Somehow, I felt that there were less people this year…due to the economic tsunami?

Free. Open. Future? by Mark Surman

It’s interesting to get a point of view from Mozilla on the future of open source, its values and principles on Study, Copy, Modify, Share. What really got me thinking is, how applicable is this in Asia? It’s a norm to study, copy, and modify. However, on sharing a piece of code, it’s not quite in the agenda when it’s commercially lucrative. Same goes for any software companies that rely on building applications as the revenue resource.

As Mark Surman pointed out, what people must understand is, SCMS drives innovations, standards and freedom. Though not all encompassing for the perfect FOSS as Mozilla like to portray, Google can be a good example in that they don’t share most of its platform’s recipe, but yet they drive for innovation, review and setting standards.

Debian by Bdale Garbee

This talk got me interested because am a strict Debian user, except that all my kernels are compiled from source. Bdale Garbee raised some very important insights on the birth of FOSS and Debian’s perception about it. Debian is all about freedom and very user-centric as per their Social Contract. Debian actually led the open source definition before anyone did.

Over a decade now, Debian is still growing strong with/without its derivatives. It’s pretty amazing.

What’s notable from this talk is, the value of values. Bdale Garbee highlighted that having strict values provide an anchor in rough times. From clear values, vision is focused and understood to create a strategy that benefits the organisation through its objectives. What’s equally important is how we define values for the common good.

OSI: Recent Activities and Future Directions by Michael Tiemann

Many OSI members introduced their initiatives and OSI’s role in the global efforts in promoting FOSS.

Open Source Observatory & Repository is a good source to understand the widespread use of FOSS in Europe. Besides efforts made by the Japanese government, OSI is pushing FOSS ideologies in India and Africa. What’s not interesting is to know that OSI doesn’t have a presence in China.

Let’s hope there are more initiatives in non-Western countries for FOSS.

OpenAMQ by Pieter Hintjens

OpenAMQ is a middleware for asynchronous application messaging. Pieter Hintjens introduced Zyre, which makes implementing AMQ easy via RestMS based on HTTP REST. Unfortunately they don’t have any examples or good materials to engage developers with. Nevertheless, being able to process 100-500 messages per second is pretty good. 0MQ’s ability to do over 5 million messages per second is even more impressive! But then again, average web apps don’t need 0MQ. RestMS has lots of potential, will be keeping an eye on it.

FLOSSMetrics: providing data about FLOSS development by Jesus M. Gonzalez Barahona

FLOSSMetrics is a database of the development of FLOSS projects. I have actually thought this talk would provide a summary of different results on FLOSS projects, however, it didn’t. But anyone is able to download the results from Melquiades. The libresoft-tools used to harvest such data can be found at Morfeo.

Scala – A Scalable Language by Martin Odersky

Totally mind-blowing, since I understood almost nothing. Coming from a non-programming background, it was extremely difficult to chew on what Martin Odersky presented. Nevertheless, I left with 3 things, 1) scalability demands extensibility, 2) Twitter moved to Scala and 3) Lift is a Scala framework.

On web development, there have been scalability wars in terms of what is best for scalability. And what do you know? It doesn’t matter, because every language and framework can be extended. So what really matters for a project to be scalable? The most basic requirement, competent human resource through time.

Grid Computing with Debian, Globus and ARC by Mattias Ellert

Grid systems are always interesting for cloud computing to shine. Mattias Ellert introduced NorduGrid and Grid Packaging Toolkits as important tools to enable grid computing. What’s interesting to know is that NorduGrid comes with data storage management modules rather than just pure data processing.

OWASP Testing Guide v3 and Secure Software Development by Matteo Meucci

Understanding OWASP is must for anyone serious about (developing) secure web applications. They have created 3 guidelines for ensuring secure web applications throughout the software development cycle. Nothing new I guess. But the following guidelines are richly informative!

1. Development Guide – important during the initial define and design stage
   
2. Code Review Guide – essential when developing/programming the application
   
3. Testing Guide – has tips and tricks to ensure the deployed application is maintained properly

Those interested, most books are free to download at lulu.com besides what’s available at OWASP wiki.

A notable example that Matteo Meucci mentioned is Cross-Site Request Forgery using img HTML element, which am sure is affected by many webapps these days.

Knowing the risks involved in your particular environment is essential in creating a user friendly service. Where risk equals to the likelihood of the event multiplied by the potential impact it can effect.

FreeIPA – Identity Management by Simo Sorce

Sponsored by RedHat, FreeIPA is an identity management mashup of LDAP, Kerberos, some additional modules, and custom Python scripts. Along with the German who sat next to me, we both found it way too complex and is adding security risks to a system that could be simpler.

I don’t think this system is a one-size-fits-all as Simo Sorce presented. Maybe it wasn’t his intention nor the intention of FreeIPA. But a simpler alternative to managing system administrators is some customised scripts on top of existing Linux tools, eg sudo and keychain.

Then again, if you’re a non-IT manager/director, FreeIPA could be the best fit with some questionable risks.

GSoC: A Behind the Scenes Look at Large Scale Community Management by Leslie Hawthorn

The finale of the event. Google just had to introduce Melange to the attendees. It’s basically an application that has been the core for organising and managing Google Summer of Code. It’s open source and released for the benefit of everyone else to organise programming events and yet keep track on what happened. Pretty nifty.

And who said Google is evil? They have been contributing back to the community…

Conclusion

Am glad the FOSDEM video are available online. Some events I didn’t attend and would be interesting to ‘attend’ them.

Also, I got to check out SUSE Studio, which is a great frontend for creating VM templates. Too bad it’s not distributed for other distros. Either way, it’s still possible to create VM templates manually but slightly more painful though can be rewarding.

Let’s hope next year would be a better year!