Robin Kennedy, Knowledge Transfer Manager – Cyber Security, KTN
Innovate UK currently have a grant-funding competition open for one more week which may be of particular interest to the open-source community. It’s part of the Digital Security by Design(DSbD) challenge which is investing in projects that help the UK digital computing infrastructure to become more secure.
Development of the ‘Digital Security by Design’ Software Ecosystem
An opportunity for SME stakeholders from across the software development spectrum to explore and investigate requirements, dependencies, and a range of potential complexities associated with the adoption of the Digital Security by Design technologies.
Full competition details are here – the Dates tab includes a link to the recording of the briefing event from late November.
The competition headlines are
Only open to applications from UK registered SMEs
Fast-Start Short-Term Projects – six months of maximum project length
Total Eligible Costs per project : £40,000 – £80,000
Closing Date NEXT WEEK – Wednesday 13th January 11:00am
Total funding available £1.5 million – will be paid de minimus (i.e. 100% funded)
Many open-source projects target existing, commercial hardware without official support from the hardware vendor. Some of the most famous examples include Linux and the GCC compiler; which all started as third party projects.
These days both of these projects see significant support from large hardware companies and are used as the official tooling for many widely sold products. Both now see significant first-party contributions from hardware vendors.
Over the last three years, I have been part of the community developing open source tooling for field-programmable gate arrays (FPGAs). These are programmable logic chips with great potential for “post Moore’s law” reconfigurable computing with many promising applications from consumer devices to datacentres.
In general, FPGA companies have not published the low-level details of the devices – unlike CPUs, where the instruction set is almost always public. The expectation is that everyone uses the closed-source vendor-specific toolchain provided.
As a result, to develop a complete open-source flow from design to device programming for most FPGAs, the low-level “bitstream” details must be documented by creating a large number of designs using the vendor-provided tools and examining the output. Claire Wolf did this for the Lattice iCE40 FPGAs five years ago in Project Icestorm. Subsequently, I created open-source documentation for their larger ECP5 FPGAs.
In both cases, combined with the low cost and simplicity of these Lattice parts, these projects have led to popular open-source flows for both devices. From this has sprung a number of open source development boards such as the myStormBlackIce, icebreaker and ULX3S.
Vendors are now acknowledging the importance of open source
Whilst downloading a newly released Lattice SDK, I found there was a new clause in the license agreement prohibiting this bitstream documentation. Fortunately, this SDK doesn’t directly affect any of the currently supported devices, but it would have become problematic if all their tools sport this license in the future:
e. Licensee shall not distribute, copy, transfer, lend, incorporate, modify, use or sublicense the Software or any Modules for any purpose except as expressly provided herein or as otherwise permitted under relevant law, or in advance by Lattice in writing. In particular, no right is granted hereunder … or (3) for reverse engineering a bit stream format or other signaling protocol of any Lattice Semiconductor Corporation programmable logic device.
Thanks to lobbying from the community, it is great to see that Lattice has shown commitment to open source by promptly removing the clause after being contacted about it, going as far as to publish a message of appreciation for the open-source community on Twitter:
Thanks for pointing out a new bitstream usage restriction in the Lattice Propel license. It is not our intent to hinder open source tools. See https://bit.ly/3eUM3OD re an updated license. We are excited with the open source community’s FPGA achievements and their potential.
This is a risk that Lattice has taken, but it is one that resonates well with the open-source toolchain developers and will hopefully yield good results for them in the future. It also shows the power of a strong open source community to achieve good results from companies and the growing awareness for the open source.
I hope that as time progresses we see more support for open source tools from FPGA vendors, perhaps even reaching a similar point to established open -source software tooling.
David Shah is a self-employed developer working on nextpnr, the open source FPGA place-and-route tool. His previous work also includes Project Trellis, open source bitstream documentation for the Lattice ECP5 FPGAs.
A comment by Julian Kunkel, Simon Worthington, Jeremy Bennett, Andy Bennett
Governments worldwide are developing smartphone apps that track the location and movement profile of citizens in order to quickly identify contact persons of COVID-19 infections. According to The Financial Times, if even 40% of smartphone users install such an application, the infection levels would be significantly reduced in the UK. Therefore, the widespread usage of such an application is an important instrument in the current crisis.
