-opinion [31] http://www.json.org/license.html
[3] https://opensource.com/law/16/6/outcome-google-v-oracle- [32] https://www.gnu.org/licenses/license-list.en.html#JSON
good-open-source [33] https://github.com/douglascrockford/JSLint/blob/master/
[4] http://openjdk.java.net/legal/gplv2+ce.html jslint.js#L15
[5] https://harmony.apache.org/ [34] https://github.com/douglascrockford/JSMin/blob/master/
[6] http://venturebeat.com/2015/12/29/google-confirms-next- jsmin.c#L16
android-version-wont-use-oracles-proprietary-java-apis/ [35] https://github.com/stleary/JSON-java/blob/master/
[7] https://android.googlesource.com/platform/ LICENSE#L13J
libcore/+/29c2a3a52980b18ab26f860e9c- [36] http://dev.hasenj.org/post/3272592502/ibm-and-its-minions
c712487881b081%5E%21/#F0 [37] https://www.apache.org/legal/resolved#category-x
[8] http://netfilter.org/ [38] https://www.apache.org/legal/resolved#category-a
[9] http://www.slideshare.net/blackducksoftware/litigation-and- [39] http://bit.ly/2huuMhi
compliance-in-the-open-source-ecosystem [40] http://bit.ly/2iFnysw
[10] https://marc.info/?l=netfilter-devel&amp;m= [41] http://bit.ly/2huw8sr
146887464512702 [42] https://lwn.net/Articles/707510/
[11] https://www.netfilter.org/files/statement.pdf
[12] https://sfconservancy.org/copyleft-compliance/principles.html Author
[13] https://sfconservancy.org/blog/2016/jul/19/patrick-mchardy- Richard Fontana is Senior Commercial
gpl-enforcement/ Counsel on the Products and Technolo-
[14] https://opensource.com/law/16/8/gpl-enforcement-action- gies team at Red Hat. Most of his work
hellwig-v-vmware focuses on open source-related legal
[15] https://sourcecode.cio.gov/ issues.

Open Source Yearbook 2016 .O pensource.com 17
W O R K I N G
.............. ..
.............

Troubleshooting tips for the

5 most common
Linux issues BY JEREMY GARCIA

ALTHOUGH LINUX installs
and op-
erates as expected for most users, inevitably
some users will run into problems. For my fi-
nal article in The Queue column for the year,
I thought it would be interesting to summarize
the most common technical Linux issues peo-
ple ran into in 2016. I posted the question to
LinuxQuestions.org and on social media, and
I analyzed LQ posting patterns. Here are the
results.

1. Wifi drivers (especially Broadcom
chips)
Generally speaking, wifi drivers—and Broad-
com cards in particular—continue to be one of the most prob- ing Ubuntu, then you know the BCM4312 card is supported
lematic technical issues facing Linux. There were hundreds by installing the firmware-b43-installer package. The other
of posts about this topic on LQ alone in 2016, and myriad option you have is to research the wifi card before your
more elsewhere. Dozens of Broadcom wireless cards are purchase to ensure it’s fully supported by your distribution of
available, and detailed instructions for getting them to work choice out of the box.
with each distribution is far too involved for a single article,
but the basic troubleshooting steps are the same: 2. Printer drivers (especially Canon and Lexmark)
Printers also continue to be problematic, with Canon and
• a scertain exactly which Broadcom card you have by Lexmark repeatedly cited for being an issue. If you’re pur-
using lspci to find out the PCI ID, chasing a new printer, research compatibility before you
• determine whether the distribution you use supports buy. But if you are migrating from another operating sys-
that card, tem, that may not be an option. If you are doing research,
• and if it does, identify the proper way to get the card the OpenPrinting [1] database and the official support
working. channel for your distribution are the two best places to
start. Note that you should ensure all functionality of a
For example, if you have a 14e4:4315 PCI ID and are us- device is fully compatible, especially if it’s a multifunction

18 Open Source Yearbook 2016 .O pensource.com
product. One common complaint with Canon printers is to say Linux has wide-spread installation issues. The vast
that the drivers are often only available on non-English majority of installs go as expected. The sheer variety of hard-
and sometimes obscure sites. ware that Linux supports, and nearly infinite combinations of
hardware on which Linux installs are attempted, inevitably
3. Video lead to edge cases here and there. Keep in mind that end
Video is a nuanced topic, as simple straightforward video users rarely install other operating systems, such as Mac OS
works extremely well out of the box on Linux. Where the and Windows, as they come pre-installed on new devices.
issues pop up are video accelerators/acceleration; the lat-
est video cards and newest technologies, such as NVIDIA Future looks bright
Optimus and ATI dynamic GPU switching; installation and Other issues that were mentioned frequently include Blue-
stability of proprietary drivers; efficient power manage- tooth, suspend/resume, HiDPI, and touchscreens. You may
ment; and reliable suspend and resume. If you’re not a see a pattern forming here—most of the issues noted in this
gamer, do not need high-end graphics for another reason, article focus on desktop use cases. When you think about it,
and are not on a laptop, then you probably don’t have to that makes sense. With Linux desktop adoption being rela-
worry about this. If you’re looking for a new laptop, be sure tively low, the result is that less testing and resources go into
to research compatibility before your purchase. If you’re finding and fixing related issues. As desktop usage increas-
a gamer or need the highest-end graphics, you’ll need to es, you can anticipate these areas improving.
know exactly what your requirements are and start your On that note, I thought it would be nice to end with a mention
research there. Luckily, the situation here is improving of one area that used to pop up frequently as a problem area for
and, Wayland teething issues aside, the situation should Linux, and very rarely does these days: fonts. Only a few short
be quite a bit better in 2017. years ago, getting high-quality antialiased fonts were the excep-
tion. With modern distribution releases, it has become the rule.
4. Audio What technical Linux issues did you find most common
Once again, for simple setups, audio has been easy to con- in 2016?
figure and reliable under Linux for a while. As soon as you
get into professional production, echo cancellation, audio Resources
routing, unified mixing, and other complex setups, however, [1] http://www.openprinting.org/printers
it can go south pretty quickly. My suggestion is to use one
of the dedicated audio-related distributions if you need high- Author
end real-time audio. Jeremy Garcia is the founder of Linux-
Questions.org and an ardent but realistic
5. Installation open source advocate. Follow Jeremy on
With a category this all-encompassing, it’s almost guaran- Twitter: @linuxquestions
teed to be high volume. That said, I don’t know that it’s fair

Open Source Yearbook 2016 .O pensource.com 19
W O R K I N G
.............. ..
.............

What’s new in OpenStack
in 2016: A look at the
Newton release BY RICH BOWEN

OPENSTACK is on a six-
month release
cycle[1], with each release given a code
name starting with consecutive letters
of the alphabet. On October 7th, Open-
Stack Newton was released. Let’s look at
a few highlights from OpenStack’s 2016
Newton release.
In addition to the usual enormous num-
ber of incremental improvements, the
Newton release focused on ease of de-
ployment and usability improvements, as
well as improved container-management
tools. It also added the Tacker project [2],
for deploying and managing virtual network functions (NFV) Congress
on OpenStack. Congress [5] is OpenStack’s Policy as a Service proj-
ect. The Newton release adds support for load-balanced
Documentation policy engines for HA and high query throughput deploy-
As always, many changes were made to the documen- ments. Congress now supports multi-node deployments
tation [3] for this release. The networking guide was re- in which different components are deployed on separate
structured, the conversion to RST was completed, training hosts.
guides were improved, and new chapters were added. In
addition to updates to existing translations, entire new Designate
manuals were added in Indonesian, Italian, Japanese, Designate [6] is OpenStack’s DNS as a Service project.
Korean, and Simplified Chinese. Designate has a number of new features in the Newton
release, such as support for new DNS servers, including
Ceilometer TinyDNS and Knot DNS. It adds designate-worker and des-
Ceilometer [4] is OpenStack’s metering and alarming ser- ignate-producer services for better scaling in future releas-
vice. In the Newton release, Ceilometer: es. All services now report back to designate-central, which
keeps track of what services are running and when they
• a
dds several new meters, including memory bandwidth last checked in.
statistics, and various CPU cycle and instruction count
meters; Glance
• includes support for batch recording metering with Glance [7] is OpenStack’s image service, for storing VM
MongoDB; images and snapshots. The Newton release adds vhdx as
• and deprecates ceilometer-dbsync to move to new a supported disk format [8], and deprecates some older
ceilometer-upgrade. formats and store drivers.

20 Open Source Yearbook 2016 .O pensource.com
Heat Mistral
Heat [9] is OpenStack’s orchestration service, and the New- Mistral [15] is OpenStack’s workflow service. In Newton,
ton cycle was very busy for the Heat team as they worked on Mistral now supports Magnum actions, Tacker actions, and
adding new configuration options. Murano actions. Other new features include being able to
Conditional functions have been added to allow for more call RabbitMQ directly, rather than using Oslo, and the abil-
complex orchestration scenarios. Heat can now manage ity to handle https requests.
Cinder quotas. The Newton release also adds new inte-
gration with DNS service, Glance service, and Monasco Nova
service. Nova [16] is OpenStack’s compute service. Because Nova
is one of the oldest parts of OpenStack, and the largest and
Horizon busiest project, listing all the changes is difficult. As with
Horizon [10] is the OpenStack web dashboard. The Newton every release, changes in Nova support a wider range of
release contains a number of user interface enhancements, features in the underlying hypervisors. Additionally, many
new functionality, and bug fixes to eliminate all WARNING enhancements were made to make migrations and up-
messages in your browser’s developer panel. grades easier. The release documentation also includes
Horizon used to require Nova and Glance to function, but extensive information about how to upgrade your compute
not any longer. Now Horizon only requires Keystone, which nodes from Mitaka to Newton.
means it can be used for deployments that don’t include
these services, such as Swift-only deployments. Sahara
Horizon now has better implementation of the underlying Sahara [17] provides a way to deploy Apache Hadoop or
Bootstrap themes, for easier theming of your OpenStack Apache Spark clusters on top of OpenStack. In Newton,
deployment. Various HTML classes have been renamed to Sahara adds support for Impala, MaR, Sentry, Kafka, CDH
match Bootstrap’s naming conventions. 5.7, and updated versions of Mahout, HBase, Drill, and
MapR.
Ironic
Ironic [11] is OpenStack’s bare metal deployment ser- Searchlight
vice. The Newton release adds a number of new meth- Searchlight [18] provides indexing and search across multi-
ods and options to allow you to deploy on a wider variety tenant cloud resources. Searchlight first appeared in Mitaka.
of platforms. In Newton, Searchlight adds support for ElasticSearch 2.x,
and it adds multi-thread support for indexing. You can now
Keystone search Neutron security groups and rules. Index sync perfor-
Keystone [12] is OpenStack’s authentication service, mance has been improved. Many other enhancements are
which tends to move slowly and with great deliberation included in this release.
because all other services rely on it. The Newton release
adds the ability to cache tokens. Also, a local table may Senlin
be populated with LDAP users to improve query perfor- Senlin [19] provides a generic clustering service for an
mance. Also, Keystone can now be upgraded using a roll- OpenStack cloud. Senlin is another new addition to Open-
ing upgrade. Stack, and the Newton release adds various features that
were not yet implemented for Mitaka, including the ability for
Magnum clusters and nodes to depend on other clusters and nodes,
Magnum [13] is an API service that makes various flavors and policy validation and profile validation APIs.
of containers into first-class resources that can be de-
ployed on OpenStack. The Newton release adds support for Tacker
several new options, including Flannel’s host-gw backend, Tacker [20] is a generic VNF manager, and NFV orchestrator
a new openSUSE driver for running a Kubernetes cluster to deploy and manage virtual network functions on Open-
on openSUSE, and various new options for Apache Mesos. Stack. Tacker is new in this release of OpenStack, and be-
gins to build out all of the features needed for this important
Manila new area of OpenStack deployments.
Manila [14] is a shared file system service for OpenStack.
A number of new drivers and plugins were added to expand Trove
the number of backends that can be used for your shared Trove [21] is OpenStack’s database as a service solution.
file system service. Additionally, many existing drivers and Each subsequent release provides additional functionality
plugins were enhanced to give access to additional function- for the various database engines that it supports. This re-
ality of those backends. lease also contains numerous bug fixes.

Open Source Yearbook 2016 .O pensource.com 21
W O R K I N G
.............. ..
.............
Summary [7] http://docs.openstack.org/developer/glance/
With a product as large as OpenStack, summarizing what’s [8] http://docs.openstack.org/developer/glance/formats.html
new in a particular release is challenging. (See the full re- [9] https://wiki.openstack.org/wiki/Heat
lease notes [22] for more details.) Each deployment of [10] http://docs.openstack.org/developer/horizon/
OpenStack might use a different combination of services and [11] https://wiki.openstack.org/wiki/Ironic
projects, and so will care about different updates. Added to [12] http://docs.openstack.org/developer/keystone/
that, the release notes for the various projects tend to be ex- [13] https://wiki.openstack.org/wiki/Magnum
tremely technical in nature, and often don’t do a great job of [14] https://wiki.openstack.org/wiki/Manila
calling out the changes that will actually be noticed by either [15] https://wiki.openstack.org/wiki/Mistral
operators or users. [16] https://wiki.openstack.org/wiki/Nova
Expect to find a growing collection of videos, on You- [17] https://wiki.openstack.org/wiki/Sahara
Tube [23] and elsewhere, demonstrating some of the most [18] https://wiki.openstack.org/wiki/Searchlight
interesting user-facing features in Newton. As soon as the [19] https://wiki.openstack.org/wiki/Senlin
Newton release rolled out, developers kept right on working [20] https://wiki.openstack.org/wiki/Tacker
where they left off, because not all of the features planned for [21] https://wiki.openstack.org/wiki/Trove
Newton actually made it in. [22] https://releases.openstack.org/newton/
Planning for the next release, Ocata [24], began at Open- [23] https://www.youtube.com/results?search_query=open-
Stack Summit in Barcelona in late October 2016. The Ocata stack+newton
Release Schedule [25] offers a glimpse at what’s ahead. [24] https://releases.openstack.org/ocata/index.html
Be sure to check out Meetup.com [26] for OpenStack [25] https://releases.openstack.org/ocata/schedule.html
meetups near you, where you can talk with other OpenStack [26] http://meetup.com/
operators and compare stories.

Resources Author
[1] http://releases.openstack.org Rich works at Red Hat as the Community
[2] https://wiki.openstack.org/wiki/Tacker Liaison for the RDO project, which is a pack-
[3] http://docs.openstack.org/ aging of OpenStack for CentOS/Fedora/
[4] http://docs.openstack.org/developer/ceilometer/ RHEL. He’s also the Executive Vice Pres-
[5] https://wiki.openstack.org/wiki/Congress ident of the Apache Software Foundation,
[6] http://docs.openstack.org/developer/designate/ Open Source enthusiast, and Geocacher.

22 Open Source Yearbook 2016 .O pensource.com
.................... W O R K I N G

Why the operating system
matters even more in 2017 BY GORDON HAFF

don’t quite date ages process scheduling, power management, root access
OPERATING SYSTEMS back to the be-
ginning of computing, but they go back far enough. Main-
permissions, memory allocation, and all the other low-level
housekeeping and operational details needed to keep a sys-
frame customers wrote the first ones in the late 1950s, tem running efficiently and securely.
with operating systems that we’d more clearly recognize as Finally, the operating system serves as the interface to
such today—including OS/360 from IBM and Unix from Bell both its own “userland” programs—think system utilities such
Labs—following over the next couple of decades. as logging, performance profiling, and so forth—and applica-
An operating system performs a wide variety of useful tions that a user has written. The operating system should
functions in a system, but it’s helpful to think of those as fall- provide a consistent interface for apps through APIs (appli-
ing into three general categories. cation programming interface) based on open standards [2].
First, the operating system sits on top of a physical sys- Furthermore, commercially supported operating systems
tem and talks to the hardware. This insulates application also bring with them business and technical relationships with
software from many hardware implementation details. third-party application providers, as well as content channels
Among other ben- to add other trusted
efits, this provides content to the plat-
more freedom to in- form.
novate in hardware The computing
because it’s the op- technology land-
erating system that scape has changed
shoulders most of considerably over
the burden of sup- the past couple of
porting new pro- years. This has had
cessors and other the effect of shifting
aspects of the serv- how we think about
er design—not the operating systems
application develop- and what they
er. Arguably, hard- do, even as they
ware innovation remain as central
will become even Image by: Internet Archive Book Images. Modified by Opensource.com.
as ever. Consider
more important [1] changes in how
as machine learning and other key software trends can no applications are packaged, the rapid growth of computing
longer depend on CMOS process scaling for reliable year- infrastructures, and the threat and vulnerability landscape.
over-year performance increases. With the increasingly
widespread adoption of hybrid cloud architectures, the por- Containerization
tability provided by this abstraction layer is only becoming Applications running in Linux containers [3] are isolated
more important. within a single copy of the operating system running on a
Second, the operating system—specifically the kernel— physical server. This approach stands in contrast to hyper-
performs common tasks that applications require. It man- visor-based virtualization in which each application is bound

Open Source Yearbook 2016 .O pensource.com 23
W O R K I N G
.............. ..
.............
to a complete copy of a guest operating system and commu- traditional monolithic apps it’s much more difficult to keep
nicates with the hardware through the intervening hypervi- changes to one component from having unintended effects
sor. In short, hypervisors virtualize the hardware resources, elsewhere.
whereas containers virtualize the operating system resourc- One important aspect to this shift from the perspective
es. As a result, containers consume few system resources, of the operating system is that it increasingly makes more
such as memory, and impose essentially no performance sense to talk about a “computer” as an aggregated set of
overhead on the application. datacenter resources. Of course, there are still individual
Containerization leans heavily on familiar operating sys- servers under the hood and they still must be operated and
tem concepts. Containers build on the Linux kernel’s process maintained—albeit in a highly automated and hands-off way.
model as augmented by additional operating system fea- However, container scheduling and management effectively
tures, such as namespaces (e.g., process, network, user), makes up the new and relevant abstraction for where work-
cgroups, and permission models to isolate containers while loads run and how multi-tier applications are composed—
giving the illusion that each is a full system. rather than the server.
Containers have become so interesting recently by the ad- The Cloud Native Computing Foundation [5] (CNCF),
dition of mechanisms to portably compose applications as also under the Linux Foundation, was created to “drive
a set of layers and move them around an environment with the adoption of a new computing paradigm that is op-
low overhead. In this respect, containers are the realization timized for modern distributed systems environments
of a general concept that’s been around for a while in var- capable of scaling to tens of thousands of self-healing
ious guises, but never really went mainstream. (Think ap- multi-tenant nodes.” One project under the CNCF is Ku-
plication virtualization, for example.) One important change bernetes [6], an open source container cluster manager
today is the greatly increased role of open source and open originally designed by Google, but now with a wide range
standards. For example, the Open Container Initiative [4], a of contributors [7] from Red Hat and elsewhere.
collaborative project under the Linux Foundation, is focused
on creating open industry standards around the container Security
format and runtime. All the security hardening, performance tuning, reliability
Also significant is that container technology, together with engineering, and certifications that apply to the virtualized
software-defined infrastructure (such as OpenStack), is be- world still apply in the containerized one. And, in fact, the
ing built into and engineered together with Linux. The history operating system shoulders a greater responsibility for pro-
of computer software clearly shows that integrating technol- viding security and resource isolation in a containerized and
ogies into the operating system tends to lead to much wider software-defined infrastructure world than in the case in
adoption and a virtuous cycle of ecosystem development which dedicated hardware or other software may be han-
around those technologies—think TCP/IP in networking or dling some of those tasks. Linux has been the beneficiary
any of a wide range of security-related features. of a comprehensive toolbox of security-enforcing functional-
ity built using the open source model, including SELinux for
Scale mandatory access controls, a wide range of userspace and
Another significant shift is that we increasingly think in kernel-hardening features, identity management and access
terms of computing resources at the scale point of the control, and encryption.
datacenter rather than the individual server. This transi- Today, however, information security must also adapt to a
tion has been going on since the early days of the web, changing landscape. Whether it’s providing customers and
of course. However, today we’re seeing the reimagining partners with access to certain systems and data, allow-
of high-performance computing “grid” technologies both ing employees to use their own smartphones and laptops,
for traditional batch workloads as well as for newer ser- using applications from Software-as-a-Service (SaaS) ven-
vices-oriented styles. dors, or taking advantage of pay-as-you-go utility pricing
Dovetailing neatly with containers, applications based on models from public cloud providers, there is no longer a
loosely coupled “microservices” (running in containers)— single perimeter.
with or without persistent storage—are becoming a popular The open development model allows entire industries
cloud-native approach. This approach, although reminiscent to agree on standards and encourages their brightest de-
of Service Oriented Architecture (SOA), has demonstrated velopers to continually test and improve technology. The
a more practical and open way to build composite applica- groundswell of companies and other organizations provid-
tions. Microservices, through a fine-grained, loosely coupled ing timely security feedback for Linux and other open source
architecture, allows for an application architecture to reflect software provides clear evidence of how collaborating within
the needs of a single well-defined application function. Rap- and among communities to solve problems is the future of
id updates, scalability, and fault tolerance, can all be indi- technology. Furthermore, the open source development pro-
vidually addressed in a composite application, whereas in cess means that when vulnerabilities are found, the entire

24 Open Source Yearbook 2016 .O pensource.com
community of developers and vendors can work together to Resources
update code, security advisories, and documentation in a co- [1] http://bitmason.blogspot.com/2016/01/beyond-general-
ordinated manner. purpose-in-servers.html
These same processes and practices apply across [2] h ttps://opensource.com/resources/what-are-open-standards
hybrid cloud infrastructures as the role of the operating [3] h ttp://bitmason.blogspot.com/2013/09/what-are-containers-
system evolves and expands to include new capabilities anyway.html
like Linux containers. Furthermore, when components are [4] h ttps://www.opencontainers.org/
reused in the form of microservices and other loosely cou- [5] h ttps://cncf.io/
pled architectures, maintaining trust in the provenance of [6] h ttps://opensource.com/resources/what-is-kubernetes
those components and their dependencies (when making [7] h ttp://stackalytics.com/?project_type=kubernetes-
up applications) becomes more important, not less. group&amp;metric=commits

Some things change, some don’t Author
Priorities associated with operating system development and Gordon Haff is Red Hat’s cloud evangelist, is a frequent
operation have certainly shifted. The focus today is far more and highly acclaimed speaker at customer and industry
about automating deployments at scale than it is about cus- events, and helps develop strategy across Red Hat’s full
tomizing, tuning, and optimizing single servers. At the same portfolio of cloud solutions. He is the author of Comput-
time, there’s an increase in both the pace and pervasiveness ing Next: How the Cloud Opens the Future in addition to
of threats to a no longer clearly-defined security perimeter— numerous other publications. Prior to Red Hat, Gordon
requiring a systematic understanding of the risks and how to wrote hundreds of research notes, was frequently quoted
mitigate breaches quickly. in publications like The New York Times on a wide range
Add it all together and applications become much more of IT topics, and advised clients on product and market-
adaptable, much more mobile, much more distributed, much ing strategies. Earlier in his career, he was responsible
more robust, and much more lightweight. Their placement, for bringing a wide range of computer
provisioning, and securing must become more automated. systems, from minicomputers to large
But they still need to run on something. Something solid. UNIX servers, to market while at Data
Something open. Something that’s capable of evolving for General. Gordon has engineering de-
new requirements and new types of workloads. And that grees from MIT and Dartmouth and an
something is a (Linux) operating system. MBA from Cornell’s Johnson School.

Open Source Yearbook 2016 .O pensource.com 25
W O R K I N G
.............. ..
.............

25 reasons to
love Linux BY JEN WIKE HUGER

IN 2016, Linux turned 25 years old. To celebrate,
we reached out to readers over social
media and asked them why they love Linux. On August
25th, Opensource.com published the list.
25. There is no autopilot. I am the king of my machine.
—Anupam Datta
24. Nowadays stuff just works. No hunting for obscure
firmware etc. Plug and play. Done in the open. That’s
truly, wow. —Jan Wildeboer
23. It is possible to customize Linux in multiple ways: via the
kernel when compiling it and in user space. Plethora of
free apps. —Eugene J. Markow Image by: Opensource.com. CC BY-SA 4.0
22. One thing I like about Linux is the fact that it’s abso-
lutely free. That includes price, ability to modify the 11. My machine loves it! The way I have total control over
code to your own specs, etc. No restrictive licensing, everything. It’s a love story that is inexpressible.
etc. —James Takac —Rhitik Bhatt
21. Don’t ask what Linux can do for you, it is already done, but 10. There’s always something new to learn.
what code you can apply for Linux! —Vladimir Cicovic —Alexander Golubets
20. Working in the terminal is awesome. Makes me look like 9. Stability, resource friendly, safety. —Alwan Rosyidi
a badass tech guy in front of the people around me when 8. The freedom. —Maja Isaksson
typing those commands. —Nilesh Sarkar 7. Terminal <3 —Shahrukh Alizai
19. When I ask “How do I send data via the serial port?” on 6. The commands :) file handling and big data analysis :)
a Linux forum, I get relevant answers and help. Other fo- —Sum Aira
rums responses be like “Have you tried the parallel port? 5. Light-weight, flexible, stabile, safe. —Tomasz Mikołajko
—Eric Lovejoy 4. There is more than one topic why I love Linux. But I think
18. The freedom to edit my GUI however I see fit without wor- because it is available for everyone for free, makes the
ries about end user license agreements. —Jesse Woodside world a little more free. —Tux von Kybermann
17. A huge selection of applications, tools, widgets, and other 3. The ability to freely download, run, change, and distrib-
software. —Nathan Leach ute the operating system to as many computers as I
16. It gives you the feel of being a real programmer, or a want. Not everyone can afford to purchase a copy of
hacker! —Sai Charan Windows every 3-4 years. Everyone can afford Linux!
15. There is no limit to what you can do. If you can imagine it, —Jonathan Niccolls
you can make it. —Jeroen Tuijn 2. It’s the Swiss Army knife of computing. —Gary Alexander
14. It is less risky when it comes to virus attack... and of 1. Everything. —Ayoub Arahmat
course its an open source! —Kefilwe Mosesanyane
13. The power to customize and create my own specific Author
operating system to be used for any purpose. Jen Wike Huger is the Content Manager
—Rasyid Sahputra for Opensource.com. Follow her on Twitter
12. The main thing I like about Linux is there are no wizards. @jenwike and see her extended portfolio
When installing software, it just does it and that includes at Jen.io.
all the dependencies. —Shaun Henderson

26 Open Source Yearbook 2016 .O pensource.com
.................... W O R K I N G

4 hot skills for
Linux pros in 2017
BY SHAWN POWERS

ONE OF THE PROBLEMS with be-
coming
a Linux expert is the definition is constantly changing. When
good advice, but it doesn’t mean we should rely completely
on automation tools to do our jobs. Chef, Puppet, Ansible,
Salt Stack, and similar tools are wonderful, but we need to
I started in the Linux world, to be considered a Linux profes- understand what’s happening behind the scenes so when
sional, you had to be able to compile your own kernel. Heck, something inevitably goes wrong, we know how to fix it.
if you wanted to use Linux on a laptop, you had to compile With DevOps’ programmatic approach to computing, we
a custom kernel to even be a user. These days, compiling still need people who can maintain, fix, and understand the
your own kernel is usually a waste of time. That’s not to say systems functioning beneath the layer of code. Without
it isn’t important, but in the open source world we build on the Linux experts, cloud computing is a scary place to live,
successes of others, and Linux distributions provide us with even if that cloud is in your own server room.
kernels that work well. Although not always that drastic, the
demands on IT professionals change every year. 3. Development
Here are four vital skills for the Linux pro in 2017: As a system administrator for 20 years, I never had the time
to learn programming. Any development skills I had were ba-
1. Security sically scripting that helped me do my job faster. Those days
I’m not talking about security experts or security consultants. are over. While we need to have system administration skills
With connected devices infiltrating every aspect of our lives, in a DevOps world, we also need system administrators to
we need to be security conscious in every decision we make. have programming skills.
This year, my wife and I purchased a washing machine and a If you’re a crusty old sysadmin like me, you’ve probably ad-
refrigerator, and both of them came equipped with Bluetooth. opted DevOps and use it on a daily basis. If you truly want
The idea of hackers breaking into my rinse cycle might seem to excel, however, you need to learn how to solve problems
silly, but any foothold is a potential attack vector. programmatically and not think of Chef or Puppet code only
When we activate any system at work, home, or in our as configuration files. Every IT professional needs to have at
pockets, we should consider the security issues they might least a grasp of programming concepts, because every aspect
represent. And because items like Internet-enabled toasters of IT is getting abstracted at least somewhat by DevOps code.
aren’t likely to get timely firmware upgrades, we need to de-
sign the rest of our systems around the idea of mundane de- 4. Soft skills
vices getting compromised. More than ever before, we need Often the last thing we think about while preparing for a
to think about attacks coming from inside our firewalls. Don’t career are so-called soft skills—social and communication
let your fileserver get hacked by your blender! skills—and yet they are probably skills most likely to deter-
mine your success. Whether you’re looking for a new job,
2. DevOps or trying to adjust to the changing landscape of your current
DevOps is no longer a new concept. For the past two or career, soft skills are vital.
three years, we’ve been encouraging folks to learn about The lines dividing the various areas of IT are blending, and
DevOps so they can succeed in the workforce. That was the ability to communicate well makes those blurred lines an
advantage instead of a stumbling block. We live in a world
Author in which developers are spinning up servers, and operations
Shawn Powers has been teaching IT for more than a decade. His teams are writing Ruby code to maintain server farms. These
specialties are Linux, Chef, and integrating are bold new ideas in IT, and without people able to commu-
multiple platforms for larger networks. He has nicate between disciplines, the workplace becomes hostile
a passion for teaching others, and his enthu- quickly. Plus, IT folks have always needed to communicate
siasm comes through in his courses. He is an effectively with people in other areas of business. If anything,
associate editor for Linux Journal. Connect that need is greater now than ever.
with Shawn on Twitter: @shawnp0wers As you plan for 2017, what skills are you adding to your skill set?

