Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Open Source - Open Doors, Open Potential

Open Source - Open Doors, Open Potential

Hendrik Ebbers

September 09, 2021
Tweet

More Decks by Hendrik Ebbers

Other Decks in Programming

Transcript

  1. This is a very very very long gag @hendrikEbbers Hendrik

    Ebbers • Karakun Co-Founder • Founder of JUG Dortmund • JSR EG member • JavaOne Rockstar, Java Champion • AdoptOpenJDK / Adoptium TSC member
  2. This is a very very very long gag @hendrikEbbers Hendrik

    Ebbers • I (and collect) boardgames • I STARWARS • I Hardrock • I Dogs
  3. This is a very very very long gag @hendrikEbbers Content

    • OpenSource FACTS • GitHub and Open Source Work fl ows • Automate everything • Foundations and open standards • How to start your open source career
  4. This is a very very very long gag @hendrikEbbers Facts

    about OpenSource • The usage of open source software is growing every year • Even most closed source projects depend on open source today • Today many companies trust in open source
  5. This is a very very very long gag @hendrikEbbers Why

    to use open source • What aspects were important to you when choosing open source based solutions in your company? 87 % 85 % open standards big community 81 % security 80 % no vendor lock-in 79 % stability 78 % cost savings transparency & trust 75 %
  6. This is a very very very long gag @hendrikEbbers Why

    do we trust? • Open source means that the sources of a product can be seen / requested by everyone • Open source does not mean that everybody can mutate the source
  7. This is a very very very long gag @hendrikEbbers Why

    is it more secure? • We are human • We create bugs • We create security issues • The developers of our 
 dependencies are 
 humans, too
  8. This is a very very very long gag @hendrikEbbers Why

    is it more secure? • Security issues can be found much faster • Security audits can be done by anybody
  9. This is a very very very long gag @hendrikEbbers Why

    is it more secure? • Based on GitHub there is a 59% change to receive a security alert / issue within the next 12 month 
 • Common Vulnerabilities and Exposures (CVE) 
 are tracked in open databases 
 (see http://cve.mitre.org) Based on your dependencies
  10. This is a very very very long gag @hendrikEbbers Why

    is it more secure? github.com • It is always important to know your dependencies • Especially when you do JavaScript...
  11. This is a very very very long gag @hendrikEbbers Why

    is it more secure? • Tools like dependabot automatically inform you on critical issues in your dependencies • Example based on CVE-2020-8203 (in lodash) Common JS lib 04.23.2012 vulerability created in lodash 07.08.2020 vulerability fi xed in lodash 07.15.2020 over 5 million projects receive dependabot alert 10.02.2020 over 40% of projects have upgraded to fi xed version github.com
  12. This is a very very very long gag @hendrikEbbers Facts

    about GitHub • 1.9 billion contributions in 2019 • Over 50 million registered developers users 2008 2020 2025 50 m 100 m
  13. This is a very very very long gag @hendrikEbbers New

    to Git(Hub) ? • Today GIT is the standard version control system (for open source) today. • Most modern open source projects are hosted at GitHub
  14. This is a very very very long gag @hendrikEbbers New

    to Git(Hub) ? • GitHub makes the usage of GIT very easy and provide visual tooling for work fl ows • But a user needs to understand GIT to contribute to projects • You can fi nd many very good tutorials online https://rogerdudler.github.io/git-guide/
  15. This is a very very very long gag @hendrikEbbers More

    than a repository • GitHub provides much more than just GIT repositories: • Issues • Wiki • Pull Requests • ...
  16. This is a very very very long gag @hendrikEbbers More

    than a repository • Best starting points are issues • Mostly all people start at GitHub by creating an issue for an open source project • Have you already created an issue?
  17. Add a Title Add a description. Try to add as

    much info as possible. Important: - How to reproduce the issue? - Why do you need it - Metadata (environment, version,…)
  18. This is a very very very long gag @hendrikEbbers Some

    important rules • Always be friendly • Ask questions • Listen to the project maintainers • Stay in touch
  19. This is a very very very long gag @hendrikEbbers Let's

    contribute • A Pull request is the work fl ow that allows user to contribute to projects • Pull requests let you tell others about changes you want to add to a repository • A pull request can be commented and reviewed • Follow-up commits can be added • The changes of a pull request can be merged by a maintainer of the project
  20. This is a very very very long gag @hendrikEbbers Some

    important rules • Do not create a pull request without an issue • Mention in the issue that you plan to do a pull request • Start with a small issue
  21. This is a very very very long gag @hendrikEbbers Preview

    + Test of Integration • Several tools can interact with GitHub • Automatically build & deploy pull request and integration results • Examples are Netli fl y or Heroku
  22. This is a very very very long gag @hendrikEbbers Pull