How could such a smartphone app work? In a nutshell, a device can scan other nearby devices and exchange device IDs, for example, using Bluetooth. This information then needs to be stored with a timestamp. If the owner of a device contracts the virus, s/he could indicate this fact in the app allowing to associate the own device ID with the information that s/he may have infected others. This data then needs to be recorded on a server to allow the app of other users to query the register and then compare any contact information with the register of COVID-19 victims.
This post is part of the OSSG series “the role of open source in the UK”, where we collect and publish statements from companies and individuals in the UK regarding their experience with Open Source Software. We welcome any submission to this series. If you are interested, please send an email to Dr Julian Kunkel.
by Dr Julian Kunkel, Lecturer, Department of Computer Science, University of Reading
Open source is vital in providing teaching, in conducting research in computer science, and in enabling reproducible large-scale experiments in computational science that support the society. In this post, Julian describes his experience with Open Source in his career.
The Relevance of Open Source: A Personal Statement
Open-source software is for me the key enabler for productive work and for providing training and research environments for various reasons. Firstly, in my own work environment, I rely upon Ubuntu as the operating system to give me the freedom to conduct research and programming experiments easily on my laptop that can later be scaled up to data-center wide experiments.
Having full control over the system and easy means to repair a broken system, I haven’t lost any data in my 20-year usage of Linux albeit my work often requires to perform rigorous stress-testing of hardware components. I have high confidence and trust in the software stack due to the openness of the software stack. There are no hidden data transmission of private data and proper security schemes in place that protect my data and research. Another benefit I acknowledge is that key APIs are robust and software I rely on that has started to be developed 20 years ago can still be used.
For the last year or so, Open Source educational and advocacy work by our think tank, OpenForum Europe, has been framed by a key question: “Why did Open Source Software development end up as an unintended casualty in the original proposal of the EU’s Copyright Directive?”
In a time when
the digital transformation is at the heart of many policy discussions in
Brussels, and when Open Source-dependent technology such as IoT, Cloud,
blockchain and supercomputers are hot topics, no one involved in drafting the
legislation thought of software development. In short, the platforms and
repositories used by developers to drive the digital transformation through the
collaborative development of code were forgotten.
the platforms fell into the scope of the Copyright Directive’s filtering
obligations, they ran the risk of being regulated out of practical existence in
the EU, or at least their users would experience a very negative cooling effect
In response to this regulatory risk, OpenForum Europe and the Free Software Foundation Europe started the SaveCodeshare.eu campaign. In the end we were successful in excluding software platforms from the final law. That said (and there is a lot to say about the process of getting there and the many other consequences of the Copyright Directive as a whole) our main takeaway was the grim realisation that Open Source software was overlooked, despite software being largely regulated by copyright law.
On the one hand,
this says something about knowledge gaps that exist among policy makers. But on
the other hand, it also says something about the state of Open Source advocacy
in Europe. Advocacy has not followed the times and is way behind reflecting the
reality of the role and position of Open Source in everything digital.
Open Source advocacy is still reactive. Communities of activists and advocates should (perhaps must) build the capacity to be proactive.
The need for a
maturing of Open Source representation in politics goes beyond simply not being
overlooked when drafting digitally relevant legislation. In our view, with Open
Source having gone mainstream, there are new risks and opportunities arising.
That means that the political conversation around Open Source has to go beyond
what it has focused on in the past, to how to become acknowledged as being of
strategic importance for Europe’s digital future.
To be part of that
conversation, the Open Source ecosystem needs to build the capacity to become
trusted partners of governments and public authorities, in order to capture the
We believe that
to make that happen, to not just fend off regulatory risk, but also capture the
opportunities that are out there, all stakeholders in the ecosystem need to
step up. From the developers, Open Source vendors to the large IT and
industrial companies that develop and/or depend on Open Source’s innovative
benefits, there needs to be more effort, energy and resources spent on
political representation and educational efforts.
We have to at least take on the collective responsibility to make sure that Open Source Software never becomes an unintended casualty again. For those stakeholders that look further than defensive efforts, we need to be part of the conversations around the digitization of all sectors of our society. It is also our responsibility to do our part in ensuring that the much talked about Digital Sovereignty describes a digital reality that is neither locked-in to a small group of monopolistic vendors or for that matter, a chauvinist approach of a Europe closed for global collaboration.