Open Source Yearbook 2016 .O pensource.com 27
W O R K I N G
.............. ..
.............

Top programming
trends in 2016 BY RACHEL ROUMELIOTIS

TECHNOLOGY IS constantly moving for-
ward—well, maybe not
always forward, but always moving. Even for someone who
erful frameworks, but there are smaller players, such as
Nervana’s [5] Neon [6] and Theano [7].
How has the rise in AI affected the software developer’s
keeps an eye on the trends and their effect on programmers, landscape? Well, now is a good time to know Python—its
discerning exactly where things are headed can be a chal- agility and popularity with data engineers and scientists
lenge. My clearest glimpse into open source programming makes it the go-to AI programming language, followed by R,
trends always comes Java, and Scala.
in the fall when I work
with my fellow chairs, Containers and
Kelsey Hightower Go go together
and Scott Hansel- like peanut
man, and our fan- butter and jelly
tastic programming Go 1.0 was re-
committee to sculpt leased [8] in March
the coming year’s 2012. Docker [9]
OSCON [1] (O’Reilly followed a year
Open Source Con- later, and Kuber-
vention). The propos- netes [10] a year
als that we get and after that. In short,
the number focused Go wasn’t built ex-
on specific topics turn clusively for the fu-
out to be good indica- Image by: Museum of Photographic Arts. Modified by Opensource.com ture of infrastruc-
tors of hot trends in the open source world. What follows is ture as we know it, but that seems to be one major hole Go
an overview of the top programming trends we saw in 2016. is filling in the programming world. Go is specifically written
in a way that Java or C++ could never have been—for a
Languages powering AI highly networked world, a world in which first-class concur-
Out of the AI winter of the 1990s, artificial intelligence has rency is a necessity. If you are in or near the operations side
reemerged with the computing power that it always needed of things, you should at the very least dip a toe into the world
to influence how we are building software. Machine learn- of Go because it is gaining steam, will be used for years to
ing, deep learning, natural language processing, and auto come, and will be in the backbone of many applications.
speech recognition blanket the world—from GitHub projects
and job posts, to the reason behind the formation of new Swift transcends the Apple ecosystem
companies, and clearing space on our cluttered counter tops Swift was open sourced by Apple [11] in 2015, not long after
(Hey, Alexa!). And yes, even events such as OSCON are the programming language started. Swift has been a hit with
teeming with the mention of all things AI. Although the iOS and Mac OS X developers. That the language was easy
availability of computing power has paved the way, open to grok quickly became apparent, and it earned a reputation
sourcing of all things AI has thrown the industry wide open for being safer [12] than the languages it aims to replace—
to innovation and competition. Google’s TensorFlow [2], Objective-C and C++. How successful Swift is out in the
OpenAI [3], and Apache Spark [4] lead the way with pow- crowded world of JavaScript frameworks [13] and other new

28 Open Source Yearbook 2016 .O pensource.com
languages remains to be seen, but if it continues gaining Time will tell whether they deliver on their promises. Try
popularity with the Apple faithful, there is a chance that Swift them out, contribute to them, be a part of the future!
will be a viable contender in the great web world and beyond.
Resources
Java 8 vs. the functionality of JVM languages [1] http://conferences.oreilly.com/oscon/oscon-tx
The advent of Java 8’s functional capability—namely the [2] https://www.tensorflow.org/
introduction of Lambdas—has put JVM languages like [3] https://openai.com/blog/
Scala and Clojure on notice. Recently, due in large part to [4] http://spark.apache.org/
the growth of Apache Spark, Scala was having a bit of a [5] https://www.nervanasys.com/
growth spurt. Now both Scala and Clojure are seeming to [6] https://github.com/NervanaSystems/neon
be set aside, at least for the moment, as long-time and new [7] https://github.com/benanne/nervana_theano
developers alike take a hard look at what Java 8 brings to [8] https://blog.golang.org/go-version-1-is-released
the table. Java is now able to address concurrency and big [9] https://opensource.com/resources/what-docker
data concerns that other programming languages specifical- [10] https://opensource.com//resources/what-is-kubernetes
ly built to address these requirements have been doing for [11] https://opensource.com/life/15/12/most-likely-succeed-
years. In 2017, OSCON is nearly devoid of both Scala and 2016
Clojure, not by design, but by seemingly little interest from [12] http://bit.ly/1dYYSYI
potential speakers who submitted proposals. [13] https://opensource.com/article/16/11/15-javascript-frame-
works-libraries
Up and coming languages [14] https://www.rust-lang.org/en-US/
And as usual, there are always more up and coming languages [15] http://elixir-lang.org/
on the horizon intended to do something better than those that [16] http://elm-lang.org/
came before them, that can answer needs that weren’t around [17] https://kotlinlang.org/
when previous languages were born, or that simply start out [18] https://perl6.org/
as a crazy idea and end up changing how we think about pro-
gramming. This year five languages are on the verge of making
it into the big time: Rust, Elixir, Elm, Kotlin, and Perl 6. Author
What do the hot five bring to the industry? Rachel Roumeliotis, a Strategic Content Director at O’Reil-
• Rust [14]: Systems programming at speed and more ly Media, Inc., leads an editorial team that covers a wide
than a modicum of safety. variety of programming topics ranging from full-stack web
• Elixir [15]: Functional, dynamic, and fault-tolerant for development, to open source in the enterprise, to emerging
those larger and larger-scale apps. programming languages. She is a Programming Chair of
• Elm [16]: More functional fun that plays with JavaScript, OSCON, O’Reilly’s Software Architecture
leaning increasingly toward being a pleasure to use. Conference, and Fluent. She has been
• Kotlin [17]: This one is for the Java and JVM folks—stat- working in technical publishing for over
ically typed, safe, and did I mention Java compatible? 10 years, acquiring content in many ar-
• Perl 6 [18]: It lives! Perl 6 happens to be a new language eas including mobile programming, UX,
that is expressive and feature-rich for the win. computer security, and AI.

Open Source Yearbook 2016 .O pensource.com 29
W O R K I N G
.............. ..
.............

50 ways to avoid getting
hacked in 2017 BY DANIEL J WALSH

WHEN I WAS YOUNG, Paul Simon re-
leased his hit
song, “50 Ways to Leave Your Lover” [1]. Inspired by this
8. Use confined SELinux users [7] to control what users do in
your systems. If you are running a shared login system, set
up users as guest_t.
song, I’ve collected 50 ways sysadmins and laypeople can
avoid getting hacked: “You don’t need to be coy, Roy”
9. Take advantage of systemd tools [8] to help secure your
“You just slip out the back, Jack” services. Most system attacks are going to come through
1. Backup your data. If you get hit with ransomware, you a service listening on the network. Systemd provides
don’t have to pay if you have backups. great ways to lock down the service. For example, use
2 Use a syncstop [2] when you have to charge your phone PrivateTmp=yes [9]. PrivateTmp takes advantage of the
in a public place, or bring your own battery backup. mount namespace to set up a private tmpfs mount for
3 Take advantage of the auditing subsystems. There are the server’s /tmp. This prevents a hacked service from
lots of cool tools to help monitor your system. If you do getting access to content in the host’s /tmp and poten-
have a break in, the audit system might well be able to tially attacking the rest of the system based on services
tell you what happened and what the attacker did. listening on /tmp.
4 Speaking of logs, offloading the logs to a centralized 10. InaccessibleDirectories=/home is a systemd unit flag
server is always a good idea because if a hacker breaks that uses the mount namespace to eliminate the /home
into your system, the first thing he is going to attack is (or any other directory) from the services view, which
the logging system to cover his tracks. Having a good makes it more difficult for a hacked service ability to at-
intrusion system watching the logs also helps. tack the content.
11. ReadOnlyDirectories=/var is another systemd unit flag
“Make a new plan, Stan” that uses the mount namespace to turn the directories
5 Run SELinux in enforcing mode (see
stopdisablingselinux.com [3]). Didn’t
think it would take me this long to get to
that one? SELinux prevents escalations
of zero day vulnerabilities. When Shell
Shock [4] came out, SELinux was the
only defense.
6 Run applications in the SELinux Sandbox
[5] whenever possible—it was a container
before containers were cool. Also follow
the development of Flatpack [6], which
soon should be developing sandboxing
capabilities.
7 Don’t install or use Flash. Firefox no
longer supports it, and hopefully most
web servers are moving away from it. Image by: Opensource.com, CC BY-SA 4.0

30 Open Source Yearbook 2016 .O pensource.com
contents into read-only mode. You probably should al- before his system was infested with viruses. I returned
ways run with /usr in ReadOnlyMode. This would pre- and installed Linux on his system, and he has been run-
vent a hacked application from rewriting the binary, so ning it ever since. I believe Linux generally is a more
the next time it started the service, you would already secure system because of the way it was designed, but
be hacked. I also believe the desktop is less likey to be hacked be-
12. Drop capabilities from a service (CapabilityBound- cause of the smaller user base. Some would argue that
ingSet=CAP_CHOWN CAP_KILL). In the kernel, privil- Windows has improved greatly over the years, but for
iged processes are broken down into a series of distinct me, I am still sticking with what I know.
capabilities. Most services do not need many (if any), 22. Only run distributions with a Security Response Team [13]
and systemd provides a simple switch to drop them from watching over the security of the distribution. Enterprise
a service. Software is important.
13. If your service is not going to use the network, then you 23. Run an enterprise-level kernel. In containers, the single
can turn it off for the service using PrivateNetwork=yes. point of failure is the kernel. If you want to keep it secure,
Just turning this on in a service unit file takes advan- use an enterprise-level kernel, which means it has the
tage of the network namespace and turns off all networks latest security fixes, but is not bleeding edge. Remember
available to the service. Oftentimes a hacker does not the latest kernel comes with the latest security fixes, but
actually want to break into your machine—he just wants it also comes with a ton of new code that could have
to use it as an attack server to attack other machines. If vulnerabilities.
the service can’t see the network, it cannot attack it.
14. Control the devices available to your service. Systemd “You don’t need to discuss much”
provides the DeviceAllow directive, which controls the 24. Most hacks are social engineering—for example, email
devices available to the service. DeviceAllow=/dev/null links, web browser attacks, and phone calls. The best
rw will limit access to /dev/null and only this device node, option here is to be educated and skeptical. No one from
disallowing access to any other device nodes. The feature Nigeria is giving you money. The IRS is not calling your
is implemented on top of the device’s cgroup controller. house demanding money. If you get a link to a web site
15. Coming soon to a systemd system near you is a new in email from your bank, don’t use the link. Type the ad-
feature, ProtectSystem Strict [10], which can turn on all dress directly on the web browser.
of these namespaces to fully lock down the environment 25. Always keep your systems fully up to date with the latest
in which a service runs. security fixes. The number of systems that are outdated
and have known security vulnerabilities is scarey. Script
“Just get yourself free” kiddies rely on you not to update your system.
16. Don’t use a cell phone without SELinux (SEAndroid [11]) 26. Always use HTTPS when connecting to services on the
in enforcing mode. Luckily, I heard that more than 90% of network. Chrome and Firefox now have modes to en-
all Android phones now run with SEAndroid on in enforc- force this. If a web site does not support secure commu-
ing mode. That makes me happy. Now if we could only nications by 2016, it is probably not worth your visit.
get those Apple guys to use SELinux. 27. Use seccomp [14] in your containers. This limits the at-
17. Only install software from trusted sources. Don’t install tack surface on the kernel, which is the single point of
dodgy things you find on the Internet. This goes for your failure. Limit what the processes can discuss.
cell phone, computer system, virtual machines, contain-
ers, and so on. “Just drop off the key, Lee”
18. I don’t do online banking on my phone—only on my Linux 28. Use a YubiKey [15] for storing private keys.
computer. If a hacker steals my credit card, I lose 50 29. Encrypt your data on your systems. At least for laptops,
bucks; if he gets into my bank account, I lose a lot more. keep your homedir and your other data directories en-
I guess I am old. (Get off my lawn.) crypted. I was riding the subway in London a few years
19. One cool thing I did do with my phone is set up my credit ago, and had my Laptop “nicked”—the door of the train
card companies to send me a text every time my credit car closed, and I noticed by laptop was gone and the
card has been charged. That way if the number gets train was pulling out of the station. Luckily, the disks were
stolen, I will know a lot quicker. encrypted.
20. When you need to communicate securely, use the Signal 30. Use Let’s Encrypt [16] for all your web sites. There’s no
secure messaging app [12]. reason not to run HTTPS anymore.
31. Never use the same password on different web servers.
“Hop on the bus gus” This one is difficult not to fall into the trap. Tools like Let’s
21. Run Linux on your systems. When I first hooked my Encrypt help a lot. It’s even better if you use ssh keys to
father up with a computer system, I barely got home log into systems.

Open Source Yearbook 2016 .O pensource.com 31
W O R K I N G
.............. ..
.............
32. Use two-factor authentication (2FA). Passwords have 42. Run your containers in read-only mode [24]. Containers
become just about useless. Using YubiKeys and the like in development need to be able to write to /usr, but a
make two-factor easy. We all have cell phones. Having a container in production should only be able to write to
secret in your head and one generated on the phone is tmpfs and volumes mounted into the container.
always better than a password. 43. Drop capabilities from your containers [25]. We run our
33. Nothing aggravates me more than websites always ask- processes in and outside of containers with many more
ing me to set up an account—can’t we do better? Al- “capabiltiies” than they need. You can make your pro-
ways use a password-generating tool for your website cesses more secure by dropping capabilties.
passwords. I am old school: I use Password Safe [17] 44. Don’t run your processes in containers as root [26]. Most
and cut and paste into the web browser. I have heard services never need root privileges, or they need it to
that other people have good luck with LastPass [18] bind to a port < 1024 and then switch to a non-root user.
and other tools that integrate your phone and web I would advise always running apps as non-root.
service. 45. Keep your containers updated with the latest CVEs fixes.
34. Set up a service like FreeIPA [19] to use for identity ser- Using a system like OpenShift for building and main-
vices. Using tools such as Kerberos [20] for authentica- taining your container images is a good idea, because
tion and authorization makes keeping track of employ- it automatically rebuilds container images when a new
ees and their access to systems much easier (and it has security fix appears.
cool crypto services). Using Active Directory is ok, but I 46. An associate of mine says, “Docker is all about running
am a little prejudiced. random code from the Internet as root on your host.” Get
35. When you must use a password that you need to type your software from a trusted source. Don’t grab the first
in often, use an easily remembered sentence rather Apache application that you find at docker.io. The oper-
the a word. My preferred way to remember passwords ating system matters [27].
is to use a phrase several words long that is easy to 47. Run your containers in production on a limited container-
type. ized optimized host, such as an Atomic Host [28], which
comes with all of the security turned on, optimized for
“And get yourself free” running containers, with a limited attack surface and
36. Use USBGuard [21] to protect your system from rogue atomic updates. What is not to like there?
USB devices. 48. Use tools like OpenScap [29] to scan your systems for vul-
37. The past few years, I have been working on containers, nerabilities. Sadly, new vulnerabilities are always popping
so now let’s dive into security on containers. First run up, so you must keep your scanners up to date. (Take a look
them on a system with SELinux turned on in enforcing at atomic scan [30] for scanning your containers, as well.)
mode. If your system does not support SELinux, switch 49. OpenScap also has features to scan for security configu-
the distribution to one that does. SELinux is the best ration [31], such as STIGs (Security Technical Implemen-
tool for protecting against container break out using the tation Guides).
file system. 50. Set up a special guest network for all those Christmas
38. Run your service inside of a container whenever pos- IoT devices your kids receive. I love my Amazon Echo
sible. I believe this is the future—applications using and automated lights and power switches (“Alexa, turn
OCI Image Format [22] and Linux container technology. on the Christmas Lights”), but each one of these is a
Launch these containers with Docker, runC [23], OCID, Linux operating system that has questionable security.
RKT, Systemd-nspawn, and so on. Although I have often
said “containers do not contain,” they do contain better “There must be 50 more ways not to get hacked”
than not running them inside of a container. What would you add to the list?
39. Run your container in a VM. Virtual machines provide Josh Bressers contributed to this article.
better isolation than containers. Running like containers
on virtual machines provides you scalability and isolation Resources
from each other. [1]
https://www.youtube.com/watch?v=0H5chfbcWtY
40. Run containerized apps with different security needs on [2]
http://syncstop.com/
different virtual machines. Run your web service contain- [3]
http://stopdisablingselinux.com/
ers on virtual machines in the DMZ, but run the database [4]
http://danwalsh.livejournal.com/71122.html
containers on virtual machines outside of the DMZ. [5]
http://danwalsh.livejournal.com/31146.html
41. Also remember to run your virtual machines requiring [6]
http://flatpak.org/
the most security on different physical machines, on differ- [7]
http://danwalsh.livejournal.com/37404.html
ent virtual machines inside of containers (a.k.a., defense [8]
http://0pointer.de/blog/projects/security.html
in depth). [9]
http://danwalsh.livejournal.com/51459.html

32 Open Source Yearbook 2016 .O pensource.com
[10] https://www.phoronix.com/scan.php?page=news_ [28] https://access.redhat.com/articles/rhel-atomic-getting-
item&amp;px=systemd-New-Protect-Tunables started
[11] https://source.android.com/security/selinux/ [29] https://www.open-scap.org/
[12] https://whispersystems.org/ [30] https://developers.redhat.com/blog/2016/05/02/introducing-
[13] https://access.redhat.com/blogs/766093/posts/2695561 atomic-scan-container-vulnerability-detection/
[14] https://lwn.net/Articles/656307/ [31] https://www.open-scap.org/security-policies/scap-security-
[15] https://www.yubico.com/ guide/
[16] https://letsencrypt.org/
[17] https://pwsafe.org/
[18] https://www.lastpass.com/ Author
[19] https://www.freeipa.org/page/Main_Page Daniel Walsh has worked in the com-
[20] https://web.mit.edu/kerberos/ puter security field for almost 30 years.
[21] https://github.com/dkopecek/usbguard Dan joined Red Hat in August 2001. Dan
[22] https://www.opencontainers.org/ leads the RHEL Docker enablement team
[23] https://runc.io/ since August 2013, but has been work-
[24] http://www.projectatomic.io/blog/2015/12/making-docker- ing on container technology for several
images-write-only-in-production/ years. He has led the SELinux project, concentrating on
[25] http://rhelblog.redhat.com/2016/10/17/secure-your- the application space and policy development. Dan helped
containers-with-this-one-weird-trick/ developed sVirt, Secure Vitrualization. He also created the
[26] https://www.projectatomic.io/blog/2016/01/how-to-run-a- SELinux Sandbox, the Xguest user, and the Secure Kiosk.
more-secure-non-root-user-container/ Dan has a BA in Mathematics from the College of the Holy
[27] https://www.opensource.com/16/12/yearbook-why-operating- Cross and an MS in Computer Science from Worcester
system-matters Polytechnic Institute.

Open Source Yearbook 2016 .O pensource.com 33
Best Couple
Display manager and
window manager BY DAVID BOTH

MY SELECTION FOR BEST
[1] was ssh and tar, a pair of Linux commands that
Couple
of 2015
agers are not directly associated with a specific desktop.
Any of the display managers can be used for your login
screen regardless of which desktop you are using. And not
work together nicely all desktops have
to accomplish great their own display
things. This year I managers. Such
have made a differ- is the flexibility of
ent type of selection Linux and well-writ-
for Best Couple of ten, modular code.
2016. My choices for The typical desk-
Best Couple this year tops and display
are actually a pair of managers are shown
program types—not in the Table 1.
specific commands The display man-
or programs. ager for the first desk-
So let’s welcome top (i.e., GNOME,
our Best Couple KDE, etc.) installed
of 2016: Put your is the default one. For
hands together for Fedora, this is usu-
the display manag- Image by: Internet Archive. Modified by Opensource.com. ally GDM [2], which
er (dm) and the window manager (wm). is the display manager for GNOME. If GNOME is not installed,
These two programs, regardless of which ones you use
on your Linux GUI desktop system, always work closely to- Table 1: A short list of display managers.
gether to make your GUI experience smooth and seamless Display
before you even get to your desktop. Desktop manager Comments
GNOME GDM GNOME Display Manager
Display manager KDE KDM KDE Display Manager (up through
The display manager is a bit of code that provides the GUI Fedora 20)
login screen for your Linux desktop. After you log in to a GUI LightDM Lightweight Display Manager
desktop, the display manager turns control over to the win-
LXDE LXDM LXDE Display Manager
dow manager. When you log out of the desktop, the display
manager is given control again to display the login screen KDE SDDM Simple Desktop Display Manager
(Fedora 21 and above)
and wait for another login.
There are several display managers—some are provided XDM Default X Window System Display
with their respective desktops. Note that some display man- Manager

34 Open Source Yearbook 2016 .O pensource.com
Best
Couple

then the display manager for the installed desktop is the
default. If the desktop selected during installation does not
have a default display manager, then GDM is installed and
used. If you use KDE as your desktop, the new SDDM
[3] (Simple Desktop Display Manager) will be the display
manager.
Regardless of which display manager is configured as
the default at installation time, later installation of additional
desktops does not automatically change the display man-
ager used. If you want to change the display manager, you
must do it yourself from the command line. Any display man-
ager can be used, regardless of which window manager and The window manager works with the X Window System [4]
desktop is used. or the newer Wayland [5] to perform these tasks. The X Win-
dow System provides all of the graphical primitives and func-
Window manager tions to generate the graphics for a Linux or Unix graphical
The function of a window manager is to manage the creation, user interface.
movement, and destruction of windows on a GUI desktop. The window manager also controls the appearance of the
windows it generates. This includes the functional decorative
Table 2: A short list of window managers.
aspects of the windows, such as the look of buttons, sliders,
Window window frames, pop-up menus, and more.
Desktop manager Comments As with almost every other component of Linux, there are
Unity Compiz many different window managers from which to choose. The
Fluxbox following list represents only a sample of the available win-
dow managers.
FVWM
Note that most window managers are not directly associated
IceWM
with any specific desktop. In fact, some window managers can
KDE Kwin Starting with KDE Plasma 4 in 2008 be used without any type of desktop software, such as KDE
GNOME Metacity Default for GNOME 2 or GNOME, to provide a minimalist GUI experience for users.
GNOME Mutter Default starting with GNOME 3
How do I deal with all these choices?
twm A very old and simple window manager.
Some distros like Fedora use it as In most modern distributions, the choices are made for you at
a fallback in case no other window installation time and are based on your selection of desktops
manager or desktop is available. and the preferences of the packagers of your distribution. The
desktop itself can be easily changed in some distributions and
Xfce Xfwm
the display manager can also be changed in many cases.

Open Source Yearbook 2016 .O pensource.com 35
Prior to Fedora 18, changing the display manager was which to choose. With a little research, you can make
done by changing the line PREFERRED= in the /etc/syscon- interesting changes.
fig/desktop file. That file was sourced by the /etc/X11/
prefdm file. If the file did not exist, you could create it, add- Resources
ing the PREFERRED= line (in caps) with the name and path [1] https://opensource.com/business/15/12/best-couple-2015-
of the preferred desktop manager. You could also set it tar-and-ssh
directly in the prefdm file, but that change could be wiped [2] https://wiki.gnome.org/Projects/GDM
out by an upgrade or reinstallation. [3] https://github.com/sddm
Now that systemd [6] has become the standard startup [4] https://en.wikipedia.org/wiki/X_Window_System
system in many distributions, you can set the preferred dis- [5] https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)
play manager in /etc/systemd/system, which is where the [6] https://www.freedesktop.org/wiki/Software/systemd/
basic system startup configuration is located. There is a [7] https://docs.fedoraproject.org/en-US/Fedora/13/html/
symbolic link (symlink) named display-manager.service that Deployment_Guide/s2-x-clients-winmanagers.html
points to one of the display manager service units in /usr/
lib/systemd/system. Each installed display manager has a Additional resources
service unit in the /usr/lib/systemd/system directory. • X Window Manager: https://en.wikipedia.org/wiki/X_
To change the active display manager, remove the exist- window_manager
ing display-manager.service link and replace it with the • Comparison of X window managers: https://en.wikipedia.
one you want to use. For example, to configure to use the org/wiki/Comparison_of_X_window_managers
KDM display manager, use the following commands: • X Display Manager: https://en.wikipedia.org/wiki/X_
display_manager_(program_type)
cd /etc/systemd/system • Simple Desktop Display Manager: https://en.wikipedia.
rm display-manager.service org/wiki/Simple_Desktop_Display_Manager
ln -s /usr/lib/systemd/system/kdm.service display-manager.service • X Window System: https://en.wikipedia.org/wiki/X_Window_
System
The only information I could find initially about chang- • Wayland: https://en.wikipedia.org/wiki/Wayland_(display_
ing the window manager is in the Fedora 13 Deployment server_protocol)
Guide [7], which is obviously fairly old and may no longer • X Window System Protocols and Architecture:
be valid. I also found information on the wmctrl command, https://en.wikipedia.org/wiki/X_Window_System_protocols_
which, as its name implies, provides some control over the and_architecture
window manager but no capability to change the window
manager.
I did find that some distros and desktops have various Author
means of changing the window manager. For example, David Both is a Linux and open source advocate who
GNOME users can use gconf-editor and Puppy Linux resides in Raleigh, North Carolina. He has been in the IT
uses the wmswitcher command. industry for more than 40 years and taught OS/2 for IBM,
where he worked for more than 20 years. While at IBM,
Conclusion he wrote the first training course for the original IBM PC in
As with many other components of GNU/Linux, many 1981. He has taught RHCE classes for Red Hat and has
different display and window managers are available. worked at MCI Worldcom, Cisco, and the State of North
When you install most modern distributions with any Carolina. He has been working with Li-
kind of desktop, the installation program chooses which nux and open source software for almost
ones to install and activate. For most users, there should 20 years. David has written articles for
never be any need to change these choices. For others OS/2 Magazine, Linux Magazine, Linux
who have different needs or who are simply more adven- Journal, and OpenSource.com. Follow
turous, there are many options and combinations from David on Twitter: @LinuxGeek46

36 Open Source Yearbook 2016 .O pensource.com
.................... COLL ABORATING

10 steps to innersource in
your organization in 2017
BY JONO BACON

IN RECENT YEARS, an increasing number
of organizations, often
non-technology companies, have kept a keen eye on open
a company, you must understand the drivers in the existing
culture, and then ensure you consider these as you roll out
the innersource program.
source. Although they may be unable to use open source
to the fullest extent in their products and services, they are 1. Understand process and collaboration
interested in bringing the principles of open source within the At the core of how people work together are collaborative in-
walls of their organization. This “innersource” concept can frastructure and processes. These include code hosting, peer
provide a number of organizational benefits. review, continuous integration, automated testing, documen-
As a consultant who helps build both internal and external tation creation, knowledgebases, incentive programs, and
communities in companies, I find the major challenge fac- more. You should understand all of these details, how they fit
ing organizations is how to put an innersource program in together, and where the shortfalls lay in both the wider execu-
place, deploy resources effectively, and build growth in the tion of these pieces and the experiences of staff using them.
program. I recommend breaking the organization up by teams and
To help you get started, I present a high-level model that then put together a map of:
shows how you can
build a consistent, • W hat each team
predictable, and sus- consumes
tainable innersource • W hat each team
program. Take this produces
model, adjust to • H ow each team
taste, and build a works
thriving community • H ow they inter-
in your organization. face with other
teams
Understand • The benefits and
Fundamentally, in- disadvantages of
nersource is a cul- current systems
tural change for a
company. Although 2. Understand
many people think the people and
of this as a tradi- Image by: Internet Archive Book Images. Modified by Opensource.com. CC BY-SA 4.0 drivers
tionally software engineering workflow challenge, you need Outside of the collaborative nuts and bolts of how things get
to focus instead on building an asynchronous, permissive, done, understanding the people involved is equally critical.
meritocratic, and collaborative environment. Of course, this A company brings together a multitude of people, personal-
encompasses development workflow, but is not limited to it. ities, and perspectives. You need to understand them, their
The challenge with cultural change is that culture is an goals, their fears, and their agendas. Cultural change must
amorphous mass of ideas, opinions, habits, fears, dreams, be mindful of the realities of the environment in which it op-
values, and more. Before you can integrate innersource into erates. You can’t build an innersource program by dictating

Open Source Yearbook 2016 .O pensource.com 37
COLL ABORATING
.............. ..
.............
it to people—you need to build something that people want Put simply, a backlog is a big, shared to-do list. When you
to use and that encourages the behaviors you want to see. have built out your strategy, you map all the individual proj-
I recommend building your own organizational chart that ects to the backlog. This provides a place where you can
shows: discuss, refine, and improve individual deliverables. When
some of these deliverables are ready for implementation,
• the breakdown of influence (key stakeholders and deci- they can be pulled off the backlog into an active work plan
sion makers), and have resources assigned. This means that you can
• where people deliver work (teams and key employees), evolve the implementation of your strategy in the backlog,
and even when not actively applying resources.
• individual agendas and goals with each person (stop
energy, people gunning for certain outcomes, intrinsic 5. Develop a maturity model
and extrinsic reward motivations, etc.). One of the challenges I regularly see when I work with cli-
ents who want to build innersource into their organizations
Plan is that they don’t know what success looks like. Now, that
With a firm understanding of the current environment, you sentence right there sounds like business book nonsense,
then can build a roadmap of your route to a smooth, efficient, but this issue is real. For example, if you want to improve
inclusive, and enjoyable innersource environment. developer efficiency when it comes to code review, how
do you determine that this goal was achieved? How do
3. Create a strategic plan you measure the work and determine which measure-
Your first step is to build an overall strategy, a complex ments mean you’ve nailed it? For many of these issues,
undertaking as you can imagine. Integrating open source you are building qualitative cultural change. How do we
principles in a company involves a huge array of different measure that?
considerations, such as developer workflow, infrastructure, This challenge is exacerbated by your different audienc-
communication, policy (such as openness and transparency), es. Although those involved in the implementation of this
incentivization models, segmented engagement, wider mes- work will want to get to the nitty gritty of what success looks
saging, governance, and more. like, senior management and stakeholders won’t want the
Not only do you have much to do, but as your work priori- details, but instead only want information on important
ties will vary (some projects are more urgently required than trends. A useful approach to this is a “maturity model.”
others), you will have limited resources, and some colleagues A maturity model breaks the different evolutionary phases
in the company will have limited buy-in or even seek to block of a solution into a set of expectations of what success looks
the project. like. I tend to think of these different chronological stages,
To get people onboard and involved, you need to: in order:

• uild a strategy;
b • Unaware: The company is unaware of the solution.
• define priorities; • Explored: The solution is being explored.
• get a sense of resourcing; and • Defined: The solution is defined and executed.
• factor in messaging, engagement, and roll-out for each • Adopted: The solution is adopted in the company.
of these pieces. • Optimized: The solution is being optimized and improved.