    Requests in Enterprise • GitHub published some average numbers regarding the timing of pull requests • The numbers are based on enterprise (non-hobby) projects pull request opened fi rst review done last review done pull request merged github.com review requested 1h 36m to merge pull request 54m till fi rst review 12m till merge
  23. This is a very very very long gag @hendrikEbbers First

    OpenJDK project at Git • JavaFX is (still) part of OpenJDK • JavaFX was the fi rst project of the OpenJDK that has been migrated to git & GitHub • With project Skara the OpenJDK is moved to git & GitHub https://github.com/openjdk/jfx
  24. This is a very very very long gag @hendrikEbbers First

    OpenJDK project at Git • Since OpenJDK projects are now hosted at GitHub contribution is super easy • Every GitHub user can create a PR (+ some paperwork to have you checked as a valid OpenJDK commiter)
  25. This is a very very very long gag @hendrikEbbers All

    OS Builds with GitHub Actions • OpenJDK projects already use GitHub Actions for CI tasks • Automatically build and test JavaFX on all 3 big operation systems for each pull request https://github.com/openjdk/jfx/pull/619/checks
  26. This is a very very very long gag @hendrikEbbers All

    OS Builds with GitHub Actions • GitHub Actions can do more • Every used test containers in an enterprise project? • Just let GitHub run thousands of integration tests for you
  27. This is a very very very long gag @hendrikEbbers PullRequests

    for OpenJDK • Happily more and more people of the Java community contribute to OpenJDK • Good tutorials and 'Getting started' guides are missing We are working on that issue
  28. This is a very very very long gag @hendrikEbbers Eclipse

    Adoptium • Eclipse Adoptium is the successor of AdoptOpenJDK 
 
 
 

  29. This is a very very very long gag @hendrikEbbers Eclipse

    Adoptium • Eclipse Adoptium is the successor of AdoptOpenJDK 
 
 
 • Adoptium WG is based on leaders of the ecosystem
  30. This is a very very very long gag @hendrikEbbers Eclipse

    Adoptium • Eclipse Adoptium is the successor of AdoptOpenJDK 
 
 
 
 • Eclipse Adoptium provides an OpenJDK distribution • That distribution is called Temurin
  31. This is a very very very long gag @hendrikEbbers Why

    not 'Eclipse AdoptOpenJDK' ? • The answer is quite simple: 
 
 
 
 
 • The Eclipse Foundation trademarks all names and 'AdoptOpenJDK' is just not trademark able OpenJDK Java ® ®
  32. The Eclipse Temurin Java runtime builds by Adoptium can not

    be named 'AdoptOpenJDK' since OpenJDK is owned by Oracle ™ ™ ® ™ ™ ®
  33. This is a very very very long gag Temurin by

    Adoptium OpenJDK Sources Temurin Installer Binaries / Distribution ci.adoptopenjdk.net (ci.adoptium.net in near future) adoptium.net github.com/adoptium/installer github.com/adoptium/jdk github.com/adoptium/jdk8u Build / CI Infrastructure github.com/adoptium/temurin8-binaries/releases github.com/adoptium/temurin11-binaries/releases github.com/adoptium/temurin16-binaries/releases github.com/adoptium/temurin17-binaries/releases Platform Builds AQAvit github.com/adoptium/temurin-build github.com/adoptium/aqa-tests * * Redirect to @hendrikEbbers
  34. This is a very very very long gag @hendrikEbbers Just

    call the distro 'Adoptium' ... • NO! We want to be convenient: 
 
 Like ___________ provides ___________ the Adoptium project provides Temurin Azul Systems Zulu Amazon Coretto Bellsoft Liberica Oracle Oracle JDK
  35. This is a very very very long gag @hendrikEbbers Why

    'Temurin' ? TEMURIN • The answer is quite simple: 
 
 
 
 

  36. This is a very very very long gag • The

    answer is quite simple: 
 
 
 
 
 @hendrikEbbers Why 'Temurin' ? N N N N O H3 C CH3 CH3 O N N N N O H3 C CH3 CH3 O CH3 O Caffeine Temurin
  37. This is a very very very long gag @hendrikEbbers Eclipse

    Adoptium is MORE • NO! Adoptium is much more than 'just the binaries': AQAVIT is the quality and runtime branding evaluation project for Java SE runtimes and associated technology. Any Java runtime Open source AQAVIT test & benchmark suite Enterprise ready runtime
  38. This is a very very very long gag @hendrikEbbers Eclipse

    Adoptium is MORE • NO! Adoptium is much more than 'just the binaries':
  39. This is a very very very long gag @hendrikEbbers Eclipse

