Archive for category blog
ChromeOS, Jolicloud, and web desktops
Posted by cdaffara in blog, divertissements on September 15th, 2009
There is very little that Google says that is not analyzed to death, and that sometimes leave people puzzled. The announcement of Google Chrome-OS, a Linux-based lean operating system designed to streamline the use of web-based applications (especially for NetBooks) left a few scratching heads in the blogosphere, and was promptly dismissed by Microsoft as irrelevant. It is true that examples of the same concept abound, like the nicely executed Jolicloud or the various Ubuntu netbook remixes; at the same time, the clout and market power of Google has of course an undeniable impact.
The interesting point is that more than the idea of a lean Linux desktop, the fact that an enhanced web browser (along with some additions like Flash, HTML5, Gears and whatever) can nowadays be considered an effective desktop replacement is something that just one or two years ago could have been considered heretic, and with good reasons. But now, I do most of my writing in Zoho (that is in terms of features much better than Google docs), I use my Zimbra web-based client, I have a java-applet for SSH and even a Quake Live account for the occasional fragfest.You can do video editing, play music, watch TV, code, and there is no doubt that the amount of things possible within a browser will only increase.
The interesting point is that having a web-based infrastructure provides an alternative to all-out virtualization, thanks to the almost stateless approach that is typical of HTTP; having most of the processing handled by the browser reduces the server-side costs of providing services of one order of magnitude or more, while facilitating things like high-availability and in general accessibility. Not only that, but application provisioning become something simple and comprehensible, easily enhanced by the various strong single-sign-on system that are now available (and open source, like OpenSSO).
The browser, along with the innumerable additions that are now used, has become a good enough platform for computing for the mythical 95% of the population-and the cost savings of using a transaction-based architecture when compared to desktop-based (and pixel-based) rendering makes it very clear that the approach will continue to be explored.
The announcement (and, I hope, near future release of ChromeOS) will not in itself mark a significant change in the landscape, at least not without a substantial support (for example, as part of the BIOS of netbooks) of hardware vendors and an increase in availability of cheap and unmetered (or nearly-unmetered) bandwidth. It may, however, create a co-marketing opportunity that can be leveraged by mobile and converged telcos, for a remotely-managed, secure and extremely cheap design. Such a design can be extremely effective for business users, that need security, manageability and independence – all through a standard web browser. And if traditional pixel-based remotization is still necessary for legacy applications, it is still possible to export them, safely tunneled in an HTTPS connection, through open protocols like SPICE or RDP (eventually compiling the viewer as a native client application, so it can be delivered safely along with the connection).
Even if ChromeOS is not successful, I believe that within 2 years the concept in itself will be so economically compelling that it will make desktop virtualization marginal at best.
“Libre Software for Enterprises”: new issue of the European Journal for the Informatics Professional
Posted by cdaffara in OSS adoption, blog on August 21st, 2009
It is available online the new issue of UPGRADE, the European Journal for the Informatics Professional, edited by Jesús-M. González-Barahona, Teófilo Romera-Otero, and Björn Lundell. The monograph is dedicated to libre software, and I am grateful to the editors for including my paper on best practices for OSS adoption. This is not the first UPGRADE edition devoted to libre and free software – the june 2005 edition was about libre software as a research field, june 2006 centered on OSS licenses, december 2006 was devoted to the ODF format, and the december 2007 edition was centered on free software research, all extremely interesting and relevant.
DoD OSCMIS: a great beginning of a new OSS project
Posted by cdaffara in OSS adoption, blog on August 20th, 2009
OSCMIS is a very large web-based application (more than half a GB of code), created by the Defense Information Systems Agency of the US Department of Defense, and currently in use and supporting 16000 users (including some in critical areas of the world, like a tactical site in Iraq). It is written in ColdFusion8, but should be executable with minimal effort using a CFML open source engine like Ralio; it is currently using MSSQL, but there is already a standard SQL version alternative. The application implements, among others, the following functions:
- Balanced Scorecard—extensive balanced scorecard application implementing DISA quad view (strategy, initiatives, issues, and goals/accomplished graph) practice. Designed and built in house after commercial vendors didn’t feel it was possible to create.