I recommend building out an overall wider strategic plan For each of these you would say what to expect. For exam-
that maps to the next one or two years, covering the key ple, if you build code review into the company, the entry for
areas of focus. Next, break that plan into shorter execution “Explored” could be “A small proportion of teams are actively
cycles in which you pull out key goals from the broader plan experimenting with code review in non-critical codebases.”
and map them to practical deliverables with metrics. This will
form your backlog. Execute
With a strategy, backlog, and maturity model in place, you
4. Build a backlog know what you need to do. Now you need to make these
Fundamentally, strategy is a map that tells you where you projects happen.
want to go. Strategy needs to be converted into practical
projects and deliverables that you can apply resources to, 6. Deliver priority projects
such as development time, funds, and so on. The challenge With your backlog in place, your first step is to decide
is that each strategic objective will invariably involve a multi- which projects to name as priorities in your work plan. De-
tude of these sub-projects and goals. The best way to man- ciding this is dependent on which work must be performed
age this situation is with a backlog. most urgently and what resources are currently available.

38 Open Source Yearbook 2016 .O pensource.com
Although the urgency of the work is important, resources code, messages, participation, and other examples. You
are the really defining criteria here—we can’t build things should never bring a project into the work plan unless you
with nothing. have a key way to measure it.
I recommend you do this on a cadence (every two weeks,
monthly, quarterly, etc.). Bring together key leaders for the 9. Survey your users
program, review the backlog, define resourcing, and then fi- Analyzing numbers is convenient, because we usually have
nalize the work plan. computers do all the work, but we also need to track human
elements, such as happiness, empowerment, inclusivity, and
7. Communicate to different groups other areas. Non-empirical analysis is difficult to do as these
With your work plan in place you can start delivery. You things don’t usually map to numbers well.
should be defining milestones, metrics, and regularly re- A useful way to get data is to run an anonymous survey
viewing deliverables. Given the cultural implications for regularly that asks people how they feel about these human
this work, communication—and in some cases, over-com- elements of the innersource experience. The staff must feel
munication—is key. We want to ensure the wider compa- comfortable if they are to be critical. You need to give them
ny, key stakeholders, leadership, and others have a good express permission to criticize without consequences.
sense of: As important as the execution of the survey is, the word-
ing of the questions and options is key, too. Wording and
• hat the strategy is,
w selections can often inadvertently influence responses, so
• what the work plan is, I recommend you have a few people feed into the structure
• how that work is being delivered, and of the survey.
• what the results of the work are.
10. Update the strategy
Bear in mind that these various audiences will have different Once you have this data, ask yourself and the team hard
communication needs. Senior leadership will need the over- questions about what trends and patterns these illustrate
view and results, key leaders will require more depth, and and how you can refine the overall strategy, re-organize
team leads will want the details. the backlog, and adjust how projects are prioritized, built,
You will need to create a way of pulling out these overall and managed with others. Of course, helping to bring in-
details, design the communication for the right audiences, nersource into a company is a complicated endeavor with
and update your audiences regularly (with weekly reports, countless different details, but I hope this article provided
for example). Also, be sure to message the entire company an overall framework in which you can fill in the gaps with
regularly where appropriate. the pieces that relate to your specific organization.

Review and improve
Bringing innersource into a company is an imperfect art Author
and science. Companies vary, people vary, and approach- Jono Bacon is a leading community manager, speaker,
es vary. You have to roll a program that meets the specific author, and podcaster. He is the founder of Jono Bacon
needs that you sought to understand at the beginning of Consulting, which provides community strategy/execution,
this process. developer workflow, and other services. He also previous-
As such, regularly evaluating your work and assessing ly served as director of community at GitHub, Canonical,
how well it is going is critical, because you will need to XPRIZE, OpenAdvantage, and consulted and advised a
make suitable changes. Doing this evaluation isn’t easy; range of organizations. Bacon is a prominent author and
it can tap into people’s fear of failure, but conquering such speaker on community management and best practice,
fear is important. Some things you do will not go well, and and wrote the best-selling The Art of Community (O’Reil-
others will deliver sub-optimal results. Identifying the flaws ly), is the founder of the Community Leadership Summit,
that negatively affect your work and rectifying them is the founder of the Community Leadership Forum, and is a
point of your analysis. regular keynote speaker at events about community man-
agement, leadership, and best practice.
8. Gather quantitative data He also writes columns for Forbes and
A first step is to gather data—in other words, numbers. For Opensource.com. He lives in the San
each project you work on, define a set of metrics you want to Francisco Bay Area in California with his
track and how you will read those metrics to determine suc- wife, Erica, and their son, Jack. Follow
cess. Examples of these metrics are usage, contributions, him on Twitter: @jonobacon

Open Source Yearbook 2016 .O pensource.com 39
COLL ABORATING
.............. ..
.............

7
cool little open source
projects that stood out
in 2016 BY D RUTH BAVOUSETT

IN THE EARLY DAYS of the open source
movement, a lot of
the attention was on operating systems, and later on large
input decks and four sampling decks, tools for synchroniza-
tion during cross-fades, key detection and pitch shifting for
harmonic mixing, and built-in effects. You can play your mix-
content management systems. These days, containers are es live, record them, or stream them over the Internet using
mentioned regularly even in mainstream news outlets. The SHOUTcast [3] or Icecast [4]. Mixxx has an amazing music
big tech stories are great, but they miss the other great ac- library system to let you organize your music in any way you
tivity in the niches of the open source space. I’ve rounded like, giving quick access to songs in the library. Mixxx has
up seven interesting lesser-known projects from the past comprehensive support for DJ hardware controllers, includ-
year. You can see more articles about projects like this in my ing more than 80 of the most popular models.
Nooks and Crannies [1] column.
Mixxx, mixing Madonna with herself. Don’t judge my music!
Mixxx: A DJ’s Swiss Army knife
In the late 1980s, I worked as a disc jockey for a local radio
station and as a mobile DJ for parties, weddings, and danc-
es. It was a lot of fun and wasn’t a hard business to start.
You could set up shop with two CD players, a decent mixer
and amplification system, and a lot of CDs. Thirty years later,
what sticks in my head was lugging all those CDs. Sampling
was virtually unheard of for mobile DJs back then. Common-
ly available computers were expensive and slow enough that
playing music from a PC was risky—it would hang while buff-
ering at some point during a show.
The technology for DJs has dramatically changed in the
intervening years. An inexpensive computer can handle ev- I took a look at the Mixxx community, and it’s a robust,
erything we could do in the ‘80s, and much more. Mixxx [2] well-organized group of dedicated souls with broad di-
is an open source system that acts as a mixer and sampler versity. There are forums, a huge wiki, and excellent bug
for a mobile or club DJ. It’s incredibly feature-rich, with four and release tracking all set up and well-established. The
community has adopted a well-written code of conduct
[5] that discourages problematic behavior among mem-
bers. On the wiki, you’ll find great tips on hardware [6] for
use with Mixxx, and a Getting Involved page [7] that talks
about how even non-programmers can get plugged into
the Mixxx community. Mixxx is a C++ application and is
available under the GPL v2 license [8] for Windows, OS X,
and Linux. Version 2.0 came out in December 2015.

sofa: Not a place for lazy data scientists
The R project [9] is a widely used software environment for
statistical computing, and its use in data analysis continues
Image by: Internet Archive Book Images. Modified by Opensource.com.

40 Open Source Yearbook 2016 .O pensource.com Open Source Yearbook 2016 .O pensource.com
to rise. The rOpenSci project [10] is producing tools to allow building a network of robotic telescopes. This global array will
R to access large repositories of science data and full-text detect transiting exoplanets for further examination by larger
journal articles. One of the tools from the rOpenSci team is earth- and space-based telescopes.
sofa [11]. Sofa is a kit of tools for allowing easy access in R Each participant builds a robotic telescope using off-the-
to CouchDB [12] NoSQL document databases. shelf equipment: A commercially available camera, an Arduino
To begin using sofa in a program, you create a server Micro, an Intel NUC, and other easy-to-find components.
handle, cleverly called a cushion: You can buy most of the components from Amazon, and
the total cost is less than US$ 5,000. These telescopes will
myCushion <- Cushion$new( share their data with the project servers, and image analysis
host = "myhost.mynet.org", from many units will go into finding potential results. When
transport = 'https', desired by the owner, an individual telescope may be taken
port = NULL, offline for unrelated observations. This makes it an ideal proj-
user = 'username', ect for schools and science educators, as they get to be in-
pass = 'mypassword' volved in a larger global project, and have access to a quality
) telescope for their local teaching work.
The PANOPTES project is continuing to refine its hard-
Once you have a cushion, you can connect to any database ware design. Beta testers for the system are welcome to
or create and destroy databases. A database creation is as build one according to the instructions on the website. Much
simple as: work also is being done on the centralized observatory con-
trol system, which directs each of the robotic telescopes in
db_create(myCushion, 'felines') their observations. This is a project worth watching not just
for the science it can do, but for learning about a process for
Once you’ve created a JSON or XML document, inserting it engaging people in other distributed-science teams.
into the database is easy:
OpenAPS: Enhancing life quality for Type 1
my
_kitty <- '{"name":"Midnight", "color":"black", diabetes patients
"furry":true, "size":'large', "gender":"tom"}' One of the high-water marks of OSCON this year for me was
doc_create(myCushion, dbname="felines", my_kitty) Dana Lewis’s keynote [18] about OpenAPS [19], a simplified
artificial pancreas for Type 1 diabetes patients. OpenAPS
You can optionally specify a fourth parameter to the uses currently available medical tools—diabetes pumps and
doc_create to force the document ID to a known value. continuous glucose monitors, paired with Raspberry Pi or
If you don’t use it, the default is to use an automatically Intel Edison computers. The system takes care of the com-
generated hash key. plicated calculations that a pump user normally must do to
Ready to query? It’s straightforward: keep their blood glucose levels steady. By updating every five
minutes, it’s doing the work in near-real-time 24-hours a day.
db_query(myCushion, dbname="felines", selector=list(size = 'large'))$docs This means less hassle for the user during the day, and better
sleep at night.
This query returns a structure with the full document, including The core belief of this effort is that by open sourcing the
ID and revision for all documents that have a size field of large. project code, they can make APS (Artificial Pancreas Sys-
There are tools that let you limit your return to specific fields tem) technology available to more people more quickly than
and much more complicated searching than this example. current closed-source APS medical research. The OpenAPS
Sofa is a great tool for unlocking the data in CouchDB; if team has taken a conservative approach to dosing to help
big data is your game, it might be the right tool for you. All keep it safe as well as effective.
of rOpenSci’s work is MIT licensed and has a contributor More than 90 units have been deployed, with more than 30
code of conduct [13]. The code is available on GitHub [14]. of those in the summer and fall of 2016, and about a third of
the OpenAPS users are children. The community is user-led,
PANOPTES: Open source astronomy and new users are welcome. The documentation [20] for build-
I interviewed Jennifer Tong and Wilfred Gee from the PAN- ing one of your own is freely available and deeply detailed. It
OPTES project [15] in April. I enjoyed their OSCON confer- explains not only the how but the why; with an emphasis on
ence [16] presentation, and have been following their website patient safety.
[17] for more information about this great project. PANOPT- Many of us who work in IT want to make lives better by
ES (Panoptic Astronomical Networked OPtical observato- making computers do interesting things, and OpenAPS is
ry for Transiting Exoplanets Survey) is a project harnessing one of the best examples I’ve found of using our open source
the power of interested citizen scientists around the world in skills to help our loved ones.

Open Source Yearbook 2016 .O pensource.com 41 41
COLL ABORATING
.............. ..
.............
OpenEMR: Tools for keeping a medical bibisco: The novelist’s friend
practice organized In September 2016, I covered bibisco in my column [26].
I’ve always had the impression that doctor’s offices are quite Written by Andrea Feccomandi, bibisco [27] is an open
complex places to work. Lots of diverse information must be source alternative to programs like Scrivener [28]. I was im-
kept and secured, and the functions that use patient infor- pressed with the polished feature set, and as I said then, I’ve
mation are equally diverse. Recently I was surprised to learn been moving my own novel and other writings into it. There
about OpenEMR [21], an open source practice-management was only one thing holding me back from full-throated enthu-
system. It’s been around a while, having been first devel- siasm for this project, and that was a lack of an OS X client.
oped in 2001, under another name. The first release was out Andrea packaged it for Windows and 32- and 64-bit Linux. A
in 2002, under the GPL V2.0 license. friend of mine made things sort of work, with a lot of finesse,
The feature list is impressive. Besides a robust patient re- on his Mac, but it was a mystery to me how to do it.
cords system, OpenEMR has a built-in medical billing sys- Bibisco has really revolutionized the way I’m writing
tem that can take part in the major billing clearing houses my novel. For each of the scenes in a chapter, I’ve got a
using ANSI ASC X12 [22] and can use any coding system separate entry with a one-line title describing that scene. I
desired. OpenEMR also handles online prescription order- can use these entries as a storyboard for the chapter, re-
ing, using ePrescribe [23], as well as more traditional print, arranging them as I desire. Each chapter can be tagged
fax, or email methods. If installed as a service, OpenEMR with locations and characters, and I can get reports on how
also has a patient portal system to handle communications often those appear across the book. I’ve made a fair bit of
with patients. If an office already has a popular patient por- progress since finishing the switchover, and I couldn’t be
tal system in use, the system can communicate via API and happier. There was that one nagging little problem, though.
use that instead. I could only work on the novel at home where I have a Win-
dows machine; my Macbook just couldn’t do it. Imagine my
The OpenEMR Patient Information screen surprise a few days after the release of the article when An-
drea commented and told the world that he had purchased
a Mac so that he could release the OS X client. Then, a
month later, he commented again, announcing the release
of the OS X client on the website.

Pa11y: Automated accessibility testing
One oft-ignored element of web design is accessibility. Many
of the guidelines are hard to test, but there are a number
of specific, testable criteria that designers can use—if they
have the right tool for the job. Enter Pa11y [29], a suite of
tools for one-off or automated testing of web pages for ac-
cessibility against a broad list of criteria sets. Installation of
the basic toolkit is easy with npm, so you can test your pages
OpenEMR offers a staggering list of reports, and one fea- right away and get feedback and specific suggestions for im-
ture that caught my eye is that it is supported in more than 20 provement. If your organization would like to do ongoing or
languages and has the ability to support multiple languages periodic testing of pages, installing the dashboard and web
in the same clinic. This is a nice feature to have in diverse service is straightforward. You can see a demo of this dash-
cities with large populations of non-local-language speakers, board at demo.pa11y.org [30].
as each user can choose their own language set. OpenEMR The community is actively working on a new version of its
is fully UTF-8 compliant. website, which includes much more detailed information for
With an estimated 5,000+ installs in the US alone, Open- developers and others wanting to contribute. The group has
EMR has a thriving community of users and developers. adopted a code of conduct [31] adapted from the Contributor
The OEMR Foundation [24] is a US charitable organization Covenant [32]. They are also beginning work on a new, more
set up to support OpenEMR adoption and development refined version of the dashboard application called Sidekick.
to promote more affordable healthcare for all. There are Coding has begun on that project, which the team is dedicat-
highly active forums for users and developers to discuss ed to designing and developing completely in the open, in a
their needs and get help with the application. More than 30 GitHub repository [33].
companies globally are providing commercial hosting and/
or support of OpenEMR. It’s not a Thneed [25] (a fine thing And more
that all people need, according to Dr. Seuss), but it’s cer- Every year, several hundred new open source projects
tainly a great open source success story. appear. As much as I’d love to, covering them all is not

42 Open Source Yearbook 2016 .O pensource.com
possible. The projects in this roundup are only a few of the 21. http://www.open-emr.org/
many worth watching in the next year. Let us know about 22. http://www.x12.org
your project—submit an article proposal [34]. 23. http://www.open-emr.org/wiki/index.php/OpenEMR_ePrescribe
24. http://www.oemr.org/
Resources 25. http://seuss.wikia.com/wiki/Thneed
1. https://opensource.com/tags/nooks-and-crannies 26. https://opensource.com/life/16/9/bibisco-tool-novelists
2. http://mixxx.org 27. http://www.bibisco.com
3. https://www.shoutcast.com/ 28. https://www.literatureandlatte.com/scrivener.php
4. http://icecast.org/ 29. http://pa11y.org/
5. https://github.com/mixxxdj/mixxx/blob/master/CODE_OF_ 30. http://demo.pa11y.org/
CONDUCT.md 31. http://pa11y.github.io/contributing/code-of-conduct/
6. http://mixxx.org/wiki/doku.php/hardware_compatibility 32. http://contributor-covenant.org/version/1/4/
7. http://mixxx.org/wiki/doku.php/getting_involved 33. https://github.com/pa11y/sidekick
8. https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html 34. https://opensource.com/story
9. https://www.r-project.org/
10. http://ropensci.org/
11. https://github.com/ropensci/sofa Author
12. http://couchdb.apache.org/ D Ruth Bavousett has been a system administrator and
13. https://github.com/ropensci/sofa/blob/master/CONDUCT.md software developer for a long, long time, getting her pro-
14. https://github.com/ropensci/sofa fessional start on a VAX 11/780, way back when. She
15. https://opensource.com/life/16/4/oscon-interview-wilfred- spent a lot of her career (so far) serving the technology
gee-panoptes needs of libraries, and has been a con-
16. http://conferences.oreilly.com/oscon tributor since 2008 to the Koha open
17. http://www.projectpanoptes.org source library automation suite. Ruth
18. https://opensource.com/life/16/5/openaps-oscon-dana-lewis is currently a Perl Developer at cPanel
19. https://openaps.org in Houston, and also serves as chief of
20. https://openaps.readthedocs.io/en/latest/index.html staff for one large cat.

The conversation continues—in the open.
Download 3 free books today, and join us at
opensource.com/open-organization

Open Source Yearbook 2016 .O pensource.com 43
COLL ABORATING
.............. ..
.............

9 lessons from

25 years of Linux
kernel development
BY GREG KROAH-HARTMAN

BECAUSE THE LINUX KERNEL
community celebrated a quarter-century of development
projects. It may be many years before we fully understand
the keys to the Linux kernel’s success, but there are a few
lessons that stand out even now.
in 2016, many people have asked us the secret to the
project’s longevity and success. I usually laugh and joke 1. Short release cycles are important.
that we really have no idea how we got here. The project In the early days of the Linux project, a new major ker-
has faced many disagreements and challenges along the nel release only came once every few years. That meant
way. But seriously, the reason we’ve made it this far has considerable delays in getting new features to users, which
a lot to do with the community’s capacity for introspection was frustrating to users and distributors alike. But, more
and change. importantly, such long cycles meant that huge amounts of
About 16 years ago, most of the kernel developers had code had to be integrated at once, and that there was a
never met each other in person—we’d only ever interacted great deal of pressure to get code into the next release,
over email—and so Ted T’so [1] came up with the idea of a even if it wasn’t ready.
Kernel Summit [2]. Now every year kernel developers make Short cycles address all of these problems. New code is
a point to gather in person to work out technical issues and, quickly made available in a stable release. Integrating new
crucially, to review what we did right and what we did wrong code on a nearly constant basis makes it possible to bring
over the past year. Developers can openly and honestly in even fundamental changes with minimal disruption. And
discuss how they interact with each other and how the de- developers know that if they miss one release cycle, there
velopment process works. And then we make changes that will be another one in two months, so there is little incentive
improve the process. We make new tools, like Git [3], and to try to merge code prematurely.
constantly change how we work together.
Over time, this evolution has created a resiliency that has 2. Process scalability requires a distributed,
allowed the project to go from one strength to the next while hierarchical development model.
avoiding the forks that have split the resources of competing A long time ago, all changes went directly to Linus Torvalds,
but that quickly proved unwieldy as no one single person can
keep up with a project as diverse as an operating system
kernel. Very early the idea of maintainers of different areas
of the kernel came about, where the responsibility of a por-
tion of the kernel was assigned to an individual familiar with
that area. Examples of this is networking, wireless, different
driver subsystems like PCI or USB, or different individual
filesystems like ext2 or vfat. Spreading out the responsibil-
ity for code review and integration across many hundreds
of maintainers gives the project the resources to cope with
tens of thousands of changes per release, without sacrificing
review or quality.
Image by: Internet Archive Book Images. Modified by Opensource.com.

44 Open Source Yearbook 2016 .O pensource.com Open Source Yearbook 2016 .O pensource.com
3. Tools matter. 7. There should be no internal boundaries
Kernel development struggled to scale until the advent of within the project.
the BitKeeper [4] Kernel developers are necessarily focused on specific
source-code man- Without the right tools, a parts of the kernel, but any developer can make a change
agement system to any part of the kernel if the change can be justified. As
project like the kernel would
changed the com- a result, problems are fixed where they originate rather
simply be unable to function than being worked around, developers have a wider view
munity’s practices
nearly overnight; without collapsing under its of the kernel as a whole, and even the most recalcitrant
the switch to Git own weight. maintainer cannot indefinitely stall needed progress in any
brought about an- given subsystem.
other leap forward. Without the right tools, a project like the
kernel would simply be unable to function without collapsing 8. The kernel shows that major developments can
under its own weight. spring from small beginnings.
The original 0.01 kernel was a mere 10,000 lines of code;
4. The kernel’s strongly consensus-oriented model is now it grows by more than that every two days. Some of the
important. rudimentary, tiny features that developers are adding now
As a general rule, a proposed change will not be merged will develop into significant subsystems in the future.
if a respected developer is opposed to it. This can be in-
tensely frustrating to developers who find code they have 9. Above all, 25 years of kernel history show that
put months into blocked on the mailing list. But it also en- sustained, cooperative effort can bring about common
sures that the kernel remains suited to a wide ranges of resources that no group would have been able to
users and problems. No particular user community is able develop on its own.
to make changes at the expense of other groups. As a Since 2005, some 14,000 individual developers from more
result, we have a single codebase that scales from tiny than 1,300 different companies have contributed to the ker-
systems to supercomputers and that is suitable for a huge nel. The Linux kernel, thus, has become a common resource
range of uses. developed on a massive scale by companies that are fierce
competitors in other areas.
5. The kernel’s strong “no regressions” rule is also These takeaways, and more detailed information on Linux
important. kernel development, can be found in the 2016 Linux Kernel De-
Over a decade ago the kernel developer community made velopment Report [5], co-written with LWN’s [6] Jon Corbet.
the promise that if a given kernel works in a specific set- Libby Clark contributed to this article.
ting, all subsequent kernels will work there, too. If the
community finds out that a change caused a regression, Resources
they work very quickly to address the issue. The rule gives [1] https://thunk.org/tytso/
users assurance that upgrades will not break their sys- [2] http://events.linuxfoundation.org/events/linux-kernel-summit
tems; as a result, they are willing to follow the kernel as it [3] https://opensource.com/search/apachesolr_search/git
develops new capabilities. [4] http://www.bitkeeper.com/
[5] https://www.linux.com/publications/linux-kernel-development-
6. Corporate participation in the process is crucial, but how-fast-it-going-who-doing-it-what-they-are-doing-and-
no single company dominates kernel development. who-5
Some 5,062 individual developers representing nearly 500 [6] https://lwn.net/
corporations have contributed to the Linux kernel since
the 3.18 release in December of 2014. The majority of devel- Author
opers are paid for their work—and the changes they make Greg is a Linux kernel maintainer and a
serve the companies they work for. But, although any com- Linux Foundation fellow.
pany can improve the kernel for its specific needs, no com-
pany can drive development in directions that hurt the others
or restrict what the kernel can do.

Open Source Yearbook 2016 .O pensource.com 45 45
COLL ABORATING
.............. ..
.............

