Fosdem 2016 links and notes

  • Argüman is an argument mapping tool. It uses visual presentation of a subject and a limited language set ('but', 'because', 'however') to map out the pros and cons of a subject - the aim is to aid critical thinking and quick learning. Here's the argüman for cats vs dogs.

  • There was lots of talk about making it easier for IoT devices to talk to each other. (Everyone seems to be trying to make things talk not thinking about the usefulness or context of the information):

  • I spotted this little box on the OwnCloud stand:

    I remain pretty certain we'll soon all be buying little plastic boxes like this and just plugging them in at home - email, blogs, hyperlocal communities and backup services become mainstream consumer physical goods.

  • The most random talk I saw was on 'Necrocomputing' - trying to install the latest version of PostgreSQL on a 1980's era VAX and how it can be a useful (if painful) way of finding bugs in current, but complex software projects like PostgreSQL.

  • Dawn Foster is doing a PhD on the the community that surrounds the Linux kernel (19M lines of code and over 11K developers and counting). She talked about the tools for analysing years of mailing lists, repos and wikis. (Random thought: if governments took mailing lists and wikis seriously as tools for developing policy the same approach might once day give some great insights about policy formation).

  • Software supply-chains, reproducable builds and how to establish trust in (again) very large aging software projects came up in quite a few talks:

    • There was a quote (which I can't subsequently verify) that 98% of cheap Chinese tablets are in breach of the GLP in some way (how long before consumer rights organisations and review sites start including data from open source certification programmes?)

    • The tools currently used for checking compliance with licences could also be used for checking the supply chain of what went into a particular product. Stefano Zacchiroli talked about how to start opening up the partially closed compliance checking tool-chain [video].

    • SIL2LinuxMP is an attempt to get a minimum version of Linux verified to 'SIL Level 2'. SIL levels are set by various standards bodies and are basically a measure of how likely something is to break. Different uses require different SIL levels (think airbags vs car radio). SIL2LinuxMP is based on Debian. Debian is introducing reproduceable builds so you can be certain what version of software you are running. (Being able to be certain that the software running your car or smoke alarm isn't going to kill you feels like a pretty clear user need).

    • The video of the whole 'Safety Critical FOSS' is avaliable here. Two points that are particuarly well made: 1) named maintainers, clear licensing and public bug trackers should give open source software an advantage and 2) regulators are in a hard place (it's hard to check software, and lots of car jobs are at risk if they get it wrong) but the answer may lay in understanding how the FOSS community can get involved and move regulation to a more peer review based system.

  • Finally, the best talk of fosdem IMO was Comparing codes of conduct to copyleft licenses from Sumana Harihareswara. The transcript is here. Great arguments about on a subject Fosdem needed to hear about.