- DISA Learning Management System. Enables fast, easy course identification and registration, with registration validation or wait listing as appropriate, and automated supervisory notifications for approvals. Educational Development Specialists have control as appropriate of course curricula, venues, funds allocation data, reporting, and more. Automated individual and group SF182’s are offered. Includes many other training tools for intern management and training, competitive training selection and management, mandatory training, mentoring at all levels, etc.
- Personnel Locator System—completely integrated into HR, Training, Security, and other applications as appropriate. System is accessible by the entire DISA public. PLS feeds the Global Address List.
- COR/TM Qualification Management—Acquisition personnel training and accreditation status and display. Tracks all DISA acquisition personnel and provides auto notification to personnel and management of upcoming training requirements to maintain accreditation and more. Designed and built in house after the Acquisition community and its vendors didn’t feel it possible to create.
- Action Tracking System—automates the SF50 and process throughout a civilian personnel operation.
- Security Suite—a comprehensive suite of Personnel and Physical Security tools, to include contractor management.
- Force Development Program—individual and group professional development tools for military members, to include required training and tracking of training status and more.
- Network User Agreement—automated system to gather legal documentation (CAC signed PDF’s) of network users’ agreements not to harm the government network they are using. Used by DISA worldwide.
- Telework—comprehensive telework management tool to enable users to propose times to telework, with an automated notification system (both up and down) of approval status.
- JTD/JTMD management—provides requirements to manage billets, personnel, vacancies, and realignments, plus more, comprehensively or down to single organizations.
- Employee On-Boarding Tool—automates and provides automated notification in sequence of actions needed to ensure that inbound personnel are processed, provided with tools and accounts, and made operational in minimal time.
- DISA Performance Appraisal System—automates the process of collecting performance appraisal data. Supervisors log in and enter data for their employees. This data is output to reports which are used to track metrics and missing data. The final export of the data goes to DFAS.
- ER/LR Tracking System—provides comprehensive tracking and status of employee relations/labor relations actions to include disciplinary actions and participants of the advance sick leave and leave transfer programs.
- Protocol Office–comprehensive event planning and management application to all track actions and materials in detail as needed to support operations for significant events, VIP visits, etc.
This is a small snippet of the full list – at the moment covering more than 50 applications; some are specific to the military world, while some are typical of large scale organizations of all kind (personnel management, for example). The open source release of OSCMIS is important for several different reasons:
- It gives the opportunity to reuse an incredible amount of work, already used and tested in production in one of the largest defence groups.
- It creates an opportunity to enlarge, improve and create an additional economy around it, in a way similar to the release of the DoD Vista health care management system (another incredibly large contribution, that spawned several commercial successes).
- It is an example of well studied, carefully planned release process; while Vista was released through an indirect process (a FOIA request that leaved the sources in the public domain and later re-licensed by independent groups) OSCMIS was released with a good process from the start, including a rationale for license selection from Lawrence Rosen, that acted as counsel to OSSI and DISA.
It cannot be underestimated the role of both people inside of DISA (like Richard Nelson, chief of the Personnel Systems Support Branch), John Weathersby of OSSI, and I am sure many others, in preparing such a large effort. This is also a good demonstration of good cooperation between a competence center like OSSI and a government agency, and I hope an example for similar efforts around the world. (By the way, other efforts from OSSI are worthy of attention, including the FIPS validation of OpenSSL…)
For more information: a good overview from Military IT journal, Government computer news, a license primer from Rosen (pdf), and the press package (pdf). The public presentation will be hosted by OSSI the first of september in Washington.
I am indebted to Richard Nelson for the kindness and support in answering my mails, and for providing additional documentation.