    Adoptium is MORE • Adoptium is much more than 'just the binaries': Community
  40. This is a very very very long gag @hendrikEbbers Open

    Speci fi cations • JakartaEE / Micropro fi le is not 'old JavaEE' 
 • JakartaEE / Micropro fi le speci fi cations are used by Spring Boot, Micronaut, Quarkus, ... • When you create enterprise applications and (micro-)services in Java you need to know and use the specs
  41. This is a very very very long gag @hendrikEbbers Open

    Speci fi cations • A spec always contains 3 parts: • API that contains the Java interfaces, annotations... • SPEC that contains the documentation of the API, its usage and interoperability with other speci fi cations • TCK that contains a test kit to validate the full functionality of an implementation
  42. This is a very very very long gag @hendrikEbbers Eclipse

    Foundation • Both JakartaEE and Micropro fi le are top level projects at Eclipse Foundation • An open source foundation allows a transparent and solid support and sponsoring by companies and organisations • An open source foundation provides work fl ows, rules, infrastructure and support (for example in marketing issues)
  43. This is a very very very long gag @hendrikEbbers Eclipse

    Foundation • All projects and speci fi cations are hosted at GitHub • Everybody can do a pull request • Contributions and discussions are more than welcome • Attend a meeting to start your open source journey! https://bit.ly/3l4I4E5 Jakarta EE Community Calendar
  44. This is a very very very long gag @hendrikEbbers Hacktoberfest

    • A month long celebration of open source software • It happens every year in October. • Everyone can support open-source by contributing changes, and then earn a limited edition swag https://hacktoberfest.digitalocean.com Visit
  45. This is a very very very long gag @hendrikEbbers Good

    First Issue • Search for issues that are labeled with 'good fi rst issue' • As a maintainer take care to have such issues... • ... with a good description and additional help
  46. This is a very very very long gag @hendrikEbbers Good

    First Issue Description of the issue Best to add examples and name needed Actions Generic information Step by step information of the work fl ow Generic information of the project Links for questions, documentation and contact options
  47. This is a very very very long gag @hendrikEbbers Cyberland

    OS Camp • Du fi ndest die gezeigten Themen spannende • Du hast keine Ahnung wo du anfangen sollst? • Das Cyberland hat ein neues Event-Format für dich!
  48. This is a very very very long gag @hendrikEbbers Cyberland

    OS Camp • Lass uns zusammen an Open Source Projekten arbeiten • Lass uns zusammen die (ersten) Hürden nehmen • Lass dir helfen ein Commiter zu werden
  49. This is a very very very long gag @hendrikEbbers Cyberland

    OS Camp 29.09.2021 - 18:00 Virtuelles Event https://cyberland.ijug.eu/2021-09-open-source-camp/ https://bit.ly/3yTLezf
  50. This is a very very very long gag @hendrikEbbers Cyberland

    OS Camp • Keynote von Adam Bien • Vorstellung der Eclipse Projekte von 
 Commiter:innen
  51. This is a very very very long gag @hendrikEbbers Cyberland

    OS Camp • Keynote von Adam Bien • Vorstellung der Eclipse Projekte von 
 Commiter:innen Wenn dieser Vortrag wieder zum besten gewählt wird, gibt es nächstes Jahr einen Adam Bien Starschnitt zum Ausdrucken !!!
  52. This is a very very very long gag @hendrikEbbers Cyberland

    OS Camp • Keynote von Adam Bien • Vorstellung der Eclipse Projekte von 
 Commiter:innen Wenn dieser Vortrag wieder zum besten gewählt wird, gibt es nächstes Jahr einen Adam Bien Starschnitt zum Ausdrucken !!! Scherz!!! Wenn dieser Vortrag nicht gewählt wird, gibt es einen Starschnitt von mir!!!!
  53. This is a very very very long gag @hendrikEbbers Cyberland

    OS Camp • Viel wichtiger: Wir hacken zusammen und wollen unsere ersten PRs für Adoptium / JakartaEE umsetzen
  54. This is a very very very long gag @hendrikEbbers iJUG

    Open Source Stipendium • Der iJUG möchte seine 
 Mitglieder:innen fördern • Der iJUG ist Eclipse Member & 
 Mitglied in den Adoptium, Micropro fi le & JakartaEE Arbeitsgruppen • Fördert Mitarbeit an Projekten z.B. durch Freikarte zum JavaLand https://github.com/ijug-ev/Stipendium
  55. This is a very very very long gag @hendrikEbbers Call

    for Action • Contribution to open source projects becomes easier every day • Join initiatives like the Cyberland open source camp • Start with simple tasks like typos or documentation • Ask questions, create issues, listen to other commiters