Yanking the Chain: Open Source Software Compliance in the Supply Chain – London 22/3/2018

09:00-17:00, Thursday 22nd March 2018 at BCS London, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA, UK.

The event is free to attend, however registration is required:

https://ossg220318.eventbrite.co.uk/

Bookings close on Wednesday 21st March 2018 at 8:30AM and none will be taken after this date.

Introduction

With the ever increasing complexity of embedded device software stacks, coupled with the proliferation of new mechanisms for distributing complex server software stacks, open source compliance has never been more important — or indeed more of a challenge.

Fortunately, there are growing number of tools and methods at our disposal to support open source software compliance efforts. This 1-day event will feature talks and hands-on workshops covering a number of these, with insights into practical experiences and lessons learned.

Hosted by the BCS Open Source Specialist Group in partnership with the Open Source Hardware user Group.

Talks

Introducing OpenChain

OpenChain is a scalable, flexible compliance programme, developed by the Linux Foundation. It provides a great foundation for businesses of all sizes to adopt appropriate practices and procedures in place to control development and supply chain risks. Already adopted by companies like Qualcomm, Toyota and ARM, it’s equally applicable to SMEs.

About the Speaker

Andrew Katz is a lawyer and former programmer who advises extensively on free and open source software and other opens. He is head of the technology department at Moorcrofts LLP, a boutique technology law firm, which is one of the 5 OpenChain pilot partners in the world, and has been involved in drafting many of the OpenChain materials.

SPDX: Describing Software and Licenses

Software Package Data Exchange (SPDX) provides a standard format for describing the components and licenses associated with software packages. The SPDX standard helps facilitate compliance with Free and Open Source Software licenses by standardizing the way license information is shared across the software supply chain. SPDX reduces redundant work by providing a common format for companies and communities to share licensing data, thereby streamlining and improving compliance. The presentation will introduce the standard, describe common use scenarios, and provide details on the other deliverables of the SPDX working group, like tools and the authoritative License List.

About the Speaker

Alexios Zavras, PhD, is the Senior Open Source Compliance Engineer of Intel Corporation. He has been involved with Free and Open Source Software since 1983, and is an evangelist for all things Open. He has a PhD in Computer Science after having studied Electrical Engineering and Computer Science in Greece and the United States.

Eclipse SW360 – Open Source Management with Open Source

SW360 manages software components with their license compliance documentation in SPDX and allows for setting up bills-of-material to provide comprehensive documentation for products and projects.

Organizations can use SW360 as a one-stop shop for sharing component information, tracking their usage in projects or products. This involves the handing of compliance information, but also, as an example, matching for vulnerabilities from data providers.

As an EPL-1.0 licensed Open Source project (see https://www.github.com/sw360), it is highly customizable, letting organizations keep their confidential product development data on premises, and prevents them from becoming dependent on a single vendor. This presentation shows briefly features and a walk through the application to demonstrate capabilities and use cases of SW360.

About the Speaker

Michael C. Jaeger is one of the maintainers for the projects, FOSSology and SW360, both of which are in the area of license compliance and component management with open source software. At Siemens Corporate Technology in Munich, Germany, Michael manages the Siemens contributions to SW360 and FOSSology. Michael is a certified software architect and received a German PhD degree from the faculty of electrical engineering and computer science at TU Berlin.

How License Compliance Engineering Can be Simplified

When people are confronted with license compliance for the first time it feels overwhelming because there are many aspects to it: license scanning of hundreds of thousands of files, complete and corresponding source code, derivative works and code clone detection, and so on. Clients often say that they simply do not know where to start.

However, experience demonstrates that license compliance does not need to be overly complicated, as there are short-cuts that can be taken and have zero risk, but that will vastly speed up compliance processes. This talk will highlight a few best practices learned from compliance work with clients and explain how information from upstream projects can be used to make the license compliance processes quicker, predictable and more standardised.

About the Speaker

Armijn Hemel, MSc, is an expert in open source license compliance engineering. From 2005-2012 he helped enforce the GPL license in Germany several hundred times as part of the coreteam of gpl-violations.org. Since then he has assisted companies to come into compliance (including in recent troll cases in Germany) and is actively involved in advancing the field of compliance by exploring new topics and tooling.

Compliance Tooling using Build Time Analysis

The Quartermaster project aims at building industry standard tooling that supports the open source license compliance workflow. It’s open source workflow engine integrates existing scanning and reporting tools, and integrates into continuous integration/development processes. It offers API endpoints against which toolmakers, communities and service providers can integrate their products, while maintaining an open source and open data model for the elemental toolchain.