A tour of Google’s
2016 open source releases BY JOSH SIMMONS

OPEN SOURCE SOFTWARE enables
Google
to build things quickly and efficiently without reinventing
that allowed for ease of management, including automated
deployment of configuration changes.”

the wheel, allowing us to focus on solving new problems. Vendor Security Assessment Questionnaire (VSAQ)
We stand on the shoulders of giants, and we know it. This We assess the security of hundreds of vendors every year,
is why we support open source [1] and make it easy for and have developed a process to automate much of the
Googlers to release the projects they’re working on inter- initial information-gathering with VSAQ [12]. Many ven-
nally as open source. dors found our questionnaires intuitive and flexible, so we
We’ve released more than 20-million lines of open source decided to shared them. The VSAQ framework includes
code to date, including projects such as Android, Angular, four extensible questionnaire templates covering web ap-
Chromium, Kubernetes [2], and TensorFlow. Our releases plications, privacy programs, infrastructure, and physical
also include many projects you may not be familiar with, and data center security. You can learn more about it in
such as Cartographer [3], Omnitone [4], and Yeoman [5]. our announcement blog post [13].
Looking back at the projects we’ve open sourced in 2016,
there’s a lot to be excited about. We have released open OpenThread
source software [6], hardware [7], and datasets [8]. Let’s OpenThread [14], released by Nest [15], is a complete im-
take a look at some of this year’s releases. plementation of the Thread [16] protocol for connected de-
vices in the home. This is especially important because of
Seesaw the fragmentation we’re seeing in this space. Development
Seesaw [9] is a Linux Virtual Server-based [10] load-bal- of OpenThread is supported by ARM, Microsoft, Qualcomm,
ancing platform developed in Go by our site reliability en- Texas Instruments, and other major vendors.
gineers. Seesaw, like many projects, was built to scratch
our own itch. Magenta
From our blog Can we use machine
post announcing its learning to cre-
release [11]: “We ate compelling art
needed the ability and music? That’s
to handle traffic for the question that
unicast and any- animates Magen-
cast VIPs, perform ta [17], a Tensor-
load balancing with Flow-based project
NAT and DSR (also from the Google
known as DR), Brain team [18]. The
and perform ade- aim is to advance the
quate health checks state of the art in ma-
against the back- chine intelligence for
ends. Above all we music and art gen-
wanted a platform eration, and to build
Image by: Travis Wise. CC BY-SA 2.0

46 Open Source Yearbook 2016 .O pensource.com Open Source Yearbook 2016 .O pensource.com
a collaborative community of artists, coders, and ma- 5. http://yeoman.io/
chine-learning researchers. Read the release announce- 6. https://opensource.googleblog.com/2016/04/cctz-v20-now-
ment [19] for more information. with-more-civil-time.html
7. https://opensource.googleblog.com/2016/07/announcing-
Omnitone open-source-adc-board-for.html
Virtual reality (VR) isn’t nearly as immersive without spa- 8. https://opensource.googleblog.com/2016/10/introducing-
tial audio, and much of VR development is taking place on open-images-dataset.html
proprietary platforms. Omnitone [20] is an open library built 9. https://github.com/google/seesaw
by members of the Chrome team that brings spatial audio 10. http://www.linuxvirtualserver.org/
to the browser. Omnitone builds on standard Web Audio 11. https://opensource.googleblog.com/2016/01/seesaw-scalable-
APIs to deliver an immersive experience and can be used and-robust-load.html
alongside projects such as WebVR [21]. Find out more in 12. https://github.com/google/vsaq
our blog post announcing the project’s release [22]. 13. https://opensource.googleblog.com/2016/03/scalable-vendor-
security-reviews.html
Science Journal 14. http://github.com/openthread/openthread
Today’s smartphones are packed with sensors that can 15. https://nest.com/
tell us interesting things about the world around us. We 16. http://threadgroup.org/
launched Science Journal [23] to help educators, stu- 17. http://github.com/tensorflow/magenta
dents, and citizen scientists tap into those sensors. You 18. https://research.google.com/teams/brain/
can learn more about the project in our announcement 19. https://magenta.tensorflow.org/welcome-to-magenta
blog post [24]. 20. https://github.com/GoogleChrome/omnitone
21. https://webvr.info/
Cartographer 22. http://google-opensource.blogspot.com/2016/07/omnitone-
Cartographer [25] is a library for real-time simultaneous spatial-audio-on-web.html
localization and mapping (SLAM) in 2D and 3D with Robot 23. http://googleforeducation.blogspot.com/2016/05/inspiring-
Operating System (ROS) support [26]. Combining data future-makers-and-scientists.html
from a variety of sensors, this library computes positioning 24. http://google-opensource.blogspot.com/2016/08/opening-
and maps surroundings. This is a key element of self-driv- up-science-journal.html
ing cars, UAVs, and robotics, as well as efforts to map 25. https://github.com/googlecartographer
the insides of famous buildings [27]. More information on 26. http://www.ros.org/about-ros/
Cartographer can be found in our blog post announcing 27. https://www.zeitgeistminds.com/talk/5604289821016064/
its release [28]. amit-sood-the-peoples-museum-amit-sood
This collection is just a small sampling of what we’ve re- 28. http://opensource.googleblog.com/2016/10/introducing-
leased this year. Follow the Google Open Source Blog [29] cartographer.html
to stay apprised of Google’s open source software, hard- 29. https://opensource.googleblog.com/
ware, and data releases.

Resources Author
1. https://developers.google.com/open-source/ Josh Simmons is a community organizer
2. https://opensource.com/resources/what-is-kubernetes and short stack web developer who works
3. https://opensource.googleblog.com/2016/10/introducing- on the Google open source outreach team
cartographer.html and sits on the OSI board of directors. You
4. https://opensource.googleblog.com/2016/07/omnitone-spatial- can find him on Twitter: @joshsimmons
audio-on-web.html

Open Source Yearbook 2016 .O pensource.com 47 47
COLL ABORATING
.............. ..
.............

TOP 10 Linux news
stories of 2016 BY SCOTT NESBITT

LINUX
a few headlines
made
quite
development, was
pragmatic rather
than ideological,
in 2016. Although the kernel was
2016 wasn’t the designed to be
much-anticipated practical, and Li-
Year of Linux on the nux managed to
Desktop, it was still rally a community
a big year for the around itself.
Image by: Internet Archive Book Images. Modified by Opensource.com. CC BY-SA 4.0
open source move-
ment’s poster child. Let’s take a look at 10 of the biggest 2. Fedora 25 becomes the first major Linux
Linux news stories from the past year. distro to ship with Wayland enabled by default
As we reported in November 2016, Fedora 25 rolled out
1. Linux turns 25 with Wayland as the default display protocol on compati-
They grow up so quickly. It’s hard to believe that 25 years ble machines. Wayland was development as modern, sim-
ago Linus Torvalds announced [1] to the comp.os.minix Usen- pler replacement for the X Window System. In a March
et group that he was “doing a (free) operating system (just a 2016 blog post, “Why Wayland Anyway?” [3], developer
hobby, won’t be big and professional like gnu) for 386(486) AT Matthias Clasen outlined benefits of Wayland, including
clones.” Since 1991, Linux has grown beyond even Torvalds’ that it isolates clients from each other; it’s a better fit for
dreams. It’s not a stretch to say that Linux is everywhere. Cor- modern, compositing-based display system (i.e., it doesn’t
porations large and small use Linux, and it powers computers, include unnecessary “baggage,” such as core fonts or
mobile devices, and connected hardware. Critical infrastruc- core rendering); and it will be a good foundation for en-
ture relies on the stability and flexibility of Linux. abling features that are hard to support under X (e.g.,
Why, despite its humble beginnings and the opposition it’s input transformation or smooth transitions between com-
faced from certain corners of the technology world, did Linux posited desktop and fullscreen clients).
not only survive but also thrive? Christopher Tozzi, writing Fedora 25 with Wayland received rave reviews from
at The VAR Guy website [2], suggests that Linux succeed- users. In an Ars Technica article, “Fedora 25: With Way-
ed for four reasons: It adopted a decentralized approach to land, Linux has never been easier (or more handsome)” [4],

48 Open Source Yearbook 2016 .O pensource.com Open Source Yearbook 2016 .O pensource.com
writer Scott Gilbertson says, “This is perhaps the biggest 5. Russia moves to embrace Linux
change to come in the Linux world since the move to sys- As Munich considers moving away from Linux, Russia is mov-
temd. However, unlike that systemd transition, the switch ing toward embracing Linux and open source. The Duma,
to Wayland was so seamless I had to logout and double Russia’s parliament, drafted a law [13] giving preference to
check that I was in fact using Wayland.” And in his an open source software and requiring government agencies
article on TechRepublic, “Fedora 25: Bleeding edge and to justify purchases of proprietary solutions. A big part of this
bloody brilliant” [5], Jack Wallen says, “There are those move is based around security concerns. Most of the coun-
in the community who believe it’s still too early to be us- try’s digital infrastructure runs on software from US-based
ing Wayland as the default compositor protocol. Howev- companies, such as Microsoft, Oracle, and IBM. The Russian
er, after using Fedora 25 for a while, it’s quite clear that government claims that the software from those companies
Wayland is well beyond ready. GNOME on Wayland was poses security risks, such as hidden backdoors into the soft-
much improved. Windows were smoother and faster to ware. Although the public and private sectors in Russia are
open and the stability of the desktop was a slight step warm to open source, a few barriers must be overcome, such
ahead of X11.” Keep an eye out for Wayland to make more as a lack of local companies who can provide support, and
headlines in 2017. few open source companies have offices in Russia.

3. Microsoft cozies up to Linux 6. Linux powers the world’s fastest supercomputers
Over the past couple of years, Microsoft has been back- For years, Linux has been at the heart of the fastest, most
tracking on its aggressive rhetoric against Linux and open powerful supercomputers on the planet. This trend continued
source. In fact, the company has been actively and publicly in 2016 [14] with Linux ruling the roost as the operating sys-
embracing its one-time sworn enemy. But in 2016, the com- tem of choice for makers of supercomputers. In the TOP500
pany further shocked the Linux and open source world with 2016 [15] rankings of high performance computers, Linux
several moves. Microsoft joined the Linux Foundation [6] as powers 497 of the 500 machines on the list. That means
a Platinum member, a membership tier that includes com- 99.4% of the fastest supercomputers use Linux as their soft-
panies such as Cisco, Fujitsu, IBM, and Intel. Other small- ware heart. The other three run IBM’s AIX (a UNIX deriva-
er—but more surprising—moves were making PowerShell tive), and the highest-ranking of those computers comes
[7] and SQL Server 2016 [8] available for Linux (however, in at 281st place on the list.
only PowerShell is open source), and bringing the Bash shell
to Windows 10 [9]. 7. Automotive Grade Linux heads toward
These moves have been greeted with open arms, and becoming a de-facto standard
with more than a bit of skepticism. On one hand, analysts If Linux isn’t already in your car, it will be soon. That’s the
anticipate Microsoft’s platform to integrate and operate bet- idea behind the Linux Foundation’s Automotive Grade Linux
ter with Linux and open source applications. On the other [16] (AGL) project. Although Automotive Grade Linux has
hand, many people in the open source community view Mi- been kicking around for a few years, it picked up addition-
crosoft’s coziness with Linux and open source as an- al steam [17] in 2016 when several technology companies,
other step in Microsoft’s embrace, extend, and extinguish including Oracle, Qualcomm, and Texas Instruments, joined
[10] strategy. the project.
”The automotive industry needs a standard open operat-
4. Munich makes noise about abandoning Linux ing system and framework to enable automakers and suppli-
In 2004, the city of Munich in Germany made headlines ers to quickly bring smartphone-like capabilities to the car,”
by starting a project to replace Windows and Microsoft Dan Cauchy, the project’s general manager, says in an early
Office on thousands of PCs with a custom Linux distribu- 2016 project update [18]. The tech firms that joined the proj-
tion called LiMux, OpenOffice.org, and, later, LibreOffice. ect along with a number of automakers are working to build
That experiment seems to be over, as Munich’s govern- a common, standard platform for controlling all aspects of a
ment is debating a report [11] that recommends moving car’s operations.
back to Microsoft’s products. The announcement was sur-
prising because the city declared the shift to Linux and 8. Popular Linux distribution Mythbuntu packs it in
open source a success in 2013 [12]. Although most users The year 2016 saw the end of the line for one popular Linux
haven’t had a problem with the migration, various munici- distribution. The developers behind Mythbuntu, the backbone
pal departments are pushing to go back to using Windows of the open source MythTV digital video recorder, decided to
and Microsoft Office. But it’s not all bleak news for Linux discontinue the project [19]. Thomas Mashos, a coder with
in Munich. If the shift does happen, the city plans to use the project, says a lack of developers led to the decision.
LiMux alongside Windows, and LiMux would continue to The team went from 10 developers down to 2, which caused
be updated. delays to updates and new Mythbuntu releases.

Open Source Yearbook 2016 .O pensource.com 49 49
COLL ABORATING
.............. ..
.............
MythTV isn’t dead, however. The core software is still [6] https://www.linuxfoundation.org/announcements/microsoft-for-
available, and the Mythbuntu team suggests that instead tifies-commitment-to-open-source-becomes-linux-foundation-
of Mythbuntu, users install a distribution such as Xubuntu. platinum
Users can install the MythTV packages using the Mythbun- [7] http://www.tomsitpro.com/articles/microsoft-power-
tu Personal Package Archive, which will continue to contain shell-open-source-linux-mac,1-3353.html
MythTV updates. [8] http://thevarguy.com/open-source-application-software-
companies/microsoft-loves-open-source-servers-sql-
9. KDE turns 20 server-2016-comes
The Kool Desktop Environment—more commonly known [9] https://techcrunch.com/2016/03/30/be-very-afraid-hell-has-
as KDE—turned 20 years old. In his October 1996 an- frozen-over-bash-is-coming-to-windows-10/
nouncement [20], Matthias Ettrich wrote, “The idea is [10] https://en.wikipedia.org/wiki/Embrace%2C_extend_and_
NOT to create a GUI for the complete UNIX-system or the extinguish
System-Administrator. ... The idea is to create a GUI for [11] http://www.techrepublic.com/article/open-source-pioneer-
an ENDUSER. Somebody who wants to browse the web munich-debates-report-that-suggests-abandoning-linux-for-
with Linux, write some letters and play some nice games.” windows-10/
To learn more about the history of the KDE project, visit [12] http://www.theregister.co.uk/2013/12/16/munich_signs_off_
timeline.kde.org [21]. Also check out David Both’s list of 9 on_open_source_project/
reasons to use KDE [22]. [13] http://www.zdnet.com/article/ibm-microsoft-oracle-beware-
russias-pushing-open-source-and-sees-you-as-security-
10. Linux kernel bug threatens 1.4 billion Android threat/
devices [14] http://www.zdnet.com/article/linux-and-china-rule-super-
You’re probably wondering how a bug in the Linux kernel computing-in-2016/
could be a problem for Android. Well, Android is built on top [15] https://www.top500.org/
of version 3.6 of the kernel. The bug, an issue with the Trans- [16] https://www.automotivelinux.org/
port Control Protocol in that version of the kernel, put 80% [17] http://www.zdnet.com/article/the-linux-in-your-car-movement-
of Android devices (about 1.4 billion of them) at risk [23]. gains-momentum/
Although it wasn’t one of the most severe Android security [18] https://www.linux.com/blog/car-makers-rev-automotive-
bugs, it left Android devices open to spying when they con- grade-linux-ces
nected to the Internet. Still, researchers said the flaw was [19] https://opensource.com/life/16/11/news-november-12
simple enough for anyone with minor technical skills to ex- [20] https://www.kde.org/announcements/announcement.php
ploit. Linux developers quickly patched the bug, and the fix [21] https://timeline.kde.org/
was passed to mobile carriers and handset makers to pass [22] https://opensource.com/life/15/4/9-reasons-to-use-kde
along to their customers. [23] http://www.computerworld.com/article/3108618/security/
1-4-billion-android-devices-vulnerable-to-hijacking-thanks-
Resources to-linux-tcp-bug.html
[1] https://www.learnlinux.ie/content/linus-torvalds-original-
announcement-usenet
[2] http://thevarguy.com/open-source-application-software- Author
companies/050415/open-source-history-why-did-linux- Writer. Technology coach. Soldier of fortune. Ocelot wran-
succeed gler. Husband and father. Blogger. Collector of pottery.
[3] https://blogs.gnome.org/mclasen/2016/03/04/why-way- Scott Nesbitt is a few of these things. He’s
land-anyway/ also a long-time user of free/open source
[4] http://arstechnica.com/gadgets/2016/12/fedora-25-review- software who extensively writes and blogs
the-best-linux-distro-of-2016-arrived-at-the-last-moment/ about it. You can find Scott on Twitter
[5] http://www.techrepublic.com/article/fedora-25-bleeding- (@ScottWNesbitt), GitHub, and GitLab.
edge-and-bloody-brilliant/

50 Open Source Yearbook 2016 .O pensource.com
.................... COLL ABORATING

2016 Hacktoberfest ignites open
source participation BY BEN COTTON

DIGITALOCEAN [1] launched Hacktoberfest [2]
in 2014 to encourage contri-
bution to open source projects. The event was a clear suc-
cess, and in terms of attendance and participation goals
reached, it’s also clear that Hacktoberfest has become a
powerful force in driving contributions to open source. The
lure of a t-shirt and specific, time-limited goals help new con-
tributors get started and encourage existing contributors to
rededicate themselves and their efforts.
The third year continued the momentum. In fact, early
Image by: Library of Congress. Modified by Opensource.com.
in the month, community management manager Daniel
Zaltsman [3] told Opensource.com that 2016 already sur- berfest provided an extra incentive to contribute back,” partici-
passed last year’s results. pant Aditya Dalal [7] told DigitalOcean. “Over time, I continued
At month’s end, 10,227 of the 29,616 registered participants contributing and ended up as a maintainer, focusing on triag-
had opened four pull requests in order to complete Hackto- ing issues and making the contribution process as simple as
berfest successfully. Although the success rate of 34.5% was possible, which I like to think we have succeeded at.”
down slightly from 2015, the number of participants who com- His participation illustrates the momentum that Digita-
pleted the event was up dramatically. The number of people lOcean has tried to build into the Hacktoberfest events. Forty
who completed Hacktoberfest 2016 was more than two-thirds events were held in 29 cities across 12 countries. For 2016,
of last year’s total registrant count. Registration was up more they created a Hacktoberfest-themed meetup kit to encour-
97% from last year, with success up 79%. And 92,569 pull age social participation. Although this year got more internal
requests were opened, which is an 89% increase. Momentum teams involved, for 2017 organizers want to further increase
may be a bit of an understatement. community participation.
One interesting number that stood out in the final analysis Interesting trivia stands out from the 2016 stats. Contri-
was the nearly 1:1 ratio of registered participants to contrib- butions were spread roughly equally across the days of the
uted projects—29,287 repositories received pull requests week, but Monday had the highest number of pull requests.
from Hacktoberfest 2016 participants. homebrew-cask [4] Monday also happened to be the last day of the month,
received the most (310), with home-assistant [5] (265) and which meant a flurry of last-minute pull requests as people
manageiq [6] (231) close behind. tried to earn their t-shirt. When the last day’s pull requests
Although the basic mechanics of participation did not change are removed, Monday becomes the second slowest day.
for this year, DigitalOcean made a few changes to improve the When normalized for the number of times the day occurred
experience for project maintainers. This year, maintainers were in the month, Wednesday was the most active day, with the
encouraged to create a Hacktoberfest label and apply that to weekends being the slowest.
issues where newcomers could make a contribution. GitHub Can 2017 continue building on the first three years? We’ll
provides site-wide search, so the 15,000-plus labeled issues find out next October.
could be found quickly by people who didn’t know which project
to start on, but who wanted to make a contribution. Additionally, Resources
pull requests marked “Invalid” were not counted toward a par- [1] https://www.digitalocean.com/
ticipant’s total. The net result was to prevent trivial or no-op pull [2] https://hacktoberfest.digitalocean.com/
requests from overburdening project maintainers. [3] https://twitter.com/Zaltsman
Some Hacktoberfest participants have gone on to be proj- [4] https://github.com/caskroom/homebrew-cask/
ect maintainers. “I actually started contributing to open source [5] https://github.com/home-assistant/home-assistant/
in a meaningful way because of Hacktoberfest. Homebrew [6] https://github.com/ManageIQ/manageiq/
Cask was a convenient tool in my daily usage, and Hackto- [7] https://github.com/adidalal

Open Source Yearbook 2016 .O pensource.com 51
Most Playful
Top 7 Linux games
of 2016 BY ROBIN MUILWIJK

Counter-Strike: Global
IN THE 2015
Open Source Yearbook [1]
Offensive
The classic first-person shoot-
I looked at the best open er Counter-Strike [7] game was
source games [2]. This year, launched 14 years ago and is
with the continuing growth of now touted as the “world’s #1
Linux gaming, I’ve rounded online action game”. Count-
up the top Linux games on er-Strike: Global Offensive [8]
Steam [3]. On an average has since seen many updates,
day, some of these games [4] Image by: NASA on the Commons and Internet Archive Book Images. such as new maps, charac-
are played by almost a million Modified by Opensource.com. ters, and weapons, based on
players. I included both free and non-free games on my list. the classic Counter-Strike. Counter-Strike: Global Offensive is
available on Steam [9] for US$ 14.99. Bundle pricing is also
Dota 2 available.
By far the most-played game on Steam is Dota 2 [5]. At
times, Dota 2 reaches close to a million concurrent online Team Fortress 2
players. This action and strategy game originates from a Team Fortress 2 [10] is a multi-player action game, de-
Warcraft 3 modification. Players can select from hundreds veloped by Valve [11], creator of Steam. Team Fortress 2
of heroes, to team up and “battle their Dire counterparts to has seen more than 400 updates in the past six years, and
control a gorgeous fantasy landscape, waging campaigns of continues to be updated with new game modes, maps, and
cunning, stealth, and outright warfare.” Dota 2 is free to play, more. Team Fortress 2 is available on Steam [12] and is free
and exclusively available on Steam [6]. to play.

Figure 1: Dota 2 screenshot by Colony of Gamers. CC BY-NC 2.0 Figure 2: Team Fortress 2 screenshot by Terry Robinson. CC BY-NC 2.0

52 Open Source Yearbook 2016 .O pensource.com
Most
Playful
ARK: Survival Evolved
ARK: Survival Evolved [13] is an action-filled role playing
game that will put you through lots of adventure—from sur-
vival, to riding dinosaurs. “As a man or woman stranded na-
ked, freezing and starving on a mysterious island, you must
hunt, harvest, craft items, grow crops, and build shelters to
survive,” the site explains. ARK: Survival Evolved is avail-
able on Steam [14] (Early Access) for US$ 29.99.
Figure 3: ARK: Survival Evolved screenshot by Tamahikari Tammas.
CC BY-NC 2.0

build and play. “You spawn objects and weld them togeth-
er to create your own contraptions—whether that’s a car, a
rocket, a catapult or something that doesn’t have a name
yet—that’s up to you,” the site explains. Garry’s Mod is avail-
able on Steam [18] for $US 9.99.
Figure 4: Garry’s Mod screenshot by DoctorButtsMD. CC BY-NC 2.0

Football Manager 2017
In Football Manager 2017 [15] you can pick from 2,500 real
clubs and take control over your favorite team. Football Man-
ager 2017 claims to be “the most realistic and immersive
football management game to date.” The game allows you
to control transfers and who plays or sits on the bench, all
while you watch the game live through the 3D match engine.
Football Manager 2017 is available in the Steam store [16]
for US$ 59.99. Sid Meier’s Civilization V
Civilization [19] is a turn-based strategy game in which you
Garry’s Mod attempt to build an empire. If you can stand the test of time,
Garry’s Mod [17] is a sandbox game and lacks any objec- you can become ruler of the world “by establishing and lead-
tives. The makers provide you with tools, and leave you to ing a civilization from the Stone Age to the Information Age.”

Open Source Yearbook 2016 .O pensource.com 53
The game allows you to play its default maps and scenarios. Resources
But you can also create your own or download player-created (For links to original images in this article, visit: http://red.ht/
maps and scenarios. Civilization is available on Steam [20] 2i2Y5sB)
for US$ 69.99. [1] https://opensource.com/yearbook/2015
[2] https://opensource.com/life/15/12/top-5-open-gaming
Honorable mentions [3] http://store.steampowered.com/linux
Because this list focuses on Linux games available on [4] http://store.steampowered.com/stats/
Steam, I also want to mention two other popular open [5] http://blog.dota2.com/?l=english
source games that can be played on Linux and that have a [6] http://store.steampowered.com/app/570/
native client: [7] http://blog.counter-strike.net/
[8] http://blog.counter-strike.net/
The Battle for Wesnoth [9] http://store.steampowered.com/app/730/
Gamers that prefer a turn-based tactical strategy game [10] http://www.teamfortress.com/index.php
will love The Battle for Wesnoth [21], which is free. Mak- [11] http://www.valvesoftware.com/
ing this game unique is its high fantasy theme. The game [12] http://store.steampowered.com/app/440/
allows you to build your own army, out of 200 unit types, [13] http://www.playark.com/
and it includes 16 races, 6 major factions, and hundreds [14] http://store.steampowered.com/app/346110/
of years of history. As player, you are the heir to Wesnoth, [15] http://www.footballmanager.com/
and you fight to regain its throne. “The world of Wesnoth [16] http://store.steampowered.com/app/482730/
is absolutely huge and only limited by your creativity— [17] http://www.garrysmod.com/
make your own custom units, create your own maps, and [18] http://store.steampowered.com/app/4000/
write your own scenarios or even full-blown campaigns,” [19] https://civilization.com/
the site explains. [20] http://store.steampowered.com/app/8930/
[21] http://www.wesnoth.org/
0 A.D. [22] http://play0ad.com/
0 A.D. [22] is a free historical real-time strategy game. 0 A.D.
is unique in its graphics and rendering. As leader of an an- Author
cient civilization, your goal is to gather the resources you Robin Muilwijk is Advisor Internet and e-Government. He
need to raise a military force and dominate your enemies. also serves as a community moderator for
Your civilizations and battles take part over the millennium Opensource.com and as ambassador for
of 500 B.C. to 500 A.D. (hence, the name of this game being The Open Organization. Robin is Chair of
the midpoint: 0 A.D.) the eZ Community Board, and Communi-
ty Manager at eZ Systems. Follow Robin
on Twitter: @i_robin

54 Open Source Yearbook 2016 .O pensource.com
.................... COLL ABORATING

Open source diversity efforts
gain momentum in 2016
BY NITHYA RUFF

IF SOFTWARE is pervasive, shouldn’t the peo-
ple building it be from every-
where and represent different voices? The broadly accepted
The Linux Foundation [1] and OpenStack Foundation [2]
provide scholarships, travel assistance, training, mentor-
ships, childcare, affinity groups, and more as part of their
answer is yes, that we need a diverse set of developers and events and services. (I’m involved in the Linux Founda-
technologists to build the new digital world. Further, when tion-sponsored Women in Open Source events and the
you look at communities that thrive, they are those that Women of OpenStack [WOO] group.) Since the WOO group
evolve and grow and bring in new voices and perspectives. started in 2014, more women have been attending and
Because much of the software innovation happening today speaking at OpenStack-related events and contributing to
involves open source software, the open source community OpenStack projects. More than 11% of attendees at both Li-
can be an entry point for new people in technology roles. nuxCon North America and OpenStack Summit in Austin [3]
This means that the open source community must evolve in 2016 were women.
to stay relevant. There has never been a better time for the The Linux Foundation, in partnership with the National Center
open source community to welcome new community mem- for Women & Information Technology (NCWIT [4]), is develop-
bers from under- ing inclusive speak-
represented groups er orientation course
than now, and the for events to ensure
community is rising that all speakers go
to the challenge. through training in
Efforts to increase what it means to be
diversity in open inclusive.
source are showing Many tech orga-
results, so let’s look nizations are ad-
at a few examples: dressing the role
their company cul-
1. Foundations tures and policies
and organizations play in increasing
are increasing diversity. For ex-
outreach efforts. ample, Google
Over the past few launched its Sum-
years, new foun- Image by: Internet Archive Book Images. Modified by Opensource.com. CC BY-SA 4.0 mer of Code pro-
dations have been gram in 2005, and
created to support open source projects. For example, mul- Red Hat launched its Women in Open Source award [5]
tiple projects fall under the umbrellas of big foundations, in 2015. By 2016, many organizations and events were
such as the Linux Foundation and OpenStack Foundation. regularly sponsoring networking opportunities for wom-
Besides being a home for projects, foundations are em- en, such as the LinuxCon North America Women in Open
bracing their roles in curating and sharing best practices, Source Lunch, sponsored by Intel; and the Women’s
creating on-ramps, and supporting new people in project Leadership Community Luncheon at Red Hat’s annual
communities. summit [6].