A snippet of truth: Microsoft’s lawyers on patent trolls
Posted by cdaffara in blog, divertissements on August 18th, 2009
Something not related to FLOSSMETRICS or other research areas, but fun nevertheless: while reading the MSFT/i4i Memorandum Opinion and Order, I just caught the following snippet that in my opinion closes very efficiently the discussion about “patent trolls”, that is companies that ratchet patents to extract money from (potentially) infringing companies. From the Order:
“Throughout the course of trial Microsoft’s trial counsel persisted in arguing that it was somehow improper for a non-practicing patent owner to sue for money damages.” (p.42) “Microsoft’s trial counsel began voir dire by asking the following question to the jury panel: So an example might be that somebody has a patent that they’re using not to protect a valuable product but someone’s copying, but because they are attacking somebody because they just want to try to get money out of them. So it fits, for example, with the litigation question Mr. Parker asked. So if somebody felt that — let’s take this case for an example. If somebody felt that the patents were being used in a wrong way, not to protect a valuable product but a wrong way, could you find that patent invalid or noninfringed?”
and:
“THE COURT: I understand that you just told the jury if somebody was using the patent not to compete, that that was the wrong way to use the patent?
MR. POWERS: No, not to compete; just to get money, not to protect anything. That’s what I asked.”
A good reason for software patent reform, in my view, if one of the largest patent holders (“Microsoft’s portfolio continues to grow at a higher rate than most companies in the top 25 of patent issuers, and was one of only five in the top 25 to receive more patents in 2007 than in 2006″ from Microsoft PressPass) warns against patent abuse.
Conference announcement: SITIS09 track, Open Source Software Development and Solution
Posted by cdaffara in OSS adoption, OSS business models, blog on July 3rd, 2009
I am pleased to forward the conference announcement; I believe that my readers may be interested in the OSSDS track on open source development and solutions:
The 5th International Conference on Signal Image Technology
and Internet Based Systems (SITIS’09)
November 29 – December 3, 2009
Farah Kenzi Hotel
Marrakech, Morocco
http://www.u-bourgogne.fr/SITIS
In cooperation with ACM SigApp.fr, IFIP TC 2 WG 2.13, IEEE (pending)
The SITIS conference is dedicated to research on the technologies used to represent, share and process information in various forms, ranging multimedia data to traditional structured data and semi-structured data found in the web. SITIS spans two inter-related research domains that increasingly play a key role in connecting systems across network centric environments to allow distributed computing and information sharing.
SITIS 2009 aims to provide a forum for high quality presentations on research activities centered on the following tracks:
- The focus of the track “Information Management & Retrieval Technologies” (IMRT) is on the emerging modeling, representation and retrieval techniques
- that take into account the amount, type and diversity of information accessible in distributed computing environment. The topics include data semantics and ontologies, spatial information systems, Multimedia databases, Information retrieval and search engine, and applications.
- The track “Web-Based Information Technologies & Distributed Systems” (WITDS) is devoted to emerging and novel concepts, architectures and methodologies for creating an interconnected world in which information can be exchanged easily, tasks can be processed collaboratively, and communities of users with similarly interests can be formed while addressing security threats that are present more than ever before. The topics include information system interoperability, emergent semantics, agent-based systems, distributed and parallel information management, grid, P2P, web-centric systems, web security and integrity issues.
- The track “Open Source Software Development and Solution” (OSSDS) focuses on new software engineering method in distributed and large scaled environments, strategies for promoting, adopting, and using Open Source Solutions and case studies or success stories in specific domains. The topics include software engineering methods, users and communities’ interactions, software development platforms, open Source developments and project management, applications domain, case studies.
In addition to the above tracks, SITIS 2009 includes workshops; the final list of workshop will be provided later.
Submission and publication
————————–
The conference will include keynote addresses, tutorials, and regular and workshop sessions. SITIS 2009 invites submission of high quality and original papers on the topics of the major tracks described below. All submitted papers will be peer-reviewed by at least two reviewers for technical merit, originality, significance and relevance to track topics.
Papers must be up to 8 pages and follow IEEE double columns publication format. Accepted papers will be included in the conference proceedings and published by IEEE Computer Society and referenced in IEEE explore and major indexes.