The presentation will explore a number of key findings from the development of Quartermaster so far. For example, that focusing on whole source packages alone to identify and convey license information may be insufficient, and that the product build process may be the most suitable time to create compliance documentation. The presentation will introduce the Quartermaster project, the novel approach it takes on implementing open source compliance tooling, and how the lessons learned from the prototype influenced the Quartermaster toolchain architecture.

About the Speaker

Mirko Boehm is a Free Software and Open Source contributor, primarily as a software developer and speaker. He is the founder of the Quartermaster project, and has been a contributor to major Open Source projects including the KDE Desktop since 1997, including several years on the KDE e.V. Board. He is a visiting lecturer and researcher on Free Software and Open Source at the Technical University of Berlin, a fellowship representative in the FSFE general assembly and a Qt-certified specialist and trainer.

The Open Invention Network protects the Open Source ecosystem by acquiring patents and licensing them royalty free to all participants. As director for the Linux system definition, Mirko is responsible for the technical scope that defines the field of use of the patent non-aggression agreements.

As founder and CEO of Endocode, an employee-owned, shareholder company based in Berlin, Germany providing professional IT services with a focus on Open Source technologies, Mirko specialises in consulting to and mentoring startups and medium to large businesses. His areas of expertise include complex software development endeavours, the use of Open Source products and methods in organisations, and technology related issues of business strategy and intellectual property.

Workshops

Using FOSSology – License Analysis Hands On

FOSSology is an open source license compliance software system and toolkit. As a toolkit, you can run license, copyright and export control scans from the command line. As a system, a database and Web user interface provide you with user interface and functionality to analyse the licensing situation of open source software.

Hosted By Michael C. Jaeger.

About the organiser:

This event is organised by the BCS Open Source Specialist Group in partnership with the Open Source Hardware User Group. Find out more about the group at http://ossg.bcs.org/.

For overseas delegates who wish to attend the event please note that BCS does not issue invitation letters.


Intel Movidius Neural Compute Stick Workshop – London 22/2/2018

On the 22 February 201809:00 – 17:00 at BCS London, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA,  [map] (51.510812-0.121733)

Please register to attend and share on Lanyrd.

Learn how to use the Intel® Movidius™ Neural Compute Stick and open source frameworks to deploy deep neural networks at the edge.

Workshop details

Market research estimates there will be as many as 20 billion connected devices in the market by 2020. These devices are expected to generate billions of petabytes of data traffic between cloud and edge devices. In 2017 alone, 8.4B connected devices are expected in the market which is sparking a strong need to pre-process data at the edge. This has led many IoT device manufacturers, especially those working on vision based devices like smart cameras, drones, robots, AR/VR, etc., to bring intelligence to the edge.

Through the recent addition of the Movidius™ VPU technology to its existing AI edge solutions portfolio, Intel is well positioned to provide solutions that help developers and data scientists pioneer the low-power intelligent edge devices segment. This workshop will provide hands-on experience with Intel’s Neural Compute Stick – a low-cost, form-factor developer kit for low-power vision based embedded inference applications.

What You Will Learn:

  • Insights into how Movidius™ VPUs are pioneering DNN accelerated vision processing.
  • Introduction to hardware and software components of NCS.
  • Workflow of network profiling and application development using NCS.
  • Detection/Classification models
  • Advanced functionalities
  • Hands-on with advanced demos and sample codes built using NC SDK’s API framework, which includes support for Caffe and TensorFlow

Participant requirements

** Participants are required to bring a laptop computer with Ubuntu 16.04 and Neural Compute SDK installed **

What is provided

  • NCS hardware will be provided for use during the workshop
  • A light lunch will be provided and please ensure that any dietary requirements are made clear during registration

Hosted by

The workshop will be hosted by Intel engineers.

This workshop is free to attend and hosted by Intel in partnership with the BCS Open Source Specialist Group and the Open Source Hardware User Group.

Note: Please aim to arrive by 08:45 as the workshop will start at 09:00 prompt.

Sponsored by:

DesignSpark


Collaborative music making, ultra-low latency audio and sensor processing – London 18/1/2018

On the 18 January 201818:00 – 21:00 at BCS London, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA,  [map] (51.510812-0.121733)

Please register to attend and share on Lanyrd.

We start the new year with an event on the theme of open source musical software and hardware.

