Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Open Source - Open Doors, Open Potential

Open Source - Open Doors, Open Potential

Hendrik Ebbers

September 09, 2021
Tweet

More Decks by Hendrik Ebbers

Other Decks in Programming

Transcript

  1. Open Source


    Open Doors - Open Potential

    View Slide

  2. This is a very very very long gag
    @hendrikEbbers
    Hendrik Ebbers
    • Karakun Co-Founder


    • Founder of JUG Dortmund


    • JSR EG member


    • JavaOne Rockstar, Java Champion


    • AdoptOpenJDK / Adoptium TSC member

    View Slide

  3. This is a very very very long gag
    @hendrikEbbers
    Hendrik Ebbers
    • I (and collect) boardgames


    • I STARWARS


    • I Hardrock


    • I Dogs

    View Slide

  4. This is a very very very long gag
    @hendrikEbbers
    Content
    • OpenSource FACTS


    • GitHub and Open Source Work
    fl
    ows


    • Automate everything


    • Foundations and open standards


    • How to start your open source career

    View Slide

  5. OpenSource today

    View Slide

  6. This is a very very very long gag
    @hendrikEbbers
    Facts about OpenSource
    • The usage of open source software is growing every
    year


    • Even most closed source projects depend on open
    source today


    • Today many companies trust in open source


    View Slide

  7. This is a very very very long gag
    @hendrikEbbers
    Why to use open source
    • What aspects were important to you when choosing
    open source based solutions in your company?
    87 % 85 %
    open standards big community
    81 %
    security
    80 %
    no vendor lock-in
    79 %
    stability
    78 %
    cost savings transparency & trust
    75 %

    View Slide

  8. This is a very very very long gag
    @hendrikEbbers
    Why do we trust?
    • Open source means that the sources of a product can
    be seen / requested by everyone


    • Open source does not mean that everybody can
    mutate the source

    View Slide

  9. This is a very very very long gag
    @hendrikEbbers
    Why is it more secure?
    • We are human


    • We create bugs


    • We create security issues


    • The developers of our

    dependencies are

    humans, too

    View Slide

  10. This is a very very very long gag
    @hendrikEbbers
    Why is it more secure?
    • Security issues can be found much
    faster


    • Security audits can be done by
    anybody


    View Slide

  11. This is a very very very long gag
    @hendrikEbbers
    Why is it more secure?
    • Based on GitHub there is a 59% change to receive a
    security alert / issue within the next 12 month

    • Common Vulnerabilities and Exposures (CVE)

    are tracked in open databases

    (see http://cve.mitre.org)


    Based on your dependencies

    View Slide

  12. This is a very very very long gag
    @hendrikEbbers
    Why is it more secure?
    github.com

    View Slide

  13. This is a very very very long gag
    @hendrikEbbers
    Why is it more secure?
    github.com
    • It is always important to know
    your dependencies


    • Especially when you do
    JavaScript...


    View Slide

  14. This is a very very very long gag
    @hendrikEbbers
    Why is it more secure?
    • Tools like dependabot automatically inform you on
    critical issues in your dependencies


    • Example based on CVE-2020-8203 (in lodash)


    Common JS lib
    04.23.2012
    vulerability created in
    lodash
    07.08.2020
    vulerability
    fi
    xed in
    lodash
    07.15.2020
    over 5 million projects
    receive dependabot
    alert
    10.02.2020
    over 40% of projects
    have upgraded to
    fi
    xed
    version
    github.com

    View Slide

  15. GitHub

    View Slide

  16. This is a very very very long gag
    @hendrikEbbers
    Facts about GitHub
    • 1.9 billion contributions in 2019


    • Over 50 million registered developers users
    2008 2020 2025
    50 m
    100 m

    View Slide

  17. This is a very very very long gag
    @hendrikEbbers
    New to Git(Hub) ?
    • Today GIT is the standard version control system (for
    open source) today.


    • Most modern open source projects are hosted at
    GitHub


    View Slide

  18. This is a very very very long gag
    @hendrikEbbers
    New to Git(Hub) ?
    • GitHub makes the usage of GIT very easy and provide
    visual tooling for work
    fl
    ows


    • But a user needs to understand GIT to contribute to
    projects


    • You can
    fi
    nd many very good tutorials online
    https://rogerdudler.github.io/git-guide/

    View Slide

  19. This is a very very very long gag
    @hendrikEbbers
    More than a repository
    • GitHub provides much more than just GIT repositories:


    • Issues


    • Wiki


    • Pull Requests


    • ...