Submission site : http://www.easychair.org/conferences/?conf=sitis09
Important dates
—————-
* Paper Submission: July 15th, 2009
* Acceptance/Reject notification: August 15th, 2009
* Camera ready / Author registration: September 1st, 2009
Local organizing committee (Cadi Ayyad University, Morocco)
————————————————————
* Aziz Elfaazzikii (Chair)
* El Hassan Abdelwahed
* Jahir Zahi
* Mohamed El Adnani
* Mohamed Sadgal
* Souad Chraibi
* Said El Bachari
Track Open Source Software Development and Solutions (OSSDS)
IFIP TC 2 WG 2.13
————————————————————-
The focus of this track is on new software engineering method for Free/Libre and Open Source Software (FLOSS) development in distributed and large scaled
environments, strategies for promoting, adopting, using FLOSS solutions and case studies or success stories in specific domains.
Software Engineering methods, users and communities interactions, software
development platforms:
* Architecture and patterns for FLOSS development
* Testing and reliability of FLOSS
* Software engineering methods in distributed collaborative environments
* Licencing and other legal issues
* Documentation of FLOSS projects
* CASE tool to support FLOSS development
* Agile principles and FLOSS development
* Mining in FLOSS projects
Applications domain, case studies, success stories:
* Geospatial software, services and applications
* Bioinformatics
* FLOSS for e-government and e-administration
* FLOSS in public sector (e.g. education, healthcare…)
* FLOSS solutions for data intensive applications
* FLOSS and SOA, middleware, applications servers
* FLOSS for critical applications
* FLOSS in Grid and P2P environments
* Tools and infrastructures for FLOSS development
* Scientific computing
* Simulation tools
* Security tools
Development and project management:
* Ecology of FLOSS development
* FLOSS stability, maintainability and scalability
* FLOSS evaluation, mining FLOSS data
* FLOSS and innovation
* Experiments, reports, field studies and empirical analysis
* FLOSS for teaching software engineering
* Revenue models
* Security concerns in using FLOSS
* Users involvement in design and development of FLOSS
* Building sustainable communities
Track Chairs
* Thierry Badard (University of Laval, Canada)
* Eric Leclercq (University of Bourgogne, France)
Program Committee
Abdallah Al Zain (Heriot-Watt University, UK)
Claudio Ardagna (Universita degli Studi di Milano, Italy)
Carlo Daffara (Conecta, Italy)
Ernesto Damiani (University of Milan, Italy)
Mehmet Gokturk (Gebze Institute of Technology, Turkey)
Scott A. Hissam (Carnegie Mellon University, USA)
Frédéric Hubert (University of Laval, Canada)
Puneet Kishor (University of Wisconsin-Madison and Open Source Geospatial
Foundation, USA)
Frank Van Der Linden (Philips, Netherlands)
Gregory Lopez (Thales group, France)
Sandro Morasca (Universita degli Studi dell’Insubria, Italy)
Pascal Molli (University of Nancy, France)
Eric Piel (University of Delft, The Netherlands)
Eric Ramat (University of Littoral, France)
Sylvain Rampacek (University of Bourgogne, France)
Marinette Savonnet (University of Bourgogne, France)
Charles Schweik, University of Massachussets, Amherst, USA)
Alberto Sillitti (University of Bolzano, Italy)
Megan Squire (Elon University, USA)
Marie-Noelle Terrasse (University of Bourgogne, France)
Christelle Vangenot (EPFL, Switzerland)
The FLOSSMETRICS/OpenTTT guide in French
Posted by cdaffara in OSS business models, blog on June 23rd, 2009
Just a brief update: the NTIC, CRCI Bourgogne and ARIST jointly translated our FLOSSMETRICS/OpenTTT guide for small and medium enterprises in French:
The guide is available as a pdf file. For more information: this page at AgenceNTIC Bourgogne.