Bela, an embedded platform for ultra-low latency audio and sensor processing

Bela started off as a research project at Centre For Digital Music (Queen Mary University of London) and is now a commercial product, mainly aimed at makers, programmers and researchers that work with audio. The platform is based on a BeagleBone Black with a custom expansion cape and a dedicated software environment. The board runs Debian Linux with Xenomai as a real-time co-kernel. The combined use of Xenomai and the BeagleBone Black’s on-board PRU microcontroller allows to achieve sub-millisecond latency for audio and sensor processing, while node.js is used to provide a user-friendly web-based IDE. The project is entirely open source, hardware and software.

Giulio Moro is a PhD student in the Centre for Digital Music at Queen Mary University of London. A sound engineer by training, he is now researching in the field of performer-instrument interaction. He is one of the inventors and core developers of Bela.

Female Laptop Orchestra: exploring geographical, cultural, technical and artistic challenges of collaborative music making

As a collective of female musicians, artists, engineers, computer scientists and researchers, Female Laptop Orchestra has been pushing the boundaries of technology and cross-cultural co-located and distributed collaborative music making since 2014. Besides musical instruments, we use a variety of open source and commercial tools to create music, stream music and connect with our audience during the performance. We often collaborate with classical composers and ensembles, filmmakers, visual designers, choreographers and dancers. Recently, we also collaborated with members of Women in Music Technology (a student organization whose goal is to encouraging more women to join the music tech field of study and highlight the often unsung role of women in music technology, based at Georgia Tech Centre for Music Technology in US) and Sonora (a collaborative network bringing together artists and researchers interested in feminist manifestations in the context of the arts, based in Brazil).

Nela Brown is a sound artist, technologist, researcher and educator. In the past decade, she composed music and designed sound for award-winning projects including theatre performances, dance, mobile, film, documentaries and interactive installations. She is the founder of the Female Laptop Orchestra (FLO), an eclectic group of female musicians and technologists exploring co-located and distributed collaborative music making within different contexts and across different geographical locations. As a creative director of FLO since 2014, Nela co-ordinated 7 national and international FLO performances involving 36 collaborators from 21 different countries.

Talk #3 TBA

Note: Please aim to arrive by 18:15 as the event will start at 18:30 prompt.

Closing date for bookings is Tuesday 16th January 2018 at 11:30 pm. No more bookings will be taken after this date. For overseas delegates who wish to attend the event please note that BCS does not issue invitation letters


RISC-V, RISC-V, RISC-V – London

Risk-VThe BCS OSSG and the OSHUG are hosting their next event on 23rd November 201718:00 – 21:00 at BCS London, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA, [map] (51.510812-0.121733)

The event will be on the theme of RISC-V, an open ISA which started life at the University of California, Berkeley.

This event is free to attend for both BCS Members and non-members but booking is required. Places are limited; please book as soon as possible.

Bringing up cycle-accurate models of RISC-V cores

The openness of the RISC-V ISA has enabled the development of many open-source RISC-V cores with varying capabilities. Choosing an implementation that meets given requirements can be done to some extent by comparing specifications and other attributes of the cores, but any decision must be based on actual testing. Using Verilator to generate cycle-accurate models enables rapid development of testing platforms. This talk provides a report of our experience bringing up cycle-accurate models of two cores in particular, RI5CY from the PuLP project, and Clifford Wolf’s PicoRV32. For testing, a software ecosystem consisting of a compiler, binary utilities, debugger, and an interface between the model and debugger accompanies the Verilator model. To compare the cores, we used the GCC test suite and the RISC-V ISA test suite for measuring correctness, and the Bristol/Embecosm Embedded Benchmark Suite (BEEBS) to compare performance. All code and scripts used for the implementation are open-source, and can be re-used by others who wish to do similar exercises with other RISC-V cores.

Edward Jones has a background in parsing techniques and works at Embecosm on LLVM and GNU toolchains. He is also involved in research by Embecosm to investigate ways in which the software tool chain can reduce program energy consumption. Edward Jones is a Computer Science graduate of the University of Kent.