Open Source Yearbook 2016 .O pensource.com 55
COLL ABORATING
.............. ..
.............
2. Mentorships, scholarship programs, and training nizers. She got her start speaking at SCALE when she
are scaling. was 11, and she gave a keynote at OSCON [21] in 2014,
Software Freedom Conservancy’s Outreachy [7], which was at the ripe old age of 13. When I talked to Keila, she found
founded in 2010, provides internships to women and mem- programming to be as natural as other subjects at school,
bers of underrepresented groups through mentors and work and she loves the Python language, including its com-
experience on a specific project. Contributions from Out- munity. Young people are learning open source technical
reachy interns is impressive: The Outreachy organization skills from programming, animation, video editing, digital
ranked #9 for kernel contributions in Linux 4.4 and #6 for drawing, and picture editing, and conferences are rapidly
Linux 4.6 releases. Read the 2016 Kernel Internship Report embracing and catering to this new generation of commu-
(PDF [8]) for more detail. nity members.
Google Summer of Code [9] (GSoC) is another suc-
cessful initiative that has been matching students to open 4. The data confirms progress.
source projects and volunteer mentors for more than a de- Without data, determining whether we are making prog-
cade. More than 1,200 students and 178 organizations [10] ress is difficult. We need to measure the percent of con-
participated in GSoC 2016. Hopefully the success of these tributions from women and members of underrepresented
programs will help inspire more mentorship programs groups, learn about projects successfully attracting and
in 2017. retaining a diverse group of contributors, and then share
In 2016, annual Grace Hopper Celebration of Women in what we learn across projects. Spain-based Bitergia’s
Computing [11] (GHC) attracted around 15,000 from more Chief Data Officer Daniel Izquierdo [22] took the initia-
than 80 countries. The GHC annual Open Source Day tive to do this for OpenStack and for the Linux kernel and
is an all-day hackathon that brings attendees together to shared the results in 2016. (Read Rikki Endsley’s recent
network, contribute to good causes, and build their GitHub interview with Daniel, “Analyzing gender diversity in the
profiles in a safe environment. OpenStack community” [23].) Bitergia plans to do gather
diversity metrics for Apache Software Foundation projects
3. Conferences are improving diversity among in the near future.
speakers and attendees. The data Bitergia has been collecting on the diversity of
Conferences such as OSCON [12], LinuxCon [13], PyCon contributions and community growth over time shows trend-
[14], SCaLE [15], and OpenStack Summit [16] play a big ing in the right direction. We still need a new way to measure
role in showcasing and supporting diversity. The impact of the overall health of an open source project, which means
seeing women and underrepresented minorities on stage that, in addition to measuring the number of contributors,
and hearing new perspectives is powerful in changing our downloads, and issues resolved, we should track how di-
perception of who is part of the open source community. verse communities are and how welcoming they are to new
O’Reilly’s OSCON is showing noticeable improvement in contributors. These measurements could help us recognize
the diversity of its speakers and talks. I spoke with Rachel projects that have great on-boarding and retention practices
Roumeliotis, Strategic Content Director and OSCON Chair and that have built diverse and vibrant communities. Learn
for O’Reilly about how OSCON raises the bar every year to more about Bitergia’s work in gender diversity metrics on
showcase amazing new voices. She says organizers active- their blog [24].
ly seek out new voices and perspectives, and they want to
reflect the changing community and perhaps project what 5. The definition of ‘contributions’ is expanding,
it could look like. (Read Opensource.com’s OSCON article and on-boarding is improving.
collection [17] for examples.) Historically non-code-related open source contributions
Conferences are also investing in the next genera- haven’t been recognized as contributions. Measuring
tion of programmers and contributors through dedicated code contributions and code reviews has been easier than
co-located events. One great example of this is SCALE: measuring other types of contributions, such as documen-
The Next Generation [18], a track hosted at the South- tation, marketing, legal representation, and graphic de-
ern California Linux Expo, an annual community event. I sign. Increasingly open source projects and organizations
love how SCaLE helps teach kids about programming and are recognizing, encouraging, valuing, and supporting
technology. Young community members, such as Keila contributions in all areas of the open source ecosystem,
Banks [19], Justin King, and Schuyler St. Leger [20], have and they are making it easier for new contributors to join
spoken at this event. communities.
Often the kids at conferences have relatives working in GitHub has become the tool of choice for internal devel-
technology who are highly involved in encouraging and opment in companies changing their culture to be collabora-
championing young people. Keila, for example, is the tive and agile. I asked Brandon Keepers [25], head of open
daughter of Phillip Banks, one of the SCaLE event orga- source at GitHub, about their initiatives. He explained that

56 Open Source Yearbook 2016 .O pensource.com
GitHub launched a survey [26] to help them understand their [10] https://developers.google.com/open-source/gsoc/2016/
changing community and its needs. His team is also working organizations
to provide best practice frameworks for project leaders to [11] http://ghc.anitaborg.org/
help them run better projects, which includes sample codes [12] http://conferences.oreilly.com/oscon/oscon-tx
of conduct and README templates. [13] http://events.linuxfoundation.org/events/linuxcon-
north-america
6. Allies are taking more active roles in improving [14] http://www.pycon.org/
diversity. [15] https://www.socallinuxexpo.org/scale/15x/
From its beginning, the Ada Initiative [27] founders recog- [16] https://www.openstack.org/summit/
nized the roles male allies play in increasing diversity in [17] https://opensource.com/tags/oscon
technology. The organization was formed in 2011 by Valerie [18] https://www.socallinuxexpo.org/scale/14x/scale-next-
Aurora and Mary Gardiner and worked on making technical generation
conferences harassment-free, providing training on how to [19] https://opensource.com/life/16/4/5-open-source-programs-
overcome impostor syndrome, and provided practical skills automated-teens-toolbox
training for male allies. Many men want to support diversi- [20] https://opensource.com/life/16/1/scale14x-interview-schuyler-
ty efforts and create a more inclusive culture, but may not st-leger
know how to help. The Ada Initiative and NCWIT skills train- [21] https://www.youtube.com/watch?v=xkTcSoQ-q5Q
ing [28] are examples of practical approaches to showing [22] https://bitergia.com/about/team/
male allies how they can support gender equality and build [23] https://opensource.com/business/16/4/openstack-summit-
inclusive cultures. interview-daniel-izquierdo-bitergia
[24] https://blog.bitergia.com/
What will 2017 bring? [25] https://opensource.com/life/15/10/ato-interview-brandon-
As 2016 comes to a close, we’re seeing real progress in how keepers-github
we welcome new people and encourage them to stay in the [26] https://github.com/github/open-source-survey
open source community, but there is still much to be done. [27] https://opensource.com/business/15/8/ada-initiative-legacy
What plans does your project, organization, or community [28] https://www.ncwit.org/resources/10-actionable-ways-actually-
have for increasing diversity in open source in the new year? increase-diversity-tech
Send your story ideas to open@opensource.com.
Author
Resources Nithya A. Ruff is the Director of Western Digital’s Open
[1] https://www.linuxfoundation.org/ Source Office. She is the founding President of Western
[2] https://www.openstack.org/foundation Digital’s Women’s Innovation Network (WIN), which is ded-
[3] https://opensource.com/business/16/5/look-back-austin- icated to the development of women’s highest potential in
openstack-summit the work place. Nithya graduated with an MS in Comput-
[4] https://www.ncwit.org/ er Science from NDSU and an MBA from the University
[5] https://www.redhat.com/en/about/women-in-open-source of Rochester, Simon Business School.
[6] https://www.redhat.com/en/summit/2016/agenda She lives in Silicon Valley and is a proud
[7] https://www.gnome.org/outreachy/ mother of two daughters. Follow Nithya
[8] http://events.linuxfoundation.org/sites/events/files/slides/ on Twitter at: @nithyaruff (The views ex-
outreachy_slides.pdf pressed are her own and do not represent
[9] https://developers.google.com/open-source/gsoc/ Western Digital.)

Open Source Yearbook 2016 .O pensource.com 57
Most Popular
Top 10 open source
projects of 2016 BY JEN WIKE HUGER

WE CONTINUE to be impressed with the
wonderful open source proj-
ects that emerge, grow, change, and evolve every year.
connect with other users and the community, find Atom
on GitHub [4], Discuss [5], and Slack [6].
Atom is MIT [7] licensed and the source code [8] is hosted
Picking 10 to include in our annual list of top projects is no on GitHub.
small feat, and certainly no list this short can include every
deserving project. Eclipse Che
To choose our 10, we&nbsp;looked back at popular open Eclipse Che [9] is a next-generation online integrated de-
source projects our writers covered in 2016, and collected velopment environment (IDE) and developer workspace.
suggestions from our Community Moderators. After a round Joshua Allen Holm brought us a review [10] of Eclipse Che
of nominations and voting by our moderators, our editorial in November 2016, which provided a look at the developer
team narrowed down the final list. community behind the project, its innovative use of con-
So here they are, our top 10 open source projects of 2016: tainer technology, and popular languages it supports out
of the box.
Atom “The ready-to-go bundled stacks included with Eclipse
Atom [1] is a hackable text editor from GitHub. Jono Bacon Che cover most of the modern popular languages. There
wrote [2] about its “simple core” earlier this year, exclaiming are stacks for C++, Java, Go, PHP, Python, .NET, Node.js,
approval for open source projects that give users options. Ruby on Rails, and Android development. A Stack Library
“[Atom] delivers the majority of the core features and provides even more options and if that is not enough,
settings that most there is the option
users likely will to create a custom
want, but is missing stack that can pro-
many of the more vide specialized
advanced or spe- environments.”
cific features some You can test out
users may want. Eclipse Che in an
… Atom provides online hosted ac-
a powerful frame- count [11], through
work that allows a local installation
pretty much any [12], or in your pre-
part of Atom to be ferred cloud provid-
changed and ex- er [13]. The source
panded.” code [14] can be
To get started found on GitHub
contributing, read Image by: George Eastman House and Internet Archive Book Images. Modified by Opensource.com. under an Eclipse
the guide [3]. To CC BY-SA 4.0 Public License [15].

58 Open Source Yearbook 2016 .O pensource.com
Most
Popular

FreeCAD
FreeCAD [16] is written in Python and one of the many
computer-aided design—or computer-aided drafting—tools
available to create design specifications for real-world ob-
jects. Jason Baker wrote about FreeCAD in “3 open source
alternatives to AutoCAD” [17].
“FreeCAD can import and export from a variety of common
formats for 3D objects, and its modular architecture makes
it easy to extend the basic functionality with various plug-
ins. The program has many built-in interface options, from a
sketcher to renderer to even a robot simulation ability.”
FreeCAD is LGPL [18] licensed and the source code [19] TV, music, and more. It is heavily customizable, and supports
is hosted on GitHub. numerous skins, plugins, and a variety of remote control devic-
es (including its own custom Android remote for your phone).
GnuCash Although we didn’t cover Kodi in-depth this year, it kept
GnuCash [20] is a cross-platform open source desktop popping up in articles on building a home Linux music server
solution for managing your personal and small business ac- [26], media management tools [27], and even a previous poll
counts. Jason Baker included GnuCash in our roundup [21] on favorite open source video players [28].
of the open source alternatives to Mint and Quicken for per- The source code [29] to Kodi can be found on GitHub
sonal finance. under a GPLv2 [30] license.
GnuCash “features multi-entry bookkeeping, can import
from a wide range of formats, handles multiple currencies, MyCollab
helps you create budgets, prints checks, creates custom re- MyCollab [31] is a suite of tools for customer relationship
ports in Scheme, and can import from online banks and pull management, document management, and project manage-
stock quotes for you directly.” ment. Community Moderator Robin Muilwijk covered the de-
You can find GnuCash’s source code [22] on GitHub under tails of the project management tool MyCollab-Project in his
a GPL version 2 or 3 license [23]. roundup of “Top 11 project management tools for 2016” [32].
An honorable mention goes to GnuCash alternative KMy- “MyCollab-Project includes many features, like a Gantt
Money [24], which also received a nomination for our list, and chart and milestones, time tracking, and issue management.
is another great option for keeping your finances in Linux. It also supports agile development models with its Kanban
board. MyCollab-Project comes in three editions, of which the
Kodi community edition [33] is the free and open source option.”
Kodi [25] is an open source media center solution, formerly Installing MyCollab requires a Java runtime and MySQL
known as XBMC, which works on a variety of devices as a do- stack. Visit the MyCollab site [34] to learn how to contribute
it-yourselfer’s tool to building a set-top box for playing movies, to the project.

Open Source Yearbook 2016 .O pensource.com 59
MyCollab is AGPLv3 licensed and the source code is host- Roundcube
ed on GitHub. Roundcube [46] is a modern, browser-based email client that
provides much—if not all—of the functionality email users
OpenAPS may be used to with a desktop client. Featuring support for
OpenAPS [35] is another project that our moderators found more than 70 languages, integrated spell-checking, a drag-
interesting in 2016, but also one that we have yet to cover in and-drop interface, a feature-rich address book, HTML email
depth. OpenAPS, the Open Artificial Pancreas System proj- composition, multiple search features, PGP encryption sup-
ect, is an open source project devoted to improving the lives port, threading, and more, Roundcube can work as a drop-in
of people with Type 1 diabetes. replacement email client for many users.
The project includes “a safety-focused reference design [36], Roundcube was included along with four other solutions in
a toolset [37], and an open source reference implementa- our roundup of open source alternatives to Gmail [47].
tion” [38] designed for device manufacturers or any individ- You can find the source code [48] to Roundcube on GitHub
ual to be able to build their own artificial pancreas device to under a GPLv3 license. In addition to downloading and in-
be able to safely regulate blood glucose levels overnight by stalling the project directly, you can also find it inside many
adjusting insulin levels. Although potential users should ex- complete email server packages, including Kolab Groupware
amine the project carefully and discuss it with their health- [49], iRedMail [50], Mail-in-a-Box [51], and mailcow [52].
care provider before trying to build or use the system them- That’s it for our list. What was your favorite open source
selves, the project founders hope opening up technology project in 2016?
will accelerate the research and development pace across
the medical devices industry to discover solutions and bring Resources
them to market even faster. [1] https://atom.io/
[2] https://opensource.com/life/16/2/culture-pluggable-open-
OpenHAB source
OpenHAB [39] is a home automation platform with a plug- [3] https://github.com/atom/atom/blob/master/CONTRIBUTING.md
gable architecture. Community Moderator D Ruth Bavousett [4] https://github.com/atom/atom
wrote about OpenHAB [40] after buying a home this year [5] http://discuss.atom.io/
and trying it out. [6] http://atom-slack.herokuapp.com/
“One of the interesting modules I found was the Blue- [7] https://raw.githubusercontent.com/atom/atom/master/
tooth binding; it can watch for the presence of specific Blue- LICENSE.md
tooth-enabled devices (your smartphone, and those of your [8] https://github.com/atom/atom
children, for instance) and take action when that device ar- [9] http://www.eclipse.org/che/
rives or leaves—lock or unlock doors, turn on lights, adjust [10] https://opensource.com/life/16/11/introduction-eclipse-che
your thermostat, turn off security modes, and so on.” [11] https://www.eclipse.org/che/getting-started/cloud/
Check out the full list of binding and bundles [41] that pro- [12] https://www.eclipse.org/che/getting-started/download/
vide integration and communication with social networks, [13] https://bitnami.com/stack/eclipse-che
instant messaging, cloud IoT platforms, and more. [14] https://github.com/eclipse/che/
OpenHAB is EPL licensed and the source code is hosted [15] https://github.com/eclipse/che/blob/master/LICENSE
on GitHub. [16] http://www.freecadweb.org/
[17] https://opensource.com/alternatives/autocad
OpenToonz [18] https://github.com/FreeCAD/FreeCAD/blob/master/COPYING
OpenToonz [42] is production software for 2D animation. [19] https://github.com/FreeCAD/FreeCAD
Community Moderator Joshua Allen Holm reported [43] on [20] https://www.gnucash.org/
its open source release in March 2016, and it has been [21] https://opensource.com/life/16/1/3-open-source-personal-
mentioned in other animation-related articles on Open- finance-tools-linux
source.com, but we haven’t covered it in depth. Stay tuned [22] https://github.com/Gnucash/
for that. [23] https://github.com/Gnucash/gnucash/blob/master/LICENSE
In the meantime, we can tell you that there are a number [24] https://kmymoney.org/
of features unique to OpenToonz, including GTS, which is [25] https://kodi.tv/
a spanning tool developed by Studio Ghibli, and a plug-in [26] https://opensource.com/life/16/1/how-set-linux-based-
effect SDK [44] for image processing. music-server-home
To discuss development and video research topics, [27] https://opensource.com/life/16/6/tinymediamanager-catalogs-
check out the forum [45] on GitHub. OpenToonz source your-movie-and-tv-files
code is hosted on GitHub and the project is licensed under [28 https://opensource.com/life/15/11/favorite-open-source-
a modified BSD license. video-player

60 Open Source Yearbook 2016 .O pensource.com
[29] https://github.com/xbmc/xbmc [43] https://opensource.com/life/16/3/weekly-news-march-26
[30] https://github.com/xbmc/xbmc/blob/master/LICENSE.GPL [44] https://github.com/opentoonz/plugin_sdk
[31] https://community.mycollab.com/ [45] https://github.com/opentoonz/opentoonz/issues
[32] https://opensource.com/business/16/3/top-project- [46] https://roundcube.net/
management-tools-2016 [47] https://opensource.com/alternatives/gmail
[33] https://github.com/MyCollab/mycollab [48] https://github.com/roundcube/roundcubemail
[34] https://community.mycollab.com/docs/developing-mycollab/ [49] http://kolab.org/
how-can-i-contribute-to-mycollab/ [50] http://www.iredmail.org/
[35] https://openaps.org/ [51] https://mailinabox.email/
[36] https://openaps.org/reference-design [52] https://mailcow.email/
[37] https://github.com/openaps/openaps
[38] https://github.com/openaps/oref0/
[39] http://www.openhab.org/ Author
[40] https://opensource.com/life/16/4/automating-your-home- Jen Wike Huger is the Content Manag-
openhab er for Opensource.com. Follow her on
[41] http://www.openhab.org/features/supported-technologies.html Twitter @jenwike and see her extended
[42] https://opentoonz.github.io/e/index.html portfolio at Jen.io.

Transparency. Adaptability. Inclusivity.
Community. Collaboration.

It's open. For business.
opensource.com/open-organization

Open Source Yearbook 2016 .O pensource.com 61
LEARNING
.............. ..
.............

Publisher’s picks: Hot 2016
open source books
BOOK PUBLISHERS share their picks for must-read
2016 open source-related book releases.

No Starch Press Practical Forensic Imaging [4]
By Bruce Nikkel
(Contributed by Anna Morrow)
320 Pages
The Car Hacker’s Handbook [1] Published: September 2016
By Craig Smith
304 Pages When forensic investigations involve dig-
Published: March 2016 ital activity, the proper handling of media
evidence is critical. Practical Forensic
With its focus on low-cost, open source Imaging takes a detailed look at how
hacking tools, The Car Hacker’s Hand- to use open source command=line tools to secure and
book will give you a deeper understanding manage digital evidence. Author Bruce Nikkel walks you
of the computer systems and embedded through the entire forensic acquisition process and covers
software in modern vehicles. The book begins by examining practical scenarios and situations related to the imaging
vulnerabilities and providing detailed explanations of commu- of storage media. Practical Forensic Imaging is an invalu-
nications over the CAN bus and between devices and sys- able resource for experienced digital forensic investigators
tems. You’ll learn how to build an accurate threat model for wanting to advance their Linux skills and experienced Linux
your vehicle, reverse engineer the CAN bus to fake engine administrators wanting to learn digital forensics.
signals, exploit vulnerabilities, build physical and virtual test
benches, and much more. If you’re curious about automotive Scratch Programming Playground [5]
security, The Car Hacker’s Handbook is for you. By Al Sweigart
288 Pages
Electronics for Kids [2] Published: September 2016
By Øyvind Nydal Dahl
328 Pages Scratch is the standard language for
Published: July 2016 teaching kids to program, with more than
14-million users worldwide. In Scratch
Electronics for Kids is perfect for feeding Programming Playground, kids can learn
kids’ natural curiosity about electronics to program by making cool games. Each game includes
through hands-on projects. Kids (and the easy-to-follow instructions, review questions, and creative
adults in their lives!) will build projects coding challenges that allow kids to make the games their
like an electronic coin tosser, an electromagnet, an electric own. Kids will make games like Maze Runner, Snake, a
motor, an intruder alarm, a musical instrument, a touch sen- Fruit Ninja clone, a remake of Breakout, and even a game
sor LED circuit, and even a lemon-powered LED light. Along inspired by Super Mario Bros. From the author of fan favorite
the way, they’ll learn how current, voltage, and circuits work. Automate the Boring Stuff with Python, Scratch Program-
With clear explanations and fun projects, this book will have ming Playground proves that learning to program isn’t dreary
kids building their own circuits in no time. when you make a game of it. To read more from Al Sweigart,
To read more from Øyvind Nydal Dahl, author of Electronics author of Scratch Programming Playground, visit his Open-
for Kids, visit his Opensource.com author page [3]. source.com author page [6].

62 Open Source Yearbook 2016 .O pensource.com
• Use ESLint, Flow, and Jest tools to check and test your
Wicked Cool Shell Scripts, 2nd Edition [7] code as your app evolves
By Dave Taylor and Brandon Perry • Manage communication between components with Flux
392 Pages
Published: October 2016
Reactive Programming with RxJava [10]
An update to the beloved first edition, Creating Asynchronous, Event-Based
the second edition of Wicked Cool Shell Applications
Scripts offers a collection of useful, cus- By Tomasz Nurkiewicz, Ben Christensen
tomizable, and fun shell scripts for solv- 372 Pages
ing common problems and personalizing your computing Published: October 2016
environment. This edition features 23 brand-new scripts,
such as a ZIP code lookup tool, a bitcoin address information In today’s app-driven era, when pro-
retriever, image processing and editing tools, and classic grams are asynchronous and respon-
games like hangman. Whether you want to save time man- siveness is so vital, reactive programming can help you write
aging your system or just find new ways to goof off, you’ll code that’s more reliable, easier to scale, and better-per-
love these wicked cool scripts. forming. With this practical book, Java developers will first
To read more from Dave Taylor, author of Wicked Cool Shell learn how to view problems in the reactive way, and then
Scripts, 2nd Edition, visit his Opensource.com author page [8]. build programs that leverage the best features of this excit-
ing new programming paradigm.
Authors Tomasz Nurkiewicz and Ben Christensen include
O’Reilly Media concrete examples that use the RxJava library to solve re-
al-world performance issues on Android devices as well as
(Contributed by Susan Conant)
the server. You’ll learn how RxJava leverages parallelism
React: Up & Running [9] and concurrency to help you solve today’s problems. This
Building Web Applications book also provides a preview of the upcoming 2.0 release.
By Stoyan Stefanov
222 Pages • Write programs that react to multiple asynchronous
Published: July 2016 sources of input without descending into “callback hell”
• Get to that aha! moment when you understand how to
Hit the ground running with React, the solve problems in the reactive way
open-source technology from Facebook • Cope with Observables that produce data too quickly to
for building rich web applications fast. be consumed
With this practical guide, Yahoo! web developer Stoyan • Explore strategies to debug and to test programs written
Stefanov teaches you how to build components—React’s in the reactive style
basic building blocks—and organize them into maintainable, • Efficiently exploit parallelism and concurrency in your
large-scale apps. If you’re familiar with basic JavaScript programs
syntax, you’re ready to get started. • Learn about the transition to RxJava version 2
Once you understand how React works, you’ll build a
complete custom Whinepad app that helps users rate wines
and keep notes. You’ll quickly learn why some developers Learning Node, 2nd Edition [11]
consider React the key to the web app development puzzle. Moving to the Server-Side
By Shelley Powers
• S et up React and write your first “Hello world” web app 288 Pages
• Create and use custom React components alongside Published: May 2016
generic DOM components
• Build a data table component that lets you edit, sort, Take your web development skills from
search, and export its contents browser to server with Node—and learn
• Use the JSX syntax extension as an alternative to func- how to write fast, highly scalable network
tion calls applications on this JavaScript-based platform. Updated for
• Set up a lean, low-level build process that helps you the latest Node Long Term Support (LTS) and Node Cur-
focus on React rent (6.0) releases, this hands-on edition helps you master
• Build a complete custom app that lets you store data on Node’s core fundamentals and gain experience with several
the client built-in and contributed modules.

Open Source Yearbook 2016 .O pensource.com 63
LEARNING
.............. ..
.............
Get up to speed on Node’s event-driven, asynchronous • A
dvanced methods for model evaluation and parameter
I/O model for developing data-intensive applications that tuning
are frequently accessed but computationally simple. If • The concept of pipelines for chaining models and encap-
you’re comfortable working with JavaScript, this book sulating your workflow
provides many programming and deployment examples • Methods for working with text data, including text-specific
to help you take advantage of server-side development processing techniques
with Node. • Suggestions for improving your machine learning and
data science skills
• E xplore the frameworks and functionality for full-stack
Node development
• Dive into Node’s module system and package manage- Arduino: A Technical Reference [13]
ment support A Handbook for Technicians, Engineers, and
• Test your application or module code on the fly with Makers
Node’s REPL console By J. M. Hughes
• Use core Node modules to build web applications and an 638 Pages
HTTP server Published: May 2016
• Learn Node’s support for networks, security, and sockets
• Access operating system functionality with child processes Rather than yet another project-based
• Learn tools and techniques for Node development and workbook, Arduino: A Technical Refer-
production ence is a reference and handbook that thoroughly describes
• Use Node in microcontrollers, microcomputers, and the the electrical and performance aspects of an Arduino board
Internet of Things and its software. This book brings together in one place all
the information you need to get something done with Ardui-
no. It will save you from endless web searches and digging
Introduction to Machine Learning through translations of datasheets or notes in project-based
with Python [12] texts to find the information that corresponds to your own
A Guide for Data Scientists particular setup and question.
By Andreas C. Müller, Sarah Guido Reference features include pinout diagrams, a discussion
392 Pages of the AVR microcontrollers used with Arduino boards, a look
Published: September 2016 under the hood at the firmware and run-time libraries that
make the Arduino unique, and extensive coverage of the
Machine learning has become an inte- various shields and add-on sensors that can be used with
gral part of many commercial applica- an Arduino. One chapter is devoted to creating a new shield
tions and research projects, but this field is not exclusive to from scratch. The book wraps up with detailed descriptions
large companies with extensive research teams. If you use of three different projects: a programmable signal generator,
Python, even as a beginner, this book will teach you practical a “smart” thermostat, and a programmable launch sequenc-
ways to build your own machine learning solutions. With all er for model rockets. Each project highlights one or more
the data available today, machine learning applications are topics that can be applied to other applications.
limited only by your imagination.
You’ll learn the steps necessary to create a successful
machine-learning application with Python and the scikit- Packt
learn library. Authors Andreas Müller and Sarah Guido
(Contributed by Richard Gall)
focus on the practical aspects of using machine learning
algorithms, rather than the math behind them. Familiarity C#6 and .NET Core [14]
with the NumPy and matplotlib libraries will help you get By Mark J. Price
even more from this book. 550 Pages
With this book, you’ll learn: Published: March 2016

• Fundamental concepts and applications of machine There’s a lot of talk about open source
learning going mainstream—Microsoft’s launch
• Advantages and shortcomings of widely used machine of .NET Core in June 2016 confirmed
learning algorithms that fact. It redefined the way the devel-
• How to represent data processed by machine learning, opment world saw one of the most established tech giants,
including which data aspects to focus on and appeared to be an admission that the world hadn’t been

64 Open Source Yearbook 2016 .Opensource.com
going in the direction they thought it would decades earlier. Smart Internet of Things Projects [17]
This book provides developers with a comprehensive look at By Agus Kurniawan
Microsoft’s powerful language and impressive open-source 258 Pages
framework, designed to give readers fluency and confidence Published: September 2016
to build cross-platform applications. At 550 pages, there’s
just about everything you’d need to know, which means it The Internet of Things has been a
acts both as a great tutorial and a reliable resource. Open buzzword for a little while now, but this
source might mean rapid change and constant iteration, but year we’ve started to see it become
this book provides readers with a stable and trusted source more of a reality. And the point, really,
of knowledge. is simple—you’ve just got to build it yourself. The book in-
cludes fun real-world projects, from building an automomous
remote control car to speech technology, and is a great way
Learning Angular 2 [15] to help you get creative.
By Pablo Deeleman
352 Pages ReactJS Blueprints [18]
Published: May 2016 By Sven A. Robbestad
422 Pages
Angular 2 was easily the most antici- Published: July 2016
pated software release of 2016. Google
kept the world waiting—it wasn’t until Angular 2 might have been hotly antici-
May that we properly got to see what pated in 2016, but React has slowly been
the new framework actually looked like. That was when taking a hold of the JavaScript imagina-
Packt released Learning Angular 2, a no nonsense and tion for a couple of years now—in 2016,
fast paced guide to the new features of the framework. Facebook’s impressive library went mainstream. It’s also a tool
Showing readers how to build Angular 2 components, that highlights the nature of the web today: dynamic, fast, and
demonstrating how to get to grips with the TypeScript lightweight in our data intensive age. ReactJS Blueprints takes
syntax and working with directives and services, the book you straight into React, showing readers how to build a com-
brings together everything the curious and ambitious web plete application with the library. It doesn’t just teach—it demon-
developer needs to get started with this cutting-edge strates how React works by showing you how to use it yourself.
framework.
Resources
[1] https://www.nostarch.com/carhacking
Getting Started with TensorFlow [16] [2] https://www.nostarch.com/electronicsforkids
By Giancarlo Zaccone [3] https://opensource.com/users/oyvdahl
180 Pages [4] https://www.nostarch.com/forensicimaging
Published: July 2016 [5] https://www.nostarch.com/scratchplayground
[6] https://opensource.com/users/alsweigart
TensorFlow was the surprise hit of [7] https://www.nostarch.com/wcss2
2016. But we probably shouldn’t have [8] https://opensource.com/users/davetaylor
been so surprised. With machine [9] http://shop.oreilly.com/product/0636920042266.do
learning becoming one of the biggest [10] http://shop.oreilly.com/product/0636920042228.do
trends across the technology world, the arrival of a tool [11] http://shop.oreilly.com/product/0636920046936.do
like TensorFlow, which is so easy—and enjoyable—to [12] http://shop.oreilly.com/product/0636920030515.do
use, was inevitable. Getting Started with TensorFlow does [13] http://shop.oreilly.com/product/0636920037880.do
exactly what it says on the cover—and it’s created spe- [14] https://www.packtpub.com/application-develop-
cifically for those people that want to get up and running ment/c-6-and-net-core-10
with machine learning as quickly as possible. From basic [15] https://www.packtpub.com/web-development/learning-
mathematics to neural networks and deep learning, this angular-2
book proves that using software in a smart and impactful [16] https://www.packtpub.com/big-data-and-business-
way doesn’t have to be a steep learning curve and doesn’t intelligence/getting-started-tensorflow
require you to wade through theory. [17] https://www.packtpub.com/hardware-and-creative/
smart-internet-things-projects
[18] https://www.packtpub.com/web-development/reactjs-
blueprints

Open Source Yearbook 2016 .O pensource.com 65
LEARNING
.............. ..
.............