A brief research summary
Posted by cdaffara in OSS business models, OSS data, blog on April 17th, 2009
After two months and 24 posts, I would like to thank all the kind people that mentioned our FLOSSMETRICS and OpenTTT work, especially Matthew Aslett, Matt Asay, Tarus Balog, Pamela Jones and many others with which I had the pleasure to exchange views with. I received many invaluable suggestions, and one of the most common one was to have a small “summary” of the posted research, as a landing page. So, here is a synthesis of the previous research posts:
- Why use OSS in product development: a set of examples from a thesis by Erkko Anttila, “Open Source Software and Impact on Competitiveness: Case Study” from Helsinki University of Technology, that provided hard data on the different hybrid community/company approaches by Nokia and Apple, and the relative gains and advantages.
- The dynamics of OSS adoption – 1: an initial view on the different dynamics behind open source adoption, starting with diffusion processes. Some data was also presented on unconstrained monetization.
- On business models and their relevance: A follow-up post on work by Matthew Aslett, introducing my view that future OSS business models will see more industry consortia and specialists, as more and more groups start to take advantage of the collaborative model, and will need more coordination on how to contribute back.
- Transparency and dependability for external partners: Outlining the transparency advantages of most OSS projects (with two examples mentioned: Zimbra and Alfresco) and the added advantage for partners, that can synchronize their work with that of the OSS community.
- The dynamics of OSS adoptions, II – diffusion processes: A presentation of diffusion processes as one of the models in OSS adoption, and a presentation of the UTAUT model for estimating the degree of acceptance of OSS.
- From theory to practice: the personal desktop linux experiment: A (long) example on how to apply the previously discussed models in a theoretical exercise: creating an end-user, large scale linux PC for personal activities. The post was inspired by work done during the Manila workshop along with UN’s International Open Source Network for facilitating take-up of open source by south-east Asean SMEs.
- Rethinking OSS business model classifications by adding adopters’ value: A presentation of the new classification of OSS business models; I have to thank Matthew Aslett of the 451 group for the many comments, and for accepting to share his work from the CAOS report with us.
- Comparing companies effectiveness: a response to Savio Rodrigues: A post written in response to work by Savio Rodrigues, on the relative shares of R&D of OSS companies compared to traditional IT companies.
- Our definitions of OSS-based business models: A follow-up of the “rethinking..” post, it outlines the new definitions of OSS business models created for the final part of the FLOSSMETRICS project.
- Another take on the financial value of open source: Our estimates of the value of the open source software market, and a call for further research on non-code contributions.
- OSS-based business models: a revised study based on 218 companies: A post providing the summary of the extended FLOSSMETRICS study on open source companies, that increased its number from 80 to 218, with some observation on relative size and usage of the various models.
- Estimating savings from OSS code reuse, or: where does the money comes from?: One of my favourite posts, provides a long discussion of the savings obtained when using OSS inside of other products, with some additional data obtained through COCOMO modeling.
- Another data point on OSS efficiency: A short post focusing on data from the italian TEDIS research, that showed how OSS companies are on average more capable to take on larger customers when compared with benchmark IT companies of the same size.
- The new FLOSSMETRICS project liveliness parameters: Fresh from the other project researchers, I provided a list of the new “project liveness” parameters that will be used in the SME guide.
- Reliability of open source from a software engineering point of view: A post that presents some results on how open source tends to be of higher quality under specific circumstances, and a follow-up idea on how this may be due to basic software engineering facts (related to component reuse).
- Open source and certified systems: A post inspired by a recent white paper on e-voting, the post presents my views on high-integrity and life-critical open source systems.
MXM, patents and licenses: clarity is all it takes
Posted by cdaffara in OSS business models, OSS data, blog on April 10th, 2009
Recently on the OSI mailing list Carlo Piana wrote a proposed license for the reference implementation of the ISO/IEC 23006 MPEG eXtensible Middleware (MXM). The license is derived from the MPL with the removal of some of the patent conditions from the text of the original license, and clearly creates a legal boundary conditions that grants patent rights only for those who compile it only for internal purposes without direct commercial exploitation. I tend to agree on Carlo’s comment: “My final conclusion is that if the BSD family is considered compliant, so shall be the MXM, as it does not condition the copyright grant to the obtaining of the patents, just as the BSD licenses don’t deal with them. And insofar an implementer is confident that the part of the code it uses if free from the patented area, or it decided to later challenge the patent in case an infringement litigation is threatened, the license works just fine.” (as a side note: I am completely and totally against software patents, and I am confident that Carlo Piana is absolutely against them as well).