FreeBSD/RISC-V and Device Drivers

The FreeBSD port to RISC-V 64-bit ISA was added in January 2016. FreeBSD is the first operating system that officially supported RISC-V in the main repository. Since its introduction, support has evolved, RISC-V privileged architecture has updated a few times. The platform is maturing making it suitable for general, commercial, research and educational use. The GCC v7.0 target for RISC-V was officialy upstreamed and NVIDIA is planning to ship all of their GPUs with RISC-V coprocessor enabled in the future. Several companies have announced the start of RISC-V chip development and many universities are taking RISC-V as a target architecture for doing research. The world first RISC-V microcontroller-class board HiFive1 was released and we are getting closer to the first general purpose board to become available! This talk will describe the current status of FreeBSD/RISC-V, toolchain and supported simulators. The porting process as well as describing the latest changes made to FreeBSD in order to support the latest RISC-V privilege specification (v1.10). This includes enabling by default FDT support and drivers attachment change, SBI interface, compiler flags/built-in definition changes, support for updated BBL boot loader, RISC-V privilege levels, initial page tables build, page table entry flags and other changes. An overview of FreeBSD device drivers subsystem will also be covered describing the device frameworks, buses and kernel-interfaces that exists in FreeBSD (e.g. Newbus, cdevsw, bus_dma, SYSINIT, vt, sound, ifnet, spibus, etc), how to use and configure them and how to debug a device driver. This should answer the question: How to write device driver for FreeBSD/RISC-V?

Ruslan Bukin is a Research Associate at University of Cambridge Computer Laboratory. He has been a FreeBSD user since 2002 and src committer since 2013. His main interests and contributions to FreeBSD are related to computer architectures support, performance monitoring technologies support, hardware tracing technologies (Intel PT), devicedrivers, DMA engines and DMA frameworks, hardware security (Intel SGX, CHERI), heterogeneous computing. Ruslan is the lead developer of the FreeBSD/RISC-V project. He obtained a Computer Science degree in 2008 from Peoples’ Friendship University of Russia in Moscow

Talk #3 TBA

Note: Please aim to arrive by 18:15 as the event will start at 18:30 prompt.

Closing date for bookings is Tuesday 21st November 2017 at 11:30 pm. No more bookings will be taken after this date. For overseas delegates who wish to attend the event please note that BCS does not issue invitation letters


OSSG AGM, Reimagining EDSAC, NetBSD Updates, Semantic and Change Coupling of Software Classes – London 19/10/2017

The BCS OSSG is hosting its next event on 19th October 201718:00 – 21:00 at BCS London, 1st Floor, The Davidson Building, 5 Southampton Street, London, WC2E 7HA, [map] (51.510812-0.121733)

This event is free to attend for both BCS Members and non-members but booking is required. Places are limited; please book as soon as possible.

The meeting this month will start with the BCS OSSG AGM and this will be followed by a talk on recent and planned improvements to NetBSD, a report from Chip Hack EDSAC Challenge, and finally a talk on the interplay between semantic coupling and co-change of software.

BCS Open Source SG – AGM

All members of OSHUG are welcome to attend and OSHUG members are encouraged to put themselves forward to join the committee. In particular we would welcome anyone to join the event organizers who arrange the speakers for each month and the occasional all-day workshops. Currently we have Sevan Janiyan, @ndy Bennett and Andrew Back as event organizers on the committee.

Updates to the NetBSD operating system since OSHUG #57 & #58

NetBSDSince the workshops held earlier this year, numerous changes have been made to the NetBSD operating system to ensure future workshops are easier for users and work smoother from the outset. This talk will cover some of the improvements made so far and what’s currently in the works. From wrestling with the u-boot firmware to new tools included in the os and much more.

Sevan Janiyan is founder of Venture 37, which provides system administration & consultancy services. As a fan of operating systems and computers with different CPU architectures, in his spare time he maintains builds of open source software on a variety of systems featuring PowerPC, SPARC and armv7l CPUs. He hopes to own a NeXTcube & OMRON LUNA-88K2 one day.

Reimagining EDSAC: The ChipHack experience

ChiphackChipHack is an occasional 2 day workshop introducing students and hobbyists to FPGA design. This year, ChipHack was sponsored by the BCS OSSG and Computer Conservation Society. To celebrate the 60th anniversary of the BCS, the workshop was extended by half a day and attempted to reimagine one of the earliest valve computers, EDSAC, designed by the BCS’ founding president, Prof Sir Maurice Wilkes.

Merry Bennett led the team putting together the technical content of the workshop. She will report back on what was achieved, from the three implementations of the computer, to the diverse reimagining of the original peripherals. The result is a legacy of lectures and videos, to allow anyone to run their own ChipHack course.