8 fun Raspberry Pi
projects to try
BY ANDERSON SILVA

FOR MANY OF US 2016 flew by, and
we didn’t
complete all our New Year’s resolutions or mark everything
2. Kodi Media Center
Kodi Media Center is an open source media player that runs
in several different platforms. Formerly known as XBMC Me-
off our “2016 To Do” lists. I didn’t have nearly enough time to dia Center, it is one of the most popular projects for running
play with the Raspberry Pi this year, and my list of projects on a Raspberry Pi. (License: GPLv2)
I want to do keeps growing. In this article I’ve rounded up 8
recent Raspberry Pi projects that I haven’t made yet, but that • How to install Kodi on Raspberry Pi [5]
made it onto my “2017 To Do” list. • Official Kodi Wiki Raspberry Pi page [6]
• Tuukka’s Raspberry Pi Kodi installation tutorial [7]
Recent Raspberry Pi projects to try
See video demo at: https://youtu.be/4oMongjNslg.
1. Magic Mirror2
Magic Mirror 2 was created by Michael Teeuw. This proj- 3. Raspberry Pi Weather Station
ect allows you to convert your hall or bathroom mirror The Raspberry Pi Weather Station is a project created by Pe-
into a personal ter Kodermac that
assistant. Both provides all the infor-
the Raspberry mation to build your
Pi 2 and 3 are own weather station.
supported by Peter gives you the
this project, and code and recom-
you can count on mends the best type
a rapidly growing of sensors for this
community to help scientific project.
you build your
own Magic Mirror2. • Peter Koder-
(License: MIT) mac’s email:
peter@raspberry
• M ichael Teeuw’s weather.com
Twitter: • Raspberry Pi
@MichMich [1] Weather Station
Image by: Internet Archive Book Images. Modified by Opensource.com.
• M agic Mirror2 website [8]
site [2] • Raspberry Pi Weather Station GitHub [9]
• Michael Teeuw, Xony Labs [3]
• Michael Teeux’s Magic Mirror2 at GitHub [4] 4. Fedora 25 on a Pi
The Fedora 25 project is an open source operating system
See video demo at: https://player.vimeo.com/video/171152845. known for its simplicity, which makes it an excellent product

66 Open Source Yearbook 2016 .O pensource.com
for those new to open source development. Fedora 25 [10] 8. RTAndroid (Real-Time Android)
was recently released and is the first Fedora release with Running Android on a Raspberry Pi is being explored in
official support for the Raspberry Pi. Fedora 25 supports earnest, most notably at the Aachen University in Germa-
the Raspberry Pi B+ version 2 and 3. Non-official spins ny. The project is called RTAndroid (Real-Time Android)
of the Fedora distribution have been available in the past and, although still a work in progress, it is interesting and
(i.e., Pidora [11]). intriguing.
• Raspberry Pi 3 Android 7.0 with Google Play and Android
• F edora Wiki’s Raspberry Pi page [12] Root (video) [21]
• Pidora Fedora remix [13] • RTAndroid Raspberry Pi installation tutorial [22]

(I plan to review Fedora 25 on the Raspberry Pi in an upcom- See video demo at: https://youtu.be/Df-bMWONIYk.
ing article on Opensource.com.)
Resources
5. Pi Hole server-level ad blocking [1] https://twitter.com/MichMich
Raspberry Pi is useful for creating powerhouse ad blocking [2] https://magicmirror.builders/
on a network. Instead of blocking ads at the browser lev- [3] http://michaelteeuw.nl/tagged/magicmirror
el and having to manage the different extensions, why not [4] https://github.com/MichMich/MagicMirror
block ads for your entire network? That’s what Pi Hole will let [5] http://kodi.wiki/view/HOW-TO:Install_Kodi_on_Raspberry_Pi
you to do. It claims it blocks more than 100,000 ad-serving [6] http://kodi.wiki/view/raspberry_Pi
domains from your network. This may be the first project I try [7] http://mymediaexperience.com/raspberry-pi-xbmc-with-
when I have time. (License: GPLv2) raspbmc/
[8] http://www.raspberryweather.com/
• P i Hole site [14] [9] https://github.com/peterkodermac/Raspberry-Weather
• Pi Hole GitHub [15] [10] https://fedoramagazine.org/fedora-25-released/
[11] http://pidora.ca/
See video demo at: https://youtu.be/9Eti3xibiho. [12] https://fedoraproject.org/wiki/Raspberry_Pi
[13] http://pidora.ca/
6. RetroPi retro gaming machine [14] https://pi-hole.net/
The RetroPi retro gaming machine is an open source proj- [15] https://github.com/pi-hole/pi-hole
ect that transforms your Raspberry Pi into a time machine, [16] https://retropie.org.uk/
allowing you to enjoy some of good old games of the ‘70s, [17] https://github.com/RetroPie/RetroPie-Setup
‘80s, ‘90s and 2000s. (License: GPLv3) [18] https://github.com/RetroPie/RetroPie-Setup/wiki/Supported-
Systems
• R etroPi Gaming page [16] [19] https://www.hackster.io/FutureSharks/raspberry-pi-security-
• RetroPi setup GitHub [17] system-with-motion-detection-camera-bed172
• A list of supported emulators that run under RetroPie [18] [20] https://github.com/FutureSharks/rpi-security
[21] https://www.youtube.com/watch?v=Df-bMWONIYk
See video demo at: https://youtu.be/xvYX_7iRRI0. [22] https://git.embedded.rwth-aachen.de/rtandroid/downloads/
raspberry-pi/
7. Security system
A comprehensive tutorial by developer Max Williams ex- Author
plains how to build a security system with a Raspberry Pi, Anderson Silva is the Sr. Manager of Red
including a camera, a motion sensor, and notifications via Hat’s IT Platform Operations. He has
telegram. (License: GPLv2) been a Red Hatter since 2007. He is an
RHCE and RHCA and an active Fedora
• M otion-sensing Raspberry Pi security system page [19] Package maintainer.
• Raspberry Pi Security System GitHub [20]

Open Source Yearbook 2016 .O pensource.com 67
CREATING
.............. ..
.............

5 trends in open source
documentation
BY SHAUN MCCANCE

I’VE BEEN doing open source documentation for
a long time. Over the past decade,
there have been a lot of attitude shifts regarding authoring Image by: Internet Archive Book Images. Modified by Opensource.com.

and publishing. Some of these trends seem to go in cycles,
such as the popularity of semantic markup. The latest trends tools like it have drastically changed the way the entire soft-
move documentation closer to code, what many have called ware industry deals with documentation.
docs as code. Let’s look at a few of the larger themes in
documentation trends: 2. Lightweight languages
There have always been plenty of choices for documentation
1. Git source formats. There are semantic XML formats, and SGML
When I first started doing documentation work for GNOME [1], formats before that. There are TeX dialects and troff [6] dialects.
we wrote our documentation in DocBook [2] and stored it There are the source formats of word processors, page layout
in CVS repositories alongside our code. These days, most tools, and help authoring tools. There are the internal formats
GNOME documentation is written in Mallard [3] and stored of various wikis and content management systems. There’s
in a Git [4] repository (after a brief stint with SVN). Although HTML. And there are a handful of lightweight markup languag-
formats and tools have changed, the constant factor is that es that are designed to be easy to type in a text editor.
sources are stored in revision control [5], just like code. People are increasingly choosing lightweight markup lan-
It may seem odd to call this a trend when we’ve been do- guages for a number of reasons. They are usually easier to
ing it for so long, but a few things have changed, and some write, at least for simple things. They tend to play better with
of that revolves around what Git has brought to the table. Git version control systems, because they’re generally line orient-
is one of the decentralized version control systems that ar- ed. And they can help lower the barrier to entry for new contrib-
rived on the scene over the past decade or so. Some people utors, although you should be careful not to expect a change in
continue to use decentralized version control systems the source format alone to drive lots of contributors to your project.
same way they used CVS or SVN, but that doesn’t expose Lightweight markup languages have their downsides, too.
the real power of these systems. Documentation writers are The tools for working with them tend to be limited in scope,
increasingly proficient using Git for what it is. They’re cre- and don’t often provide the kind of data model you need to
ating development, staging, and production branches, and write other tools. They also don’t usually provide as much
they’re merging disparate contributions. This wasn’t as com- semantic information. With XML formats, for example, there
mon just a few years ago. are a wealth of tools for translation, validation, link checking,
Git is certainly not the only decentralized version control status reporting, and various types of testing and data ex-
system. There are also Bazaar and Mercurial, to name just traction. This kind of tooling isn’t currently as extensive for
two, and you will find writers wielding the same power with lightweight formats. So although lightweight formats might
those tools as well. But Git has taken the majority of the mind ease the barrier to entry for new contributors, they can also
share, thanks in large part to popular Git hosting sites. create new barriers to long-term maintenance. As with all
This is an area in which open source has lead the trend in things, there are always trade-offs.
the overall software documentation industry. A quick glance The three most popular lightweight formats [7] right now
at technical writing forums will show plenty of people across are Markdown, AsciiDoc, and reStructured Text. Markdown
the industry looking for information on how to effectively is the simplest, but it doesn’t offer much for anything but the
transition to Git. In the past, they may have stored their most basic documentation needs. It also comes in many
sources on a network drive with no revision control, or they different, slightly incompatible flavors, depending on which
may have used a proprietary management system. Git and processing tool you use. AsciiDoc [8] offers more semantics

68 Open Source Yearbook 2016 .O pensource.com
and more types of elements. It originally focused on being 5. Hosted documentation services
a front-end to DocBook, but it has grown to natively sup- Automatically publishing documentation sites with contin-
port lots of output formats. reStructuredText came from the uous integration is easier than ever, but now there are
Python community, and for a long time its use was largely hosted services that take care of everything for you. Just
limited to Python projects. It has grown in popularity lately pass them a Git repository, and they’ll automatically build,
due to hosting sites, such as Read the Docs [9]. publish, and host your documentation. The most well-
known example is Read the Docs. Originally coming out of
3. Static site generators the Python community, its ease of use has made it popular
Five years ago, the trend was to use wikis and blogging for all sorts of projects.
platforms to create documentation sites. They were easy to Whether free hosted documentation sites can be finan-
set up, and giving people accounts to contribute was easy. cially viable remains to be seen—to keep sites like that
Particularly brave people would even open their wiki to running costs money and people hours. If the sites can’t
anonymous contributions. These days, the trend is to keep maintain a certain level of quality, people will take their
sources in version control, then build and publish sites with documentation elsewhere. If you benefit from one of these
mostly static HTML files. free services, I encourage you to see how you can help
Generating static sites isn’t new. My first job out of college financially.
was working on internal tools used at a software company to I believe the hosted documentation services trend will con-
build and publish static files for tens of thousands of pages tinue. Smart people will figure out how to smooth the bumps.
of documentation. But static sites have become increasingly I also suspect we’ll start seeing paid hosted documentation
popular for projects of all sizes, for a number of reasons. services for proprietary software. Open source has led the
First, there are increasingly good off-the-shelf static site way on documentation technology over the past decade,
generators. Tools like Middleman [10] and Jekyll [11] are and it will continue to do so.
just as easy to deploy as a wiki or a blog. Unless you have
specialized needs, you no longer have to write and maintain Resources
your own site-generating tool. Static site generators have [1] https://wiki.gnome.org/DocumentationProject
become increasingly popular among web developers, and [2] https://opensource.com/life/15/8/markup-lowdown
technical writers get to ride that wave. [3] http://projectmallard.org/
Another reason static sites are more popular is that source [4] https://opensource.com/resources/what-is-git
hosting sites are easier to use, and a growing number of [5] https://opensource.com/life/16/7/systems-administra-
technical people use them. One of the draws of a wiki was tors-should-use-revision-control
that somebody could contribute without downloading any- [6] http://cgi.csc.liv.ac.uk/~ped/teachadmin/troff_intro.html
thing or installing special tools. If your source files are stored [7] https://opensource.com/life/16/8/why-i-love-these-mark-
in a hosting service like GitHub, anybody with a GitHub ac- up-languages
count can edit them right in their web browser and ask you to [8] https://opensource.com/life/15/10/asciidoc
merge their changes. [9] https://readthedocs.org/
[10] https://middlemanapp.com/
4. Continuous integration [11] https://jekyllrb.com/
Continuous integration [12] is the key that ties the previous [12] https://opensource.com/business/15/7/six-continuous-inte-
trends together. You can write your documentation in a sim- gration-tools
ple format, store it in Git and edit it on the web using a Git
hosting service, and publish a site from those sources. With Author
continuous integration, you don’t even need a human to kick Shaun McCance is an expert on open source documen-
off the publishing process. If you’re brave, you can publish tation. He’s contributed to many open source projects, in-
automatically after every commit to master, and you’ll have a cluding a decade-long stint as the GNOME documentation
nearly wiki-like experience for writers. team leader. He organizes the Open Help Conference &
Some projects will be more conservative and only publish Sprints, the only conference focused on documentation
from a production branch. But even when publishing from a and support in open source and open communities. Shaun
branch, continuous integration removes tedious human in- believes in the power of open communities, from making
tervention. You can also automatically publish staging sites software to opening a neighborhood
for development branches. grocery store. He works as the Commu-
Continuous integration isn’t just about publishing, either. nity Documentation Liaison at Red Hat,
Projects can use it to automatically test their documentation where he has the privilege of helping
for things like validity and link integrity, or to generate reports various open source projects build their
on status and coverage. documentation community.

Open Source Yearbook 2016 .O pensource.com 69
CREATING
.............. ..
.............

11 wonderful wearable
open source projects
BY RUTH SUEHLE

LEDS ARE ON everything, and almost every-
one you know has at least
tried a FitBit or similar device, whereas Google Glass
3. Stormtrooper voice changer
It’s never too early to start planning for Halloween or the
next sci-fi con. If you’ve been thinking it’s time for a set of
didn’t really take off. Despite several years of growth, Stormtrooper armor, you might as well sound the part, too.
whether wearable electronics are a fad, or here to keep Visit the Sparkfun site to learn how to build a Stormtrooper
growing from fun to truly functional is too early to tell. voice changer [4] to go in your helmet. See video demo at:
Judge for yourself—read through a few of our favorite http://bit.ly/2ilmVUd.
wearable projects from 2016. You might even get inspired
to start creating. 4. Cigarette-smoke detecting shirt
In more practical projects, a seventh grader used an Arduino
1. AsteroidOS LilyPad [5] to create a cigarette-smoke detecting shirt [6] to
Looking for open source in your smartwatch? AsteroidOS [1] encourage his dad to kick the habit. If you smoke while wear-
is, too. AsteroidOS is a work in progress and currently func- ing the shirt, it turns on an escalating series of LEDs labeled
tions only with the stinky breath, yel-
LG G Watch and low teeth, and lung
LG Watch Urbane, cancer. See video
Sony Smartwatch demo at: http://bit.
3, and ASUS Zen- ly/2i0nDcR.
Watch 2. But if you
have one of those 5. Pokémon Go
watches, you can patches with EL
test AsteroidOS by Panels
dual booting your Many of us spent a
watch. chunk of this sum-
mer’s free time on
2. Light show Pokémon Go. If
jacket you’re still playing,
Music fans should the folks over at
check out this light Sparkfun can help
Lead image by: The British Library and The U.S. National Archives. Modified by Opensource.com.
show jacket that re- you represent your
acts to music [2]. Created as a final project for the maker’s team with these EL panel patches [7]. And of course, if you’re
Music Technology and Applied Electronics degree, the jacket not a Pokémon fan, you can simply replace those images with
is based around an Arduino Mega [3] connected directly to your own favorite designs. If you need a more personal con-
a computer and can pulse differently according to pitch or nection to your team, try this similar project from 2014 to make
amplitude. See video demo at: http://bit.ly/2i0qD90. an EL tattoo [8]. See video demo at: http://bit.ly/2i0modP.

70 Open Source Yearbook 2016 .O pensource.com
6. Skintillates Conclusion
Leveling up on those tattoos, the Hybrid Ecologies Lab [9] If you want to get started building your own wearables, the
is working on Skintillates [10], electronics built into tempo- LilyPad and FLORA [19]. both featured in products above,
rary tattoos so that they flex with your skin. They can work are good places to start. There are plenty of resources, both
with assorted sensors for a variety of applications, such for buying supplies and project ideas, available across the
as checking your typing position or posture or controlling web. To get started with 3D-printed wearables, browse the
devices. Their goal is to replace the Arduino and Makey- fashion section of Thingiverse [20].
Makey [11] they’re currently built with and to develop their
own open source development board for further flexible Resources
wearables. See video demo at: http://bit.ly/2ilgMqS. 1. https://asteroidos.org/
2. http://www.instructables.com/id/Light-Show-Jacket-That-
7. Cosmic Bitcasting Reacts-to-Music/
Some of the earliest practical applications for wearables in- 3. https://www.arduino.cc/en/Main/arduinoBoardMega
volved environmental sensors. Cosmic Bitcasting [12] de- 4. https://learn.sparkfun.com/tutorials/vox-imperium-storm-
tects cosmic radiation with the goal of using the data to trooper-voice-changer
further cosmic radiation research. You can see the detector 5. https://www.arduino.cc/en/Main/ArduinoBoardLilyPad
in person at the Alchemists of Art and Science exhibition [13] 6. https://blog.arduino.cc/2016/07/27/kick-the-habit-with-a-
at the Ars Electronica Center in Linz, Austria. cigarette-smoke-detecting-shirt/
7. https://learn.sparkfun.com/tutorials/pokmon-go-patches-
8. threeASFOUR 3D-printed clothes with-el-panels
Beyond electronics—and sometimes with them—3D-printed 8. https://www.sparkfun.com/news/1394
clothes and shoes are getting more interesting (albeit per- 9. http://www.hybrid-ecologies.org
haps not more comfortable). For their Summer 2016 Interdi- 10. http://www.hybrid-ecologies.org/projects/12-skintillates
mensional collection [14], threeASFOUR [15] won the Fash- 11. http://www.makeymakey.com/
ion Design Award by the Cooper-Hewitt Smithsonian Design 12. http://afroditipsarra.com/
Museum. This collection worked to incorporate traditional 13. http://www.aec.at/radicalatoms/en/cosmic-bitcasting/
tailoring with 3D-printed surfaces. 14. https://vimeo.com/143647429
15. http://www.threeasfour.com/
9. LED matrix handbag 16. http://www.geekmomprojects.com/led-matrix-handbag-2-0-how-to/
Finally, if you’re going to have tech wearables, you’re going 17. http://www.thingiverse.com/thing:1833286
to need to accessorize. Try this LED matrix handbag [16]. 18. http://www.thingiverse.com/thing:237034
You can stream a pattern or a message across the LEDs. 19. https://www.adafruit.com/flora
Not only does the maker show you how to set up the matrix 20. http://www.thingiverse.com/explore/newest/fashion
and give you the code, she also shows you how to sew the
bag itself. See video demo at: http://bit.ly/2hwKCsy. Author
Ruth Suehle is the community leadership manager for Red
10. 3D-printed iris-blinking goggles Hat’s Open Source and Standards team. She’s co-author of
Then you can top off your outfit with these 3D-printed Raspberry Pi Hacks (O’Reilly, December 2013) and a senior
iris-blinking goggles [17]. See video demo at: http://bit. editor at GeekMom, a site for those who find their joy in both
ly/2hYjx2g. geekery and parenting. She’s a maker at
heart who is often behind a sewing ma-
11. NeoPixel tiara chine creating costumes, rolling fondant
Combine a 3D printer, Gemma microcontroller, sewable for an excessively large cake, or looking
NeoPixels, and a soldering iron to make a fun lighted ti- for the next great DIY project.You can
ara [18]. See video demo at: http://bit.ly/2ilri1f. find her on Twitter: @suehle.

Open Source Yearbook 2016 .O pensource.com 71
CREATING
.............. ..
.............

Top open source creative
tools in 2016 BY MÁIRÍN DUFFY

A FEW YEARS AGO, I gave a lightning
talk at Red Hat
Summit that took attendees on a tour of the 2012 open
source creative tools [1] landscape. Open source tools have The GIMP team is currently working toward the 2.10 re-
evolved a lot in the past few years, so let’s take a tour of lease; 2.8.18 [6] is the latest stable version. More excit-
2016 landscape. (See the online version of this article for ing is the unstable version, 2.9.4 [7], with a revamped user
additional images and video links at: http://red.ht/2ihvlvJ) interface featuring space-saving symbolic icons and dark
themes, improved color management, more GEGL-based
Core applications filters with split-preview, MyPaint brush support (shown
These six applications are the juggernauts of open source in screenshot below), symmetrical drawing, and com-
design tools. They are well-established, mature projects with mand-line batch processing. For more details, check out
full feature sets, stable releases, and active development the full release notes [8].
communities. All six applications are cross-platform; each is
available on Linux, OS X, and Windows, although in some
cases the Linux versions are the most quickly updated.
These applications are so widely known, I’ve also included
highlights of the latest features available that you may have
missed if you don’t closely follow their development.
If you’d like to follow new developments more closely, and
perhaps even help out by testing the latest development ver-
sions of the first four of these applications—GIMP, Inkscape,
Scribus, and MyPaint—you can install them easily on Linux
using Flatpak [2]. Nightly builds of each of these applications
are available via Flatpak by following the instructions [3] for
Nightly Graphics Apps. One thing to note: If you’d like to in-
stall brushes or other extensions to each Flatpak version of Inkscape
the app, the directory to drop the extensions in will be un- Inkscape [9] is a richly featured vector-based graphic design
der the directory corresponding to the application inside the workhorse. Use it to create simple graphics, diagrams, lay-
~/.var/app directory. outs, or icon art.
The latest stable version is 0.91 [10]; similarly to GIMP,
GIMP more excitement can be found in a pre-release version,
GIMP [4] celebrated its 20th anniversary in 2015 [5], mak- 0.92pre3, which was released November 2016. The pre-
ing it one of the oldest open source creative applications miere feature of the latest pre-release is the gradient mesh
out there. GIMP is a solid program for photo manipulation, feature [11] (demonstrated in screenshot below); new fea-
basic graphic creation, and illustration. You can start using tures introduce in the 0.91 release include power stroke
GIMP by trying simple tasks, such as cropping and resizing [12] for fully configurable calligraphic strokes (the “open”
images, and over time work into a deep set of functional- in “opensource.com” in the screenshot below uses power-
ity. Available for Linux, Mac OS X, and Windows, GIMP is stroke), the on-canvas measure tool, and the new symbols
cross-platform and can open and export to a wide breadth dialog [13] (shown in the right side of the screenshot be-
of file formats, including those popularized by its proprietary low). (Many symbol libraries for Inkscape are available on
analogue, Photoshop. GitHub; Xaviju’s inkscape-open-symbols set [14] is fantas-

72 Open Source Yearbook 2016 .O pensource.com
tic.) A new feature available in development/nightly builds editable vector layers. To try out the latest developments in
is the Objects dialog that catalogs all objects in a document MyPaint, I recommend installing the nightly Flatpak build,
and provides tools to manage them. although there have not been significant feature additions
since the 1.2.0 release.

Scribus
Scribus [15] is a powerful desktop publishing and page layout Blender
tool. Scribus enables you to create sophisticated and beau- Initially released in January 1995, Blender [21], like GIMP,
tiful items, including newsletters, books, and magazines, as has been around for more than 20 years. Blender is a pow-
well as other print pieces. Scribus has color management erful open source 3D creation suite that includes tools for
tools that can handle and output CMYK and spot colors for modeling, sculpting, rendering, realistic materials, rigging,
files that are ready for reliable reproduction at print shops. animation, compositing, video editing, game creation, and
1.4.6 [16] is the latest stable release of Scribus; the 1.5.x [17] simulation.
series of releases is the most exciting as they serve as a The latest stable Blender release is 2.78a [22]. The 2.78
preview to the upcoming 1.6.0 release. Version 1.5.3 fea- release was a large one and includes features such as the
tures a Krita file (*.KRA) file import tool; other developments revamped Grease Pencil 2D animation tool; VR rendering
in the 1.5.x series include the Table tool, text frame weld- support for spherical stereo images; and a new drawing tool
ing, footnotes, additional PDF formats for export, improved for freehand curves.
dictionary support, dockable palettes, a symbols tool, and
expanded file format support.

To try out the latest exciting Blender developments, you have
many options, including:

MyPaint • T
he Blender Foundation makes unstable daily builds [23]
MyPaint [18] is a drawing tablet-centric expressive drawing available on the official Blender website.
and illustration tool. It’s lightweight and has a minimal inter- • If you’re looking for builds that include particular in-devel-
face with a rich set of keyboard shortcuts so that you can opment features, graphicall.org [24] is a community-mod-
focus on your drawing without having to drop your pen. erated site that provides special versions of Blender (and
MyPaint 1.2.0 [19] is the latest stable release and in- occasionally other open source creative apps) to enable
cludes new features, such as the intuitive inking tool [20] artists to try out the latest available code and experiments.
for tracing over pencil drawings, new flood fill tool, layer • Mathieu Bridon has made development versions of Blend-
groups, brush and color history panel, user interface re- er available via Flatpak. See his blog post for details:
vamp including a dark theme and small symbolic icons, and Blender nightly in Flatpak [25].

Open Source Yearbook 2016 .O pensource.com 73
CREATING
.............. ..
.............
Krita • Latest stable: 0.97 (August 2016)
Krita [26] is a digital drawing application with a deep set of • Get the latest version with Flatpak [35]
capabilities. The application is geared toward illustrators,
concept artists, and comic artists and is fully loaded with ex- Shotcut
tras, such as brushes, palettes, patterns, and templates. Shotcut [36] is a free, open source, cross-platform video ed-
The latest stable version is Krita 3.0.1 [27], released in itor that started back in 2004 [37] and was later rewritten by
September 2016. Features new to the 3.0.x series include 2D current lead developer Dan Dennedy [38].
frame-by-frame animation; improved layer management and
functionality; expanded and more usable shortcuts; improve- • Latest stable: 16.11 (November 2016)
ments to grids, guides, and snapping; and soft-proofing. • 4K resolution support
• Ships as a tarballed binary

OpenShot Video Editor
Started in 2008, OpenShot Video Editor [39] is a free, open
source, easy-to-use, cross-platform video editor.