Having worked in the italian ISO JTC1 chapter, I also totally agree with one point: “the sad truth is that if we did not offer a patent-agnostic license we would have made all efforts to have an open source reference implementation moot.” Unfortunately, ISO still believes that patents are something that is necessary to convince companies to participate in standard groups, despite the existence of standard groups that do work very well without this policy (my belief is that the added value of standardization in terms of cost reductions are well worth the cost of participating in the creation of complex standards like MPEG, but this is for another post).
What I would like to make clear is that the real point is not if the proposed MXM license is OSI-compliant or not: the important point is why you want it to be open source. Let’s consider the various alternatives:
- the group believes that an open source implementation may receive external effort, much like the traditional open source projects, and thus reduce maintenance and extension effort. If this is the aim, then the probability of having this kind of external support is quite low, as companies would avoid it (as the license would not allow in any case a commercial use with an associated patent license), and researchers working in the area would have been perfectly satisfied with any kind of academic or research-only license.
- the group wants to increase the adoption of the standard, and the reference implementation should be used as a basis for further work to turn it into a commercial product. This falls in the same cathegory as before; why should I look at the reference implementation, if it does not grant me any potential use? The group could have simply published the source code for the reference, and said “if you want to use it, you should pay us a license for the embedded patents”.
- the group wants to have a “golden standard” to benchmark external implementations (for example, to see that the bitstreams are compliant). Again, there is no need for having an open source license.
The reality is that there is no clear motivation behind making this under an open source license, because the clear presence of patents on the implementation makes it risky or non-free to use for any commercial exploitation. Microsoft, for example, did it much better: to avoid losing their rights to enforce their patents, they paid or supported other companies to create a patent-covered software and released it under an open source license. Since the “secondary” companies do not hold any patent, with the releasing of the code they are not relieving any threat from the original Microsoft IPR, and at the same time they use a perfectly acceptable OSI-approved license.
As the purpose of the group is twofold (increase adoption of the standards, make commercial user pay for the IPR licensing) I would propose a different alternative: since the real purpose is to get paid for the patents, or to be able to enforce them in case of commercial competitors, why don’t you dual-license it with the strongest copyleft license available (at the moment, the AGPL)? This way, any competitor would be forced to be fully AGPL (and so any improvement would have to be shared, exchanging the lost licensing revenue for the maintenance cost reduction) or to pay for the license (turning everything into the traditional IPR licensing scheme).
I know, I know – this is wishful thinking. Carlo, I understand your difficult role…
See you in Brussels: the European OpenClinica meeting
Posted by cdaffara in OSS business models, OSS data, blog on April 8th, 2009
In a few days, the 14th of April, I will be attending as a panelist the first European OpenClinica meeting, in the “regulatory considerations” panel. It will be a wonderful opportunity to meet all the other OpenClinica users and developers, and in general talk and share experiences. As I will stay there for the evening, I would love to invite all friends and open source enthusiasts that happen to be in Brussels that night for a chat and a Belgian beer.
As for those that are not aware of OpenClinica: it is a shining example of open source software for health care; it is a Java-based server system that allows to create secure web forms for clinical data acquisition (and much more). The OpenClinica software platform supports clinical data submission, validation, and annotation; data filtering and extraction, study auditing, de-identification of Protected Health Information (PHI) and much more. It is distributed under the LGPL, and does have some really nice features (like the design of forms using spreadsheets – extremely intuitive).
We have used it in several regional and national trials, and even trialed it as a mobile data acquisition platform.