The Interplay between Semantic Coupling and Co-Change of software classes

During maintenance, developers must ensure that related entities are updated to be consistent with these changes. Studies in the static change impact analysis domain have identified that a combination of source code and lexical information outperforms using each one when adopted independently. The presentation has two aims: first, to compare the effectiveness of measuring semantic coupling of OO software classes using (i) simple identifier based techniques and (ii) the word corpora of the entire classes in a software system. Second, to empirically investigate the interplay between semantic and change coupling.

Dr Andrea Capiluppi joined the Department of Computer Science at Brunel University London (UK), as a Lecturer in Software Development in May2012. Between 2009 and 2012 he was at University of East London, working as a Senior Lecturer in Software Engineering. Before that, he worked as a Senior Lecturer and at University of Lincoln between 2006 and 2009. Andrea’s research and teaching interests focus on Software Evolution and Maintenance, as well as the construction, evaluation and maintenance of Social Networks. Andrea is mostly interested in the use of open technologies and in understanding how they can improve learning and teaching as well as the production of software and other artefacts.

After-event follow up

Update from Judith Jones (Embecosm) on behalf of the organisers: Following our recent successful Chip Hack EDSAC Challenge, sponsored by
the BCS, I am pleased to provide you with feedback, as follows:

Of 80 registrations for the Chip Hack EDSAC 2017 event, 67 people attended.  The event was designed to be a collaborative learning experience and brought together 3 expert silicon chip designers, 11 experienced people, 17 people with some experience and 36 complete beginners.  The legacy of the event is a body of materials available under open source licence to enable people to run their own Chip Hack EDSAC events in the future, thereby making silicon chip design accessible to the individual engineer, whether professional, hobbyist or student.  The technical materials are freely available through http://chiphack.org/, myStorm boards will be freely loaned through the BCS (stored at, and managed by, Embecosm) and recordings of the workshops and talks will be available, post-editing, through https://www.youtube.com/user/embecosm.  In addition, Andrew Back is producing a documentary with the working title Chip Hack EDSAC Challenge.  Post-editing, a link to this will be placed on chiphack.org.

Half the workshop delegates completed an online survey geared towards the collection of qualitative feedback that can be used to improve Chip Hack in terms of running future events and the materials that are available.

The survey respondents reported that they understood FPGAs better after the event.   Half found the introduction to, and tutorials on, FPGAs and Verilog aided their understanding and the remainder benefited from being able to fine tune their prior knowledge and skills.  The face to face contact with people was noted as beneficial, particularly for people who were self-taught.  Reported difficulties experienced by some people will serve as guidance to make future chip hack events better, particularly for future delegates with little or no experience of FPGAs, Verilog and programming.  Respondents also identified gaps in the materials that are available on chiphack.org that will enhance people’s ability to run their own chip hack events.  Workshop participants report that they are likely to use the materials to run their own chip hack events and
improve their own understanding and knowledge.

Delegates appreciated hearing the history of EDSAC and anecdotes from people with first-hand knowledge and experience who knew key people from the era.

Feedback on the operational side of the event was not formally collected.  Verbally, delegates indicated their satisfaction with the conference facilities provided by Hebden  Bridge Town Hall and Embecosm’s production of the event, but it was noted that workshop delegates will need greater table space at future events.


ChipHack EDSAC Challenge – Hebden Bridge 6/9/2017

ChipHack

ChipHack EDSAC Challenge is a workshop spanning two-and-a-half days to introduce a new generation to silicon chip design and the historic EDSAC computer.

This workshop is suited to complete beginners, as well as people who are experienced chip designers.

With modern low cost FPGA boards silicon chip design is accessible to the individual engineer, whether professional, hobbyist or student.

This workshop starts from the basics (a chip design to flash an LED), works through more complex functionality (UART transmitter and receiver) and concludes by bringing up a complete processor.

The workshop will be built around a reimagining of EDSAC (designed by BCS founding President, Prof. Sir Maurice Wilkes) using modern technology. The workshop will use the MyStorm FPGA board, a modern low-cost board for educational use. (more…)


Open Source SG July Meeting – London 27/7/2017

The BCS OSSG is hosting its next event on 27th July 201718:00 – 21:00 at BCS London1st Floor, The Davidson Building5 Southampton StreetLondonWC2E 7HA, [map] (51.510812-0.121733)

This event is free to attend for both BCS Members and non-members but booking is required. Places are limited; please book as soon as possible.

The event will include talks on trust and provenance in Open Data at GDS, adding security to compilers (LADA project and SECURE project), extending a RISC ISA to add capability enhancements for improved security (CHERI project).

Further details will be added in the next few days.