• Latest stable: 2.1 [40] (August 2016)

Utilities

SwatchBooker
SwatchBooker [41] is a handy utility, and although it hasn’t
Video tools been updated in a few years, it’s still useful. SwatchBooker
There are many, many options for open source video edit- helps users legally obtain color swatches from various man-
ing tools. Of the members of the pack, Flowblade [28] is a ufacturers in a format that you can use with other free and
newcomer and Kdenlive is the established, newbie-friendly, open source tools, including Scribus.
and most fully featured contender. The main criteria that may
help you eliminate some of this array of options is supported GNOME Color Manager
platforms—some of these only support Linux. These all have GNOME Color Manager [42] is the built-in color manage-
active upstreams and the latest stable versions of each have ment system for the GNOME desktop environment, the de-
been released recently, within weeks of each other. fault desktop for a bunch of Linux distros. The tool allows you
to create profiles for your display devices using a colorime-
Kdenlive ter, and also allows you to load/managed ICC color profiles
Kdenlive [29], which was initially released back in 2002, is a for those devices.
powerful non-linear video editor available for Linux and OS X
(although the OS X version is out-of-date). Kdenlive has a GNOME Wacom Control
user-friendly drag-and-drop-based user interface that accom- The GNOME Wacom controls [43] allow you to configure
modates beginners, and with the depth experts need. your Wacom tablet in the GNOME desktop environment; you
Learn how to use Kdenlive with an multi-part Kdenlive tu- can modify various options for interacting with the tablet, in-
torial series [30] by Seth Kenlon. cluding customizing the sensitivity of the tablet and which
monitors the tablet maps to.
• Latest Stable: 16.08.2 (October 2016)
Xournal
Flowblade Xournal [44] is a humble but solid app that allows you
Released in 2012, Flowblade [31], a Linux-only video editor, to hand write/doodle notes using a tablet. Xournal is
is a relative newcomer. a useful tool for signing or otherwise annotating PDF
documents.
• Latest Stable: 1.8 (September 2016)
PDF Mod
Pitivi PDF Mod [45] is a handy utility for editing PDFs. PDF Mod
Pitivi [32] is a user-friendly free and open source video editor. lets users remove pages, add pages, bind multiple single
Pitivi is written in Python [33] (the “Pi” in Pitivi), uses the GStream- PDFs together into a single PDF, reorder the pages, and ro-
er [34] multimedia framework, and has an active community. tate the pages.

74 Open Source Yearbook 2016 .O
pensource.com
SparkleShare Hydrogen
SparkleShare [46] is a git-backed file-sharing tool artists use Hydrogen [55] is an open source drum machine with an in-
to collaborate and share assets. Hook it up to a GitLab repo tuitive interface. It provides the ability to create and arrange
and you’ve got a nice open source infrastructure for asset various patterns using synthesized instruments.
management. The SparkleShare front end nullifies the inscru-
tability of git by providing a dropbox-like interface on top of it. Mixxx
Mixxx [56] is a four-deck DJ suite that allows you to DJ and mix
songs together with powerful controls, including beat looping,
Photography time stretching, and pitch bending, as well as live broadcast
your mixes and interface with DJ hardware controllers.
Darktable
Darktable [47] is an application that allows you to develop Rosegarden
digital RAW files and has a rich set of tools for the workflow Rosegarden [57] is a music composition suite that includes
management and non-destructive editing of photographic tools for score writing and music composition/editing and
images. Darktable includes support for an extensive range provides an audio and MIDI sequencer.
of popular cameras and lenses.
MuseScore
Entangle MuseScore [58] is a music score creation, notation, and edit-
Entangle [48] allows you to tether your digital camera to ing tool with a community of musical score contributors.
your computer and enables you to control your camera
completely from the computer.
Additional creative tools
Hugin
Hugin [49] is a tool that allows you to stitch together photos MakeHuman
in order to create panoramic photos. MakeHuman [59] is a 3D graphical tool for creating photore-
alistic models of humanoid forms.

2D animation Natron
Natron [60] is a node-based compositor tool used for video
Synfig Studio post-production and motion graphic and special effect design.
Synfig Studio [50] is a vector-based 2D animation suite that
also supports bitmap artwork and is tablet-friendly. FontForge
FontForge [61] is a typeface creation and editing tool. It al-
Blender Grease Pencil lows you to edit letter forms in a typeface as well as generate
I covered Blender above, but particularly notable from a re- fonts for using those typeface designs.
cent release is a refactored grease pencil feature [51], which
adds the ability to create 2D animations. Valentina
Valentina [62] is an application for drafting sewing patterns.
Krita
Krita [52] also now provides 2D animation functionality. Calligra Flow
Calligra Flow [63] is a Visio-like diagramming tool. (Available
for Linux, Mac OS X, and Windows.)
Music and audio editing
Helpful sites
Audacity There are a lot of toys and goodies to try out there. Need
Audacity [53] is popular, user-friendly tool for editing audio some inspiration to start your exploration? These websites
files and recording sound. and conference are chock-full of tutorials and beautiful cre-
ative works to inspire you get you going:
Ardour
Ardour [54] is a digital audio workstation with an interface • pixls.us [64]: Blog hosted by photographer Pat David that
centered around a record, edit, and mix workflow. It’s a little focuses on free and open source tools and workflow for
more complicated than Audacity to use but allows for au- professional photographers.
tomation and is generally more sophisticated. (Available for • David Revoy’s Blog [65] The blog of David Revoy, an im-
Linux, Mac OS X, and Windows.) mensely talented free and open source illustrator, concept

Open Source Yearbook 2016 .O pensource.com 75
CREATING
.............. ..
.............
artist, and advocate, with credits on several of the Blender [32] http://pitivi.org
Foundation films. [33] http://wiki.pitivi.org/wiki/Why_Python%3F
• The Open Source Creative Podcast [66]: Hosted by Open- [34] https://gstreamer.freedesktop.org/
source.com community moderator and columnist Jason [35] https://pitivi.wordpress.com/2016/07/18/get-pitivi-directly-
van Gumster [67], who is a Blender and GIMP expert, and from-us-with-flatpak/
author of Blender for Dummies [68], this podcast is direct- [36] http://shotcut.org
ed squarely at those of us who enjoy open source creative [37] http://permalink.gmane.org/gmane.comp.lib.fltk.general/2397
tools and the culture around them. [38] http://www.dennedy.org/
• Libre Graphics Meeting [69]: Annual conference for free [39] http://openshot.org
and open source creative software developers and the [40] http://www.openshotvideo.com/2016/08/openshot-21-
creatives who use the software. This is the place to find released.html
out about what cool features are coming down the pipeline [41] http://www.selapa.net/swatchbooker/
in your favorite open source creative tools, and to enjoy [42] https://help.gnome.org/users/gnome-help/stable/color.html.en
what their users are creating with them. [43] https://help.gnome.org/users/gnome-help/stable/wacom.
html.en
Resources [44] http://xournal.sourceforge.net/
[1] https://opensource.com/life/12/9/tour-through-open- [45] https://wiki.gnome.org/Apps/PdfMod
source-creative-tools [46] https://www.sparkleshare.org/
[2] https://opensource.com/business/16/8/flatpak [47] https://opensource.com/life/16/4/how-use-darktable-digital-
[3] http://flatpak.org/apps.html darkroom
[4] https://opensource.com/tags/gimp [48] https://entangle-photo.org/
[5] https://www.gimp.org/news/2015/11/22/20-years-of-gimp- [49] http://hugin.sourceforge.net/
release-of-gimp-2816/ [50] https://opensource.com/article/16/12/synfig-studio-animation-
[6] https://www.gimp.org/news/2016/07/14/gimp-2-8-18- software-tutorial
released/ [51] https://wiki.blender.org/index.php/Dev:Ref/Release_
[7] https://www.gimp.org/news/2016/07/13/gimp-2-9-4-released/ Notes/2.78/GPencil
[8] https://www.gimp.org/news/2016/07/13/gimp-2-9-4-released/ [52] https://opensource.com/tags/krita
[9] https://opensource.com/tags/inkscape [53] https://opensource.com/tags/audacity
[10] http://wiki.inkscape.org/wiki/index.php/Release_notes/0.91 [54] https://ardour.org/
[11] http://wiki.inkscape.org/wiki/index.php/Mesh_Gradients [55] http://www.hydrogen-music.org/
[12] https://www.youtube.com/watch?v=IztyV-Dy4CE [56] http://mixxx.org/
[13] https://inkscape.org/cs/~doctormo/%E2%98%85sym- [57] http://www.rosegardenmusic.com/
bols-dialog [58] https://opensource.com/life/16/03/musescore-tutorial
[14] https://github.com/Xaviju/inkscape-open-symbols [59] http://makehuman.org/
[15] https://opensource.com/tags/scribus [60] https://natron.fr/
[16] https://www.scribus.net/scribus-1-4-6-released/ [61] http://fontforge.github.io/en-US/
[17] https://www.scribus.net/scribus-1-5-2-released/ [62] http://valentina-project.org/
[18] http://mypaint.org [63] https://www.calligra.org/flow/
[19] http://mypaint.org/blog/2016/01/15/mypaint-1.2.0-released/ [64] http://pixls.us
[20] https://github.com/mypaint/mypaint/wiki/v1.2-Inking-Tool [65] http://davidrevoy.com/
[21] https://opensource.com/tags/blender [66] http://monsterjavaguns.com/podcast/
[22] http://www.blender.org/features/2-78/ [67] https://opensource.com/users/jason-van-gumster
[23] https://builder.blender.org/download/ [68] http://www.blenderbasics.com/
[24] http://graphicall.org/ [69] http://libregraphicsmeeting.org/2016/
[25] https://mathieu.daitauha.fr/blog/2016/09/23/blender-nightly-
in-flatpak/
[26] https://opensource.com/tags/krita Author
[27] https://krita.org/en/item/krita-3-0-1-update-brings-numerous- Máirín Duffy is a principal interaction
fixes/ designer at Red Hat. She is passionate
[28] https://opensource.com/life/16/9/10-reasons-flowblade- about software freedom, and free and
linux-video-editor open source tools, particularly in the cre-
[29] https://opensource.com/tags/kdenlive ative domain. Her favorite application is
[30] https://opensource.com/life/11/11/introduction-kdenlive Inkscape (http://inkscape.org).
[31] http://jliljebl.github.io/flowblade/

76 Open Source Yearbook 2016 .O pensource.com
.................... CREATING

Top open innovations
in 3D printing
BY TOM CALLAWAY

OPEN SOURCE continues to drive rapid in-
novation in the 3D printing
industry. This makes sense if you stop and think about it—a
Image by: Model is “Little Lizard” by loubie, CC-BY-NC

open source goodness that makes it possible. In 2016, the
3D printer exists to make other things. Combining that phi- Prusa I3 MK2 3D printer was released, and it is the first
losophy with free software and open source hardware helps printer to correct its geometry in all axes automatically. This
other people participate in improving the objects that it makes, means that you no longer have to be as concerned about
and in making the printers faster, smarter, and cleaner. how precisely the printer is assembled or calibrated—the
Here are a few of my favorite open source 3D printing firmware included in the printer will do everything it can to
innovations from 2016: ensure that the prints come out perfect. The printer uses
nine special calibration points on the printer bed, combined
Prusa i3 MK2 with a probe that detects those points, then determines
the deviation (if any) on the X and Y axes. This allows the
Figure 1: Courtesy of prusa3d.com
printer to recalculate and adjust for any skew. It uses the
same input to determine the Z height at all of the calibration
points and adjust as needed. This technique is called mesh
bed leveling and it eliminates most (if not all) imperfections
in the bed.
There’s a lot more math and engineering to explain how
all of this works, but the end result is better prints every time,
all powered with open source firmware and hardware. For a
deeper dive into how it works, learn more on the Prusa Print-
ers site [1] (or watch the demo video [2]).

Mechaduino
Figure 2: Hackaday.io [3]. CC BY-SA 4.0

Josef Průša is one of the core developers of the RepRap
project, and the line of printers that bears his name contin- 3D printers are usually powered by NEMA stepper motors.
ues to get better and better, without sacrificing any of the The motors turn belts, which cause the printer to move in

Open Source Yearbook 2016 .O pensource.com 77
CREATING
.............. ..
.............
three dimensions. The motors are cheap and simple, but not Lulzbot TAZ 6
terribly accurate. To get accuracy, you usually want to use in-
Figure 4: lulzbot.com [6]. CC BY-SA 4.0
dustrial servo motors, but they aren’t cheap or simple. Enter
Tropical Labs and their Mechaduino [4].
Mechaduino is an open source industrial servo con-
trol platform that provides a combination of the low cost of
mass-produced stepper motors with high-resolution accu-
racy. Their vision is to be the “Arduino for mechatronics”.
Although this innovative board will have a big impact on a
number of different electronics projects, the fact that this can
be a drop-in addition to most 3D printers makes it very ex-
citing to me. Lots of people agreed, as this easily got funded
via Kickstarter, reaching 855% of their goal.

3D printing with clay
Figure 3: Tom Lauerman. CC BY-SA 4.0

I am a huge fan of the Lulzbot printers, and the TAZ 6,
released in 2016, is no different. There is a reason that
it is “Earth’s highest rated desktop 3D printer,” and that
reason is freedom. Everything that goes into the TAZ 6
is free as in freedom [7]—the firmware that drives it,
the parts that compose it, the software that controls it—
there is no secret sauce in this printer. The TAZ 6 is yet
another proof point that open source does not mean
sloppy or beta.
The printer itself contains a large number of 3D-printed
pieces, printed on a fleet of other TAZ printers. Freedom
and open source are part of the Lulzbot DNA, and the
parent company (Aleph Objects) actively works with their
community to come up with hacks, improvements, and
modifications to make the printer more robust, accurate,
and intelligent. The result of this transparency, remixing,
Most 3D printers use plastic filament or resin. A few use and collaboration is a simple yet powerful 3D printing ex-
more exotic materials, such as sugar or chocolate, but Tom perience that appeals to an audience from students to
Lauerman wanted to use clay. Lauerman, an assistant pro- maker gurus.
fessor at Penn State, designed his own 3D printer in col- (Full disclosure: We use Lulzbot 3D printers in the Red
laboration with the University’s Learning Factory program Hat 3D printing lab at the Red Hat headquarters in Raleigh,
and the Center for Innovative Material Processing through North Carolina.)
Direct Digital Deposition (CIMP-3D). Unlike some academ-
ic printer projects, the Bricoleur Clay Extruder [5] wasn’t Open source bioprinting
built from scratch, patented, documented in an academic Early in 2016, Ourobotics [9], an Irish 3D bioprinting start-
paper that few would ever read, and then shelved in a dusty up, introduced the Renegade, an open source bioprinter that
basement on campus. Lauerman built upon existing open can be assembled for under US$ 900. This printer is based
source 3D clay print head designs, and as a result, he re- on Richard Horne’s Universal Paste Extruder [10]. For much
mained committed to releasing all of his designs under an of the 3D printing community, bioprinting is seen as a holy
open source license so that others could print and improve grail of the technology. If we can print replacement organs,
upon his design. then we can improve and save lives around the world. We’re

78 Open Source Yearbook 2016 .O pensource.com
not quite there yet, but Ourobotics saw the value of innovat- Resources
ing in the open source way to help us get to that goal faster [1] http://prusaprinters.org/first-printer-to-automatically-
and more affordably. correct-geometry-in-all-axes/
Sadly, in August, the CEO of Ourobotics, Jemma Redmond [2] http://bit.ly/2i8Xt5r
passed away unexpectedly. One of the small comforts of open [3] https://hackaday.io/project/11224-mechaduino
source work is the knowledge that those projects can live on, [4] http://tropical-labs.com/index.php/mechaduino
even after we are gone from this world. [5] http://www.thingiverse.com/thing:1413969
[6] https://www.lulzbot.com/
Figure 5: RichRap [8]. CC BY-SA 4.0
[7] https://www.gnu.org/philosophy/free-sw.en.html
[8] http://www.thingiverse.com/thing:20733
[9] http://ouro-botics.com/
[10] http://www.thingiverse.com/thing:20733

Author
Tom Callaway has been a Red Hat employee since 2001
and is the co-author of Raspberry Pi Hacks (O’Reilly, 2014).
Currently he leads the Education Outreach team at Red Hat
to promote FOSS in schools. He maintains or co-maintains a
large number of packages in Fedora (350+), and is respon-
sible for managing Fedora’s legal issues. Tom frequently
represents Fedora and free software at
conferences around the world, and tries
his best not to make too big of a fool of
himself. When not working, Tom enjoys
geocaching, ice hockey, gaming, science
fiction, 3D printing, traveling, and pinball.

Open Source Yearbook 2016 .O pensource.com 79
Most Likely to Succeed
10 open source projects
to watch in 2017 BY JASON BAKER

Yarn
NO ONE has a crystal ball to see the future of tech-
nology. Even for projects developed out in
the open, code alone can’t tell us whether or not a project is
Yarn [2] pitches itself as providing “fast, reliable, and secure
dependency management.” In short, it’s a modern replacement
destined for success—but there are hints along the way. for npm [3], a package manager built specifically for JavaScript
For example, per- developers, which
haps it’s not unrea- helped build the en-
sonable to assume thusiasm for using
that the projects JavaScript across
that will help shape the entire appli-
our future are those cation stack that
projects that have seems so prevalent
first seen rapid today. In addition to
growth and popular- its speed and se-
ity among the devel- curity features, yarn
oper community. also features off-line
So which new installs, advanced
projects should an dependency-man-
open source devel- agement features,
oper watch in 2017? and deterministic
Let’s take a look at Image by: Opensource.com, CC BY-SA 4.0 design to ensure
a few projects that that packages in-
emerged in 2016 to achieve rapid notoriety in the GitHub stalls across multiple machines should match identically.
community.
To develop this list, I went through GitHub with a focus on Create React App
projects whose repository was created in 2016, and looked A new project from Facebook’s incubator [4] project, Create
at the projects ranked by number of stars [1]. It’s not a per- React App [5] is, unsurprisingly, a template for creating Re-
fect system; there are, of course, repositories that contain act-based [6] applications without having to create a custom
something other than an open source project, and so these build configuration. Providing a simple command-line inter-
were omitted from the list. Of course, there also were many face for generating new application, it’s easy to create and
great projects introduced in 2016 whose development took deploy a simple application stack that gives developers the
place somewhere other than GitHub. Admittedly, the pro- power of the React framework.
cess of picking these 10 projects to watch for 2017 from a
pool of many choices was as much of an art as a science. Android Architecture Blueprints
But I still think these projects are worth keeping an eye on The Android Architecture Blueprints [7] repository is a great
in the new year. resource for learning from the UX team at Google best

80 Open Source Yearbook 2016 .O pensource.com
Most
Likely to
Succeed

practices for organizing and architecting an Android app. By
demonstrating several ways of handling common problems,
the repository provides a starting point for creating a new ap-
plication, or to inform a design decision in your existing app.

Hyper
For developers and system administrators, there are two
tools that one simply cannot live without: a web browser and
a terminal. Hyper [8] is an attempt to bring best attributes of
a web application to a terminal emulator, creating a modern
terminal experience with JavaScript, HTML, and CSS. Rely-
ing on web standards opens up customization and control to Source Yearbook [11]. Looking back at the growing inter-
a whole new audience who can use their existing JavaScript est in AI over the past 12 months, finding another Tensor-
skills to customize and optimize their terminal. Flow-related project in this year’s batch should come as
no surprise, with this repository of TensorFlow models [12]
Parse server earning more than 10,000 stars. Conducting tasks from
Parse server [9] is a Node.js-based open source back- name generation and learning, image to text processing,
end that makes it easy to migrate applications designed and classification, this is a great starting point for anyone
for Parse, after the announcement that the hosting service who wants to learn more about TensorFlow while getting
would be retired in early 2017. Designed to make creating their hands a little dirty.
web applications and APIs easier, Parse is cross-platform
and works everywhere that Node.js can be deployed. Anime
If you’re interested in web animation, give Anime [13] a look.
Bulma Anime is a JavaScript animation engine that works with
Designing a good-looking website or web application can CSS, SVG, the document object, and JavaScript objects to
be difficult, and made even more so by the complexity of bring animation and interactivity to any web-based project.
competing browser standards and the wide array of devices It’s cross-platform, working on all of the major browsers, and
your users are viewing from. Bulma [10] is a modern CSS is designed to make both simple and complex animations
framework designed to be responsive and modular, easing easy to implement.
development for UX teams trying to design interfaces that
flow naturally. Swift Algorithm Club
Another of our top project from last year’s list was Swift,
TensorFlow models the open source language from Apple that has rapidly be-
TensorFlow, the Google-driven machine learning frame- come a developer favorite. In this year’s list is the Swift
work, was one of our top projects from the 2015 Open Algorithm Club [14], a collection of various algorithms and

Open Source Yearbook 2016 .O pensource.com 81
data structures implemented in Swift that you can use for Are there any projects you’re particularly interested in watch-
learning purposes or simply drop into your application. In- ing in 2017? Let us know about them—send us an article
cluding numerous sorting, searching, spanning, and tree proposal [21].
algorithms, Swift Algorithm Club is an amateur computer
scientist’s wishlist of code implementations. Resources:
[1] http://bit.ly/2ivEFgu
Weex [2] https://github.com/yarnpkg/yarn
The final entry in this year’s top 10 is Weex [15], a framework [3] https://www.npmjs.com/
designed to make developing a cross-platform user interface [4] https://github.com/facebookincubator
for mobile applications easier. Weex is designed to be fast, [5] https://github.com/facebookincubator/create-react-app
lightweight, and extensible, allowing you to get near native [6] https://facebook.github.io/react/
performance without having to write a different native app for [7] https://github.com/googlesamples/android-architecture
each platform. [8] https://github.com/zeit/hyper
[9] https://github.com/ParsePlatform/parse-server
Honorable mentions [10] https://github.com/jgthms/bulma
As I explained, a few new repositories were emerging on [11] https://opensource.com/life/15/12/most-likely-succeed-2016
GitHub this year that, by popularity, may have made this list, [12] https://github.com/tensorflow/models
but weren’t strictly speaking properly-licensed open source [13] https://github.com/juliangarnier/anime
projects. Here are a few of my favorites: [14] https://github.com/raywenderlich/swift-algorithm-club
[15] https://github.com/alibaba/weex
• H EAD [16]: A comprehensive list of the many uses for the [16] https://github.com/joshbuchea/HEAD
“head” section of an HTML document, from providing meta [17] https://github.com/jwasham/google-interview-university
information to browser directives to social sharing hints. [18] https://github.com/toddmotto/public-apis
• Google Interview University [17]: One developer’s self- [19] https://github.com/FallibleInc/security-guide-for-developers
study plan for moving from web developer to software [20] https://github.com/braydie/HowToBeAProgrammer
engineer—essentially, a computer science knowledge [21] https://opensource.com/story
checklist.
• Public APIs [18]: A list of publicly available APIs to return Author
JSON data on just about anything you can imagine, along Jason Baker is passionate about using technology to make
with links to their documentation. the world more open, from software development to bringing
• A security guide for developers [19]: A work in progress sunlight to local governments. He is par-
containing an outline and checklist for security-minded de- ticularly interested in data visualization/
velopers. analysis, DIY/maker culture, simulations/
• How to Be a Programmer [20]: A book about the hard and modeling, geospatial technologies, and
soft skills that are necessary to master in order to be suc- cloud computing, especially OpenStack.
cessful in a software development career. Follow him on Twitter: @jehb

82 Open Source Yearbook 2016 .O pensource.com
.................... OLD SCHOOL

How Linux got to be Linux:
Test driving 1993-2003 distros
BY SETH KENLON

A UNIQUE TRAIT of open source is that
it’s never truly EOL (End
of Life). The disc images mostly remain online, and their
licenses don’t expire, so going back and installing an old
version of Linux in a virtual machine and getting a precise Image by: Internet Archive Book Images. Modified by Opensource.com.

picture of what progress Linux has made over the years is
relatively simple. cd work, all the basic tools (gawk, cut, diff, perl, and of
We begin our journey with Slackware 1.01, posted to the course Volkerding’s favorite [2] elvis) are present and ac-
comp.os.linux.announce newsgroup well over 20 years ago. counted for, but some of the little things surprised me. BASH
courteously asks for confirmation when you try to tab-com-
Slackware 1.01 (1993) plete hundreds of files, and tools to inspect compressed
files (such as zless and zmore and zcat) already existed.
Figure 1: Slackware 1.01
In more ways than I’d expected, the system feels surpris-
ingly modern.
What’s missing is any notion of package management. All
installs and uninstalls are entirely manual, with no tracking.
Over all, Slackware 1.01 feels a lot like a fairly modern
UNIX—or more appropriately, it feels like modern UNIX
might feel to a Linux user. Most everything is familiar, but
there are differences here and there. Not nearly as much
a difference as you might expect from an operating system
released in 1993!

Debian 0.91 (1994)
To try Debian 0.91, I used the floppy disk images available
The best part about trying Slackware 1.01 is that there’s a on the Ibiblio digital archive [3], originally posted in 1994.
pre-made image in Qemu’s 2014 series [1] of free images, The commands to boot:
so you don’t have to perform the install manually (don’t get
used to this luxury). $ gunzip bootdsk.gz basedsk1.gz basedsk2.gz
$ qemu-system-i386 -M pc -m 64 -boot order=ac,menu=on \
$ qemu-kvm -m 16M -drive if=ide,format=qcow2,file=slackware.qcow2 \ -drive file=bootdisk,if=floppy,format=raw \
-netdev user,id=slirp -device ne2k_isa,netdev=slirp \ -drive file=debian.raw,if=ide,format=raw \
-serial stdio -redir tcp:22122::22 -device ne2k_isa,netdev=slirp \
-serial msmouse -vga std \
Many things in 1993’s version of Linux works just as -redir tcp:22122::22 \
you’d expect. All the basic commands, such as ls and -netdev user,id=slirp

Open Source Yearbook 2016 .O pensource.com 83
OLD SCHOOL .............. ..
.............
The bootdisk for Debian 0.91 boots to a simple shell, with is installed by default, so if you didn’t intend to use it, you
clear instructions on the steps you’re meant to take next. had to opt out.
The install process is surprisingly smooth. It works off of An example /usr/lib/X11/XF86Config (this later became
a menu system with seven steps—from partitioning a hard Xorg.conf) file was provided, and that got me 90% of the
drive and writing the ext2 filesystem to it, all the way through way to a GUI, but fine-tuning vsync, hsync, and ramdac
to copying the basedsk images. This provided a minimal colormap overrides took me an entire weekend until I finally
Debian install with many of the familiar conventions any gave up.
modern Linux user would expect from their OS. Installing new packages on Jurix was simple; find a .tgz
Debian is now famous for its package management sys- on your sources drive, and run a routine tar command: $ su
tem, but there are mere hints of that in this early release. The -c 'tar xzvf foo.tgz -C /' The package gets unzipped
dpkg command exists, but it’s an interactive menu-based and unarchived to the root partition, and ready to use. I did
system—a sort of clunky aptitude, with several layers of this with several packages I hadn’t installed to begin with,
menu selections and, unsurprisingly, a fraction of available and found it easy, fast, and reliable.
packages.
Even so, you can sense the convenience factor in the de- SUSE 5.1 (1998)
sign concept. You download three floppy images and end
Figure 3: FVWM running on SuSE 5.1
up with a bootable system, and then use a simple text menu
to install more goodies. I sincerely see why Debian made a
splash.