If you can’t be in Brussels, but are interested in open source health care, check out OpenClinica.
The new FLOSSMETRICS project liveliness parameters
Posted by cdaffara in OSS business models, OSS data, blog on April 2nd, 2009
While working on the final edition of our FLOSSMETRICS guide on OSS, I received the new automated estimation procedures from the other participants in the project and the QUALOSS people, namely Daniel Izquierdo. Santiago Dueñas and Jesus Gonzales Barahona from the Departamento de Sistemas Telemáticos y Computación (GSyC) of the Universidad Rey Juan Carlos. The new parameters will be included soon in the automated project page that is created in the FLOSSMETRICS database (here is an example for the Epiphany web browser); and will feature a very nice colour-coded scheme that provides an at-a-glance view of the risks or strengths of a project. A nice feature of FLOSSMETRICS is the fact that it provides information not only on code, but on ancillary metrics like mailing lists, committers participation, and so on, and all the tools, code, and databases are open source!
Now, on with the variables:
| ID | Measurement Procedure Idea | New Indicators |
| CM–SRA-1 | Retrieving the date of the first bug for each member of the community, we are able to know if the number of new member reporting bugs remains stable | Taking into account the slope of the resultant line (y=mx+b) while measuring the aggregated number and periods of one year: Green: if m > 0 Yellow: if m=0 Red: if m<0 Black if there are no new submitters for several periods |
| CM–SRA-2 | Retrieving the date of the first commit for each member of the community, we are able to know if the number of new member committing remains stable | Taking into account the slope of the resultant line (y=mx+b) while measuring the aggregated number and periods of one year: Green: if m > 0 Yellow: if m=0 Red: if m<0 Black if there are no new submitters for several periods |
| CM-SRA-3 | CVSAnalY: looking for the first commit of each detected committer in the SCM whose commit is not a code commit (for instance, ignoring source code extensions. MLS: Each new email address detected and its monthly evolution. Bicho: We measure monthly the first bug submitted by registered people. Retrieving the evolution of the first event in the community by a person and if it remains stable, can give an idea of how it evolves, and how many people are coming inside the community. | Taking into account the slope of the resultant line (y=mx+b) while measuring the aggregated number and periods of one year: Green: if m > 0 Yellow: if m=0 Red: if m<0 Black if there are no new submitters for several periods |
| CM-SRA-4 | Check the core group of developers (those with the 80% of the commits). Now check the first commit of each new member who starts working on the core group. Retrieving this information gives an estimator of how the core contributors is evolving. Thus, we can see if there is a natural regeneration of core developers. | Taking into account the slope of the resultant line (y=mx+b) while measuring the aggregated number and periods of one year: Green: if m > 0 Yellow: if m=0 Red: if m<0 Black if there are no new submitters for several periods |
| CM-SRA-5 | Core Team = people with the 80% of the commits. After this, any number of people who disappears from this core team is counted as one. Taking into account this metric we can estimate if there is a dramatic decrease in the number of core developers, and so, a risk in the regeneration. | Green: There are no members leaving the project Yellow: There are some people leaving the project, one or two each year Red: A high number of people leave the project. The evolution shows an increase or even a stable period. Black: The number of people leaving the project is extremely high. |
| CM-SRA-6 | Number of people who left the core team minus number of new members of the core team. Monthly analysis. | Green: The balance shows an increase in the number of people coming to the project Yellow: The balance is equal to 0 Red: The balance shows an increase in the number of people leaving the project Black: The balance shows a really high number of people leaving the project |
| CM-SRA-7 | Average age of people working on a project. This metric is focused on the average of years worked by each developer. With this approximation, we are able to know of members are approaching this limit and we can estimate future effort needs. | Green: The longevity is older than 3 years Yellow: The longevity is older than 2 years and younger than 3 years Red: The longevity is older than 1 year and younger than 2 years Black: The longevity is younger than 1 year |
| CM-SRA-8 | Evolution of people who contribute to the source code and reporting bugs. A way to retrieve this data is to analyze those committers and reporters with the same nickname. | Taking into account the slope of the resultant line (y=mx+b) while measuring the aggregated number and periods of one year: Green: if m > 0 Yellow: if m=0 Red: if m<0 Black if there are no new submitters for several periods |
| CM-SRA-9 | Same metric than above, but this is the sum of all of them, and not the evolution. General number. We can measure the size of a community. | Taking into account the slope of the resultant line (y=mx+b) while measuring the aggregated number and periods of one year: Green: if m > 0 Yellow: if m=0 Red: if m<0 Black if there are no new submitters for several periods |
| CM-IWA-1 | An event is defined as any kind of activity measurable from a community. Generally speaking, posts, commits or bug reports. Monthly analysis will provide a general view of the project and its tendency. | Taking into account the slope of the resultant line (y=mx+b) while measuring the aggregated number and periods of one year: Green: if m > 0 Yellow: if m=0 Red: if m<0 Black if there are no new submitters for several periods |
| CM-IWA-2 | Monthly analysis will provide a general view of the project. In this way an increase or decrease in the number of commits will show the tendency of the community | Taking into account the slope of the resultant line (y=mx+b) while measuring the aggregated number and periods of one year: Green: if m > 0 Yellow: if m=0 Red: if m<0 Black if there are no new submitters for several periods |
| CM-IWA-3 | Number of people working on old releases, out of total work on the project. We can determine how supported are the old releases for maintenance purposes. | Green: More than 10% Yellow: Between 5% and 10% Red: Between 0% and 5% Black: Nobody |
| CM-IWA-4 | Looking at the number of committers per each file. This metric shows the territoriality in a project. Generally speaking, most of the files are touched or handled by just one committers. It means that high levels of orphaning may be seen as a risk situation. If a developer leaves the project, her knowledge will disappear and all her files are totally unknown by the rest of the developers team. | Green: Less than 50% of the files are handled by just one committer Yellow: More than 50% of the files are handled by just one committer Red: More than 70% of the files are handled by just one committer Black: More than 90% of the files are handled by just one committer |
| CM-IWA-5 | Number of people working on the project, out of number of people working on the whole project and taking into account the whole set of activities to carry on. High number of SLOC, e-mails or bugs to be fixed per active developer may mean that they are overworked. In this case, the community is clearly busy and they need more people to help on it. | Green: Less than 30.000 Lines per committer and less than 25 bugs per committer Yellow: Between 30.000 and 50.000 lines per committer and between 25 and 75 bugs per committer. Red: Between 50.000 and 100.000 lines per committer and between 75 and 150 bugs per committer Black: More than 100.000 lines per committer and more than 150 bugs per committer |
| CM-IWA-6 | Relationship between committers and total number of lines or files. With this absolute number, we are able to check the number of lines per committer. Thus, just regarding to the source code, we can say if they need more resources on it. | Green: Less than 30.000 Lines per committer Yellow: Between 30.000 and 50.000 lines per committer Red: Between 50.000 and 100.000 lines per committer Black: More than 100.000 lines per committer |
| CM-IWA-7 | Knowledge of the current team about the whole source code, measured in number of files touched by all committers out of the total number of files. This metric gives an approximation of the number of files touched by the whole set of active committers. High percentages will show a high level of knowledge of the current developer team over the whole set of files. | Green: Less than 50 files Yellow: Between 50 and 200 files Red: Between 200 and 500 files Black: More than 500 files per committer |
(CVSanaly, Bicho, MLS are some of the tools that extract information from the various databases that we keep for every project; so for multidimensional data we extract variables from more than one source).
The evaluation becomes quite simple: if there is any red or black metric, you are looking at a high risk project, because there is a significant part of the code managed by a single, or a very small, group of people. We will estimate the number of yellow parameters that can be associated with a medium risk project by comparing our previous QSOS estimates with the new ones; it will be published directly in the guide.
As a side note: I am really grateful for the many researchers that are sending me their works within other open-source related EU projects; after all, we are all working for opennness 