Jurix/S.u.S.E. (1996)
Figure 2: Jurix installation

I installed SUSE 5.1 from a InfoMagic CD-ROM purchased
from a software store in Maryland in 1998.
A pre-cursor to SUSE, Jurix shipped with binary .tgz pack-
ages organized into directories resembling the structure of $ qemu-system-i386 -M pc-0.10 -m 64 \
Slackware’s install packages. The installer itself is also simi- -boot order=ad,menu=on \
lar to Slackware’s installer. -drive file=floppy.raw,if=floppy,format=raw \
-cdrom /dev/sr0 \
$ qemu-system-i386 -M pc -m 1024 \ -drive file=suse5.raw,if=ide,format=raw \
-boot order=ac,menu=on \ -vga cirrus -serial msmouse
-drive \
file=jurix/install,if=floppy,format=raw \ The install process was convoluted compared to those
-drive file=jurix.img,if=ide \ that came before. YaST volleyed configuration files and set-
-drive file=pkg.raw,if=ide,format=raw \ tings between a floppy disk and the boot CD-ROM, requiring
-device ne2k_isa,netdev=slirp \ several reboots and a few restarts as I tried to understand
-serial msmouse -vga std \ the sequence expected from me. Once I’d failed the process
-redir tcp:22122::22 \ twice, I got used to the way YaST worked, and the third time
-netdev user,id=slirp was smooth and very much a hint at the Linux user experi-
ence to come in later years.
Because I wasn’t specifically looking for the earliest instance, A GUI environment was my main goal for SUSE 5.1.
Jurix was the first Linux distribution I found that really “felt” The configuration process was familiar, with a few nice
like it intended the user to use a GUI environment. XFree86 [4] graphical tools (including a good XF86Setup frontend) to

84 Open Source Yearbook 2016 .O pensource.com
help test and debug mouse and monitor problems. It took The desktop bundled with Red Hat 6 was, as it still is,
less than an hour to get a GUI up and running, and most GNOME, but the window manager was an early Enlighten-
of the delay was caused by my own research on what res- ment [5], which also provided the main sound daemon. Xdm
olutions and color depths Qemu’s virtualized video card and gdm were both provided as login managers so that nor-
could handle. mal users could log in without having the permission to start
Included desktops were fvwm, fvwm2, and ctwm. I used or kill X itself, which is particularly important on multi-user
fvwm, and it worked as expected. I even discovered tkDesk, systems.
a dock and file manager combo pack that is surprisingly sim- Certain staple applications are missing; gedit didn’t
ilar to Ubuntu’s Unity launcher bar. exist yet, there’s no grand unified office application, and
The experience was, over all, very pleasant, and in terms there was no package manager to speak of. GnoRPM, a GUI
of getting a successful desktop up and running, SUSE 5.1 interface for RPM installation, review, and removal, was
was a rousing success. the closest to a yum or PackageKit experience it had, and
gnotepad+ is the GUI text editor (Emacs notwithstanding,
Red Hat 6.0 (1999) obviously).
Over all, though, the desktop is intuitive. Unlike later im-
Figure 4: Red Hat 6 running GIMP 1.x
plementations of GNOME, this early version featured a pan-
el at the bottom of the screen, with an application menu and
launcher icons and virtual desktop control in a central loca-
tion. I can’t imagine a user of another operating system at
the time finding this environment foreign.
Red Hat 6 was a strong entry for Linux, which was obvi-
ously moving seriously toward being a proper desktop OS.

Mandrake 8.0 (2001)
Figure 5: Mandrake: A turning point in Linux

The next install disc I happened to have lying around was
Red Hat 6.0. That’s not RHEL 6.0—just Red Hat 6.0. This
was a desktop distribution sold in stores, before RHEL or
Fedora existed. The disc I used was purchased in June
1999.

$ qemu-system-i386 -M pc-0.10 -m 512 \
-boot order=ad,menu=on \
-drive file=redhat6.raw,if=ide,format=raw \
-serial msmouse -netdev user,id=slirp \
-vga cirrus -cdrom /dev/sr0 Mandrake 8.0 was released in 2001, so it would have been
compared to, for instance, Apple OS 9.2 and Windows ME.
The installation was fully guided and remarkably fast. You I fell back on fairly old emulated tech to be safe.
never have to leave the safety of the install process, wheth-
er choosing what packages to install (grouped together in $ qemu-system-i386 \
Workstation, Server, and Custom groups), partitioning a -M pc-0.10 -m 2048 \
drive, or kicking off the install. -boot order=ad,menu=on \
Red Hat 6 included an xf86config application to step you -drive file=mandrake8.qcow2 \
through X configuration, although it strangely allowed some -usb -net nic,model=rtl8139 \
mouse emulation options that X later claimed were invalid. It -netdev user,id=slirp \
beat editing the Xf86Config file, but getting X correct was still -vga cirrus \
clearly not a simple task. -cdrom mandrake-8.0-i386.iso

Open Source Yearbook 2016 .O pensource.com 85
OLD SCHOOL .............. ..
.............
I’d thought the Red Hat installation process had been In 2003, the new Fedora Core distribution was released.
nice, but Mandrake’s was amazing. It was friendly, it gave Fedora Core was based on Red Hat, and was meant to
the user a chance to test configurations before continuing, it carry on the banner of desktop Linux once Red Hat En-
was easy and fast, and it worked almost like magic. I didn’t terprise Linux (RHEL) became the flagship product of the
even have to import my XF86Config file, because Mandrake’s company.
installer got it right. Nothing particularly special is required to boot the old
Fedora Core 1 disc:
Figure 6: Mandrake 8.0 installer

$ qemu-system-i386 -M pc \
-m 2048 -boot order=ac,menu=on \
-drive file=fedora1.qcow2 -usb \
-net nic,model='rtl8139' -netdev user \
-vga cirrus -cdrom fedora-1-i386-cd1.iso

Installing Fedora Core is simple and familiar; it uses the
same installer as Fedora and Red Hat for the next 9 years.
It’s a graphical interface that’s easy to use and easy to un-
derstand.

Figure 8: Anaconda GUI

Using the Mandrake desktop is a lot like using any given desk-
top of the time, actually. I was a little surprised at how similar
the experience was. I feel certain that if I’d somehow stumbled
into Mandrake Linux at this time, it actually wouldn’t have been
beyond my ability, even as a young and not very technical user.
The interfaces are intuitive, the documentation helpful, and
the package management quite natural, for a time when it still
wasn’t yet the mental default for people to just go to a website
and download an installer for whatever software they wanted.

Fedora 1 (2003)
The Fedora Core experience is largely indistinguishable
Figure 7: Blue Fedora, Red Hat
from Red Hat 6 or 7. The GNOME desktop is polished, there
are all the signature configuration helper applications, and
the presentation is clean and professional.
A Start Here icon on the desktop guides the user toward
three locations: an Applications folder, the Preferences pan-
el, and System Settings. A red hat icon marks the applica-
tions menu, and the lower GNOME panel holds all the latest
Linux application launchers, including the OpenOffice office
suite and the Mozilla browser.

The future
By the early 2000s, it’s clear that Linux has well and truly hit
its stride. The desktop is more polished than ever, the appli-
cations available want for nothing, the installation is easier
and more efficient than other operating systems. In fact, from
the early 2000s onward, the relationship between the user

86 Open Source Yearbook 2016 .Opensource.com
and the system is firmly established and remains basically Resources
unchanged even today. There are some changes, and [1] http://www.qemu-advent-calendar.org/2014
of course several updates and improvements and a stagger- [2] http://www.slackware.com/~volkerdi/
ing amount of innovation. [3] https://ibiblio.org/pub/historic-linux/distributions/
Project names come and go: debian-0.91/debian-0.91/dist
[4] http://www.xfree86.org/
• M andrake became Mandriva and then Mageia [6]; [5] http://enlightenment.org
• Fedora Core became just Fedora [7]; [6] http://mageia.org
• Ubuntu [8] popped up from Debian [9] and helped make [7] http://fedoraproject.org
“Linux” a household term; [8] http://ubuntu.com
• Valve has made SteamOS [10] the official basis for its [9] http://debian.org
gaming platform; and [10] http://store.steampowered.com/steamos
• Slackware [11] quietly continues to this day. [11] http://slackware.com

Whether you’re new to Linux, or whether you’re such an Author
old hand that most of these screenshots have been more bi- Seth Kenlon is an independent multime-
ographical than historical, it’s good to be able to look back at dia artist, free culture advocate, and UNIX
how one of the largest open source projects in the world has geek. He is one of the maintainers of the
developed. More importantly, it’s exciting to think of where Slackware-based multimedia production
Linux is headed and how we can all be a part of that, starting project, http://slackermedia.ml.
now, and for years to come.

W R I T E F O R U S
.............. ..
.............
Would you like to write for Opensource.com? Our editorial calendar includes upcoming themes, community columns, and
topic suggestions: https://opensource.com/calendar

Learn more about writing for Opensource.com at: https://opensource.com/writers

We're always looking for open source-related articles on the following topics:

Big data: Open source big data tools, stories, communities, and news.
Command-line tips: Tricks and tips for the Linux command-line.
Containers: Getting started with containers, best practices, security, news, projects, and case studies.
Education: Open source projects, tools, solutions, and resources for educators, students, and the
classroom.

Geek culture: Open source-related geek culture stories.
Hardware: Open source hardware projects, maker culture, new products, howtos, and tutorials.
High-performance computing: Open source tools, programs, projects, and howtos for research and
science.

Programming: Share your favorite scripts, tips for getting started, tricks for developers, tutorials, and tell us
about your favorite programming languages and communities.

Security: Tips and tricks for securing your systems, best practices, checklists, tutorials and tools, case
studies, and security-related project updates.

Open Source Yearbook 2016 .O pensource.com 87
OLD SCHOOL .............. ..
.............

Compute like it’s 1989 BY SETH KENLON

FOR MANY OF US, when we look around
at the state of comput-
ing in 2016, we nod and think, “Yes, today is what I expect-
People make complaints in modern computing about
bloat, and the cavalier answer is usually “CPU cycles are
cheap!”—or in other words, “I’d prefer to treat the symp-
ed when I thought about what The Future would be like.” tom rather than the cause.” In the old days, CPU cycles
Sure, we haven’t got flying cars yet, but today’s technology were prohibitively expensive, and even now, “cheap” isn’t
is flashy. We swipe fingers across screens instead of press- the same as “free.”
ing buttons, and For $89, you can
I’m told we are get a PocketCHIP [1]
all very excited and a keyboard, and
about all of the have a tiny comput-
latest virtual real- er ready to use at
ity headsets and any moment, but its
augmented reality CPU cycles are not
gadgets. cheap. What you
So now seems save on its cost and
as good a time as power requirement
any to look back you pay for in com-
at how people puting power, but
of the past used you’ll hardly notice,
to compute, and as long as you’re
back to the days okay with simplified
when a “desktop” Image by: LSE Library. Modified by Opensource.com. computing.
computer was so The same is true
called because it took up 80 percent of your desktop. The for server slices or instances on shared servers, or within
days when the term “computer” actually meant “a machine Crouton [2]. The computer is there for the taking, but you
for computation.” have to learn to conserve your resources, whether it’s band-
Why bother looking back 30-year-old computing? After all, width or CPU cycles or RAM.
the computers back then were clunky, slow, and awkward,
weren’t they? Sure, they were, but the great thing about liv- A workflow of your own
ing in The Future is that we have the power to look back Old computers weren’t the pre-fab ready-to-wear appliances
at the Old Ways and cherry pick information from them for that we’re used to now. Hardware is neat, but I’m not talking
modern technology. The truth is, there’s power in simplicity, about the hardware. The stuff we interact with on a daily ba-
and old computing was simple out of necessity. sis is the software, and “integrated” software is a relatively
new idea.
Survival of the thriftiest Back before big monolithic applications got dumped
Have you ever played a survival video game? The kind in onto the unsuspecting public, software came in batches on
which you must survive a zombie apocalypse by hoarding “shareware” diskettes and BBSes. If you wanted to create
canned food and using rolling pins as weapons? Computers animation, you got software to help you draw images, used
are a little like that. more software to string images into an animated sequence,

88 Open Source Yearbook 2016 .O pensource.com
used other software to produce sound effects, and finally Midnight Commander (invoked as mc) is a DOS-style utility
used software to combine the sound and the image. that provides a split-pane file manager in your terminal. It’s
There was freedom in that, both for your computer, which primarily keyboard-driven, although being written with the
didn’t need to be capable of running that one big app that tried “ncurses” toolkit, it can also receive mouse-clicks.
to do everything, as well as for yourself because it was up to The interface is wonderfully intuitive. All you need to know
you which applications you strung together to get the job done. is that it’s a file manager, and from there you can quickly
learn it. Contextual commands are listed at the bottom of the
Diving in window, each being assigned to a Function Key and a full
One way to compute like it’s 1989 is to go and get a Rasp- menu (a “pull down” accessed with F9) is always available at
berry Pi or a PocketCHIP and dive in to the wonderful world the top of the window.
of low-powered living. The good news is that running Linux Personal customization notwithstanding, there are always
today is surprisingly similar to running UNIX or Linux in the two panels in Midnight Commander, and you switch between
‘90s. The bulk of the commands you know and love are them with the Tab key. All the usual file operations are either
there, and many of the applications and the general sensibil- a menu selection or a keypress away. It’s intuitive enough
ity have endured. that you can poke at it for a few minutes and fall into using
Most everything you do on your computer now can be it without introduction, and yet so efficient in design that you
done in a terminal, which obviously is the lightest of light- can quickly become a power user and control it with emacs-
weight interfaces. like key combos. It is, for all intents and purposes, a “desk-
top” for an MS- or Pro-DOS experience.
File management
The old style of file management was far more direct than Networking
modern interfaces allow. Modern computers have automag- To a lot of people, the Internet and the “www” subdomain are
ical file handling, according to a mimetype database. Mi- one and the same. What many people don’t realize is that
metypes are useful when your main interaction with a file is the “www” subdomain is really just the “World Wide Web”
pointing at it and double-clicking to open, but that becomes part of the larger Internet and generally it’s the part that
largely irrelevant when you yourself are making the call serves content over HTTP(S).
about which application to use. It might surprise you to learn What was called “Web 2.0” is a lot heavier than the Inter-
how much faith we tend to put in auto-detection now. For net of old. With all the background videos, JavaScript pop-up
instance, who knew you could run a valid text edit command requests for your email address, pleas for you to disable your
with sed on a dynamic library or that you can see metadata ad-blocker, alerts about cookies, warnings that your browser
in a sound file with less? When you stop relying on pre-pro- is out of date, and everything else the modern web tries to
grammed decisions, then that is when you end up learning throw into your browser, visiting the “www” in a non-main-
something new. stream browser is almost impossible. Luckily, there’s a lot
Most modern Linux users have at least heard of file man- more happening on the Internet than just social media and
agement commands such as cp and mv, and that’s an entire- comment wars.
ly valid and certainly the most efficient way to manage files. Web browsers have conditioned most of us to view the
It’s not the only option, though. If you yearn for that happy web as a place in which you go and “hang out.” You sit and
medium between constructing valid BASH commands and idle; you go to it, but never bring it home. This, of course,
the intuitiveness of graphical interfaces, then look to GNU isn’t strictly true—you’re downloading bits to a temporary
Midnight Commander [3]. cache, but that’s all abstracted from you by the browser. You
can still visit the modern web whilst living a digital retro life-
Figure 1: Midnight Commander
style, but it’s less about loitering and more about getting stuff
done. The earliest Linux distributions shipped with Lynx and
ELinks, which provide the typical HTTP experience modern
web users are used to, but there were and are many other
ways to interact with the Internet:

Atom and RSS
The advantages of these is that they are a “push” model
instead of a “pull.” You don’t have to go out and check a
website to see whether there are updated news items. The
software sends you an alert instead. Much of my daily web
browsing is taken care of with one look at newsbeuter [4] or
Mashpodder [5]. Once you start using RSS and Atom, you

Open Source Yearbook 2016 .O pensource.com 89
OLD SCHOOL .............. ..
.............
might just find that the sheen of HTTP is a lot duller than it Figure 2: Floodgap Public Gopher Proxy
seemed before.
Of the two, newsbeuter is the easiest to configure and use.
Install it from your distribution’s repository, and then launch
it once to force it to instantiate its configuration file. Once
that’s done, you have only to edit your ~/.newsbeuter/urls
file; a simple line-delimited list of feeds you want to check. A
sample from my current urls file:

$ head ~/.newsbeuter/urls
https://opensource.com/feed
http://slackware-changelog.oprod.net/atom_feed/
http://fedoraplanet.org/rss20.xml
https://planetkde.org/rss20.xml Email
http://planet.qt.io/rss20.xml Of course there’s always email, the original social network.
http://planetpython.org/rss20.xml Too many people these days fall back on Gmail and other
https://www.linux.com/feeds/rss providers that use over-complex web interfaces that cease
http://gnuworldorder.info/ogg.atom.xml to function at even the slightest variation of browser vendor
http://monsterjavaguns.com/podcast/feed or version. There is a better way, and that is Mutt [8]. It’s a
http://twodeeten.blogspot.com/feeds/posts/default lightweight, simple, efficient, and effective email client with
more customized config files than you could ever need. Bet-
Wget, curl, fetch ter yet, it has next-to-transparent PGP integration, so you
Regardless of the UNIX you’re running, you have available can start encrypting those emails from end to end.
some command to access the network and fetch a file. It’s
browsing the web without the browsing, and it’s sublime. Un- Your-Protocol-Here
fortunately, many modern sites obfuscate where the actual Don’t forget Usenet, Tor, GNUnet, and more. There are too
content is (if you’re using wget or similar, then you’re not many ways to access the worldwide network to list. If you
clicking on their ads), but for the practical websites out there, look, you’ll find all kinds of interesting lightweight technolo-
a quick download command is liberating and efficient. gies lying around out there.

Git Graphics without X
Git itself is great, but another good thing about git’s popu- On some devices, an X server just isn’t practical—sure, it
larity is that people have actually started hosting blogs and might be possible, but you just know it’s eating up a lot of
other content in git repositories, which means you can easily precious RAM. You might run a lightweight desktop, but
grab that content using just a UNIX shell. you’ll still inherit the overhead of running X in the first place.
Mostly, when computing the Old Way, you don’t need much
SSH by way of a graphical interface. A GUI just clutters things up,
Thriving community servers are out there that are open to gets your hands away from the keyboard where they belong,
new users, and you can also build your own. You can find and is painfully inefficient. If ever you’re going to wish for a
a list of free shell accounts [6], and now that you can get graphical display, it will be when you’re online or checking
a computer for $35, setting up your own is one install and email. People love graphics on the Internet, and people love
port forward away, even if only as an experiment to see how embedding images into email.
many friends you can get to join you. Don’t startx yet. What if I told you that you don’t need
to run X to display graphics on your screen? Thanks to the
Gopher Linux framebuffer device, /dev/fb0, you can do just that.
There’s an unusual amount of nostalgia out there for the There are a few different utilities to draw images straight to
Gopher protocol. It’s not the greatest system ever invented your screen without a graphic server. These don’t work over
(Gopher servers sometimes have trouble parsing Gopher’s remote or emulated connections (SSH, screen, tmux), but
markup), but it does underscore one point that much of the as long as you’re sitting at the physical computer you’re us-
web seems to have forgotten: It’s all about the content, not ing, you can direct all kinds of output straight to the physical
the ads. When your site is serving lists of text and binary screen attached to it.
files, you inherit an objectivity that just gets lost in modern To view images, there’s fbi (framebuffer image viewing)
sites. The Lynx browser still recognizes Gopher, so start your and its successor, fim (Fbi IMproved). Both essentially do
journey with it [7]. the same thing. Point it at a bitmap file and it’ll paint the

90 Open Source Yearbook 2016 .O pensource.com
picture on your display, abruptly, without fanfare or apology. system was and is to empower users to take small com-
You can use various controls; you can zoom, pan, or step mands and string them together to accomplish complex
through a slideshow. It’s easy and immediate, and it’s ex- tasks. The individual’s workflows were meant to be unique
actly what you need. and infinitely extensible.
You can even play video without X, believe it or not. You Beyond the mimicry of old computer interfaces and the
need to make sure your username is a member of the “video” rejection of modern network chatter is the enduring principle
and “audio” groups (this is usually a default on even the bare- that computerists should be eager to find new tools, useful
bones Linux distributions), and then: programs, and exciting ways to piece things together to ac-
complish tasks and to make life better for everyone. In other
$ mplayer -vo fbdev my_movie.mp4 words, put the “you” in UNIX.

Understand, this isn’t a gimmicky “convert your images to
ASCII” scenario—these tools actually display the imag- Resources
es and video on your screen without a GUI. Depending on [1] https://getchip.com/pages/pocketchip
which shell you’re using, painting pixels this way can con- [2] https://github.com/dnschneid/crouton
fuse your input. If your shell starts to act funny after using [3] https://www.midnight-commander.org/
fbdev, use the reset command and everything ought to re- [4] http://newsbeuter.org/
turn to normal. [5] https://github.com/hirozed/mashpodder
[6] http://shells.red-pill.eu
The “you” in UNIX [7] http://gopher.floodgap.com/gopher/
UNIX training and training videos [9] produced in the 1980s [8] http://mutt.org
made it abundantly clear that the intent of the operating [9] https://archive.org/details/UNIX1985

Open Source Yearbook 2016 .O pensource.com 91
OLD SCHOOL .............. ..
.............

LinuxQuestions.org celebrates
sweet 16 BY JEREMY GARCIA

IN MY November 2016
Opensource.
com column, The Queue [1],
a welcome message, was
June 25, 2000.
The initial LinuxQuestions.
I answered a multi-part ques- org site consisted of a logo
tion received via email: crudely designed by me, a
forum, and a short-lived news
Why did you start Linux- portal that was based on
Questions.org [2]? And can Slash [5], which was the Perl-
you tell us a little about the based code running Slashdot
history of the site? at the time.
Image by: Opensource.com. CC BY-SA 4.0 In the beginning, Linux-
The answer Questions.org was basically just me answering questions
Computers, programming, and technology in general have posted by other members. I figured someday the site would
always fascinated me. When I was in high school, I started grow to maybe a few hundred people, so to say it has grown
working for a local ISP that used UNIX almost exclusively. far beyond my initial expectations is a monumental under-
The “UNIX way” just clicked and made a lot of sense to me. statement. I still fondly remember the first time a member I
It wasn’t long before I wanted to run something similar at didn’t personally know answered a question. Today we have
home. The ISP used SCO, which is fairly ironic in retrospect, more than 500,000 members and millions of posts.
so home use really wasn’t possible due to the high cost and
licensing restrictions of the product. Searching for an alter- History highlights
native quickly lead me to Linux. As for the history and progression of the site, so much comes
I purchased The Linux Bible [3] from a local bookstore, to mind that it’s difficult to pick just a few moments, but here
so my first distribution was Yggdrasil [4]. Although the last are highlights:
official release of Yggdrasil was in 1995, it was a popular
option early on and ended up being the first Linux distribution Moderators
available as a live CD. I’ve used Linux as my main operating A year in, we added our first moderator, which was a big
system ever since. I like to tinker and understand how things step in growing the site and I remember being fairly nervous
work, so the fact that I could get an operating system that about it working out. We now have a team of more than 20
allowed me not only to see how things worked, but also to moderators who are spread out around the world. They’re
modify how things worked, enthralled me. responsible for everything from cleaning up spam, to en-
Fast forward to 2000, and I had just started my first forcing the community guidelines, to ensuring new members
job that was dedicated solely to work- feel welcome. The amount of dedication
ing with Linux. I had been using Linux Figure 1: LinuxQuestions.org original logo and hard work they put into LinuxQues-
for a while at this point and wanted to tions.org is truly remarkable, and we
give something back to a community quite simply would not be the friendly,
that I felt had given me quite a bit. welcoming, vibrant place we are today
The first post on LinuxQuestions.org, without this group.

92 Open Source Yearbook 2016 .O pensource.com
Members Choice Awards Podcast launches
On a bit of a whim, I started the Members Choice Awards a In 2004 we launched a podcast and it really changed how mem-
year later, and it’s been fun to watch them grow as an annual bers interacted with the site. Although we no longer produce the
event from there. The MCAs allow the community to vote LQ Podcast [9] or LQ Radio [10], the archives are still available
on their favorite projects/products in a variety of categories, and it’s something I consider reviving from time to time.
some of which change each year. Many projects really get
into it, and it’s nice to be able to not only recognize the win- Membership milestones
ners, but also gain additional exposure for great open source The 100,000th member, 1-millionth thread, and 5-mil-
projects in the process. lionth post milestones all stick out as memorable.
There were 11 categories the first year, and winners in- The numbers involved are so far beyond my initial
cluded Red Hat Linux, KDE, Enlightenment, Quake III, expectations that it’s difficult to articulate. We even had a
StarOffice, and MySQL. contest in which the member who guessed the correct date
In 2015, we had 35 categories and winners in the same and time the 100,000th member would register won a gratis
categories were Linux Mint, KDE (GNOME has won during LinuxQuestions.org shirt. The correct answer ended up be-
the interim), Openbox, 0 A.D., LibreOffice, and MariaDB. ing March 13, 2004 between 7-8pm EST.
(Voting for the 16th Members Choice Awards will open soon.
Follow us on Twitter @linuxquestions [6] to be notified when Community
the polls open.) With all that said, I think the best part about LinuxQuestions.
org for me is hearing members say how much they enjoy par-
Linux distributions forum ticipating, or getting a message from someone saying they’d
In 2002, the first distribution started officially participating. have given up on Linux if the site and community didn’t exist.
Although Linux From Scratch [7] led the way, we now have In the end, it’s really about community. The open source
more than 30 distributions in our official Distributions Forum world is full of smart, energetic, talented, people, and I’m
[8] program, and all distributions are welcome. If you’re as- absolutely a better person for having been exposed to it. I’ve
sociated with a distribution that would like to participate, con- also made quite a few good friends along the way.
tact us for more information; there is no cost and the require- Although running such a large community can be chal-
ments are minimal. I think having participation from such a lenging at times, it’s extremely rewarding and I’m both hon-
diverse group of people helps create the unique atmosphere ored and humbled that so many people have chosen to take
we have. time out of their lives to participate and have allowed us to
be part of the Linux ecosystem for so long. We’ll continue to
First conference booth attempt to improve each and every day, so if you have any
We got a chance to exhibit at LinuxWorld in New York a few feedback for us, please let me know.
years in, and the feedback we got was really energizing.
For those who don’t remember LinuxWorld, it was one of Resources
the first large events focused on Linux and Open Source, [1] https://opensource.com/tags/queue-column
with attendance topping 20,000 at its peak. We had mod- [2] http://www.linuxquestions.org/
erators fly in from multiple countries, and people from all [3] http://www.wiley.com/WileyCDA/WileyTitle/
over the world visited our booth to tell us how much they productCd-1118999878.html
liked the site and how much it had helped them, or who [4] https://en.wikipedia.org/wiki/Yggdrasil_Linux/GNU/X
just stopped by to say hello because they wanted to meet [5] http://www.slashcode.com/www.slashcode.com/
us. Linus Torvalds even stopped by each booth in the .org [6] https://twitter.com/linuxquestions
Pavilion. It was a humbling experience, and one that has [7] http://linuxfromscratch.org/
happened many times since. If you’d have told me when I [8] http://www.linuxquestions.org/questions/linux-distributions-5/
founded the site that I’d have experiences such as that one, [9] http://radio.linuxquestions.org/linux/lq-podcasts
I’d certainly not have believed you. [10] http://radio.linuxquestions.org/linux/lq-radio

Open Source Yearbook 2016 .O pensource.com 93
. ........
... .. ...
O P E N S O U R C E . C O M .. .. .. ....
. .
EDITORIAL CALENDAR
.............. ..
.............
Would you like to write for us?
Our editorial calendar includes upcoming themes, community columns, and topic
suggestions: https://opensource.com/calendar

Happy Pi Day!
To celebrate Pi Day, we're rounding up a series on the Raspberry Pi. What projects have you created?
What solutions to common problems have you found? What do you do with your Raspberry Pi?

Containers
How are you or your organization using Linux containers to get work done, to push innovation forward,
and to find new solutions to technical problems?

Open Hardware and DIY
Show off your tutorials and demos of hardware in the wild, and tell us about projects you work on and
how you use open hardware. Let's see those DIY projects that automate your appliances and up your
geek fashion cred.

Entertainment and Geek Culture
We're looking for geek culture stories and articles about how open source tools, projects, and communities
keep us entertained.

Back to School
Which open source tools are helpful for the classroom? How are open source technologies being used or
taught in your schools? We're always excited to hear how open source is improving education, so send
us your stories.

Programming
Show off your scripts, tips for getting started, tricks for developers, and tutorials, and tell us about your
favorite programming languages and communities.

Supercomputing
We want to hear about your high-performance computing projects and big data discoveries. Send us
your stories!

Email story proposals to open@opensource.com

94 Open Source Yearbook 2016 .O pensource.com