    View Slide

  20. This is a very very very long gag
    @hendrikEbbers
    More than a repository
    • Best starting points are issues


    • Mostly all people start at GitHub by creating an issue
    for an open source project


    • Have you already created an issue?

    View Slide

  21. View Slide

  22. View Slide

  23. View Slide

  24. Add a Title
    Add a description. Try to add as much info as possible.


    Important:


    - How to reproduce the issue?


    - Why do you need it


    - Metadata (environment, version,…)

    View Slide

  25. View Slide

  26. This is a very very very long gag
    @hendrikEbbers
    Some important rules
    • Always be friendly


    • Ask questions


    • Listen to the project maintainers


    • Stay in touch

    View Slide

  27. Pull Request

    View Slide

  28. This is a very very very long gag
    @hendrikEbbers
    Let's contribute
    • A Pull request is the work
    fl
    ow that allows user to contribute to
    projects


    • Pull requests let you tell others about changes you want to add to
    a repository


    • A pull request can be commented and reviewed


    • Follow-up commits can be added


    • The changes of a pull request can be merged by a maintainer of
    the project

    View Slide

  29. View Slide

  30. View Slide

  31. This is a very very very long gag
    @hendrikEbbers
    Some important rules
    • Do not create a pull request without an issue


    • Mention in the issue that you plan to do a pull
    request


    • Start with a small issue

    View Slide

  32. This is a very very very long gag
    @hendrikEbbers
    Reviews

    View Slide

  33. View Slide

  34. This is a very very very long gag
    @hendrikEbbers
    Preview + Test of Integration
    • Several tools can
    interact with GitHub


    • Automatically build &
    deploy pull request
    and integration results


    • Examples are Netli
    fl
    y
    or Heroku

    View Slide

  35. This is a very very very long gag
    @hendrikEbbers
    Pull Requests in Enterprise
    • GitHub published some average numbers regarding
    the timing of pull requests


    • The numbers are based on enterprise (non-hobby)
    projects
    pull request opened
    fi
    rst review done last review done pull request merged
    github.com
    review requested
    1h 36m to merge pull request
    54m till
    fi
    rst review 12m till merge

    View Slide

  36. JavaFX

    View Slide

  37. This is a very very very long gag
    @hendrikEbbers
    First OpenJDK project at Git
    • JavaFX is (still) part of OpenJDK


    • JavaFX was the
    fi
    rst project of the OpenJDK that has
    been migrated to git & GitHub


    • With project Skara the OpenJDK is moved to git &
    GitHub
    https://github.com/openjdk/jfx

    View Slide

  38. This is a very very very long gag
    @hendrikEbbers
    First OpenJDK project at Git
    • Since OpenJDK projects are now hosted at GitHub
    contribution is super easy


    • Every GitHub user can create a PR (+ some paperwork
    to have you checked as a valid OpenJDK commiter)

    View Slide

  39. This is a very very very long gag
    @hendrikEbbers
    All OS Builds with GitHub Actions
    • OpenJDK projects already use GitHub
    Actions for CI tasks


    • Automatically build and test JavaFX
    on all 3 big operation systems for
    each pull request
    https://github.com/openjdk/jfx/pull/619/checks

    View Slide

  40. This is a very very very long gag
    @hendrikEbbers
    All OS Builds with GitHub Actions
    • GitHub Actions can do more


    • Every used test containers in an
    enterprise project?


    • Just let GitHub run thousands of
    integration tests for you

    View Slide

  41. This is a very very very long gag
    @hendrikEbbers
    PullRequests for OpenJDK
    • Happily more and more
    people of the Java
    community contribute to
    OpenJDK


    • Good tutorials and 'Getting
    started' guides are missing
    We are working on that issue

    View Slide

  42. Eclipse Adoptium

    View Slide

  43. This is a very very very long gag
    @hendrikEbbers
    Eclipse Adoptium
    • Eclipse Adoptium is the successor of AdoptOpenJDK




    View Slide

  44. This is a very very very long gag
    @hendrikEbbers
    Eclipse Adoptium
    • Eclipse Adoptium is the successor of AdoptOpenJDK



    • Adoptium WG is based on leaders of the ecosystem

    View Slide

  45. This is a very very very long gag
    @hendrikEbbers
    Eclipse Adoptium
    • Eclipse Adoptium is the successor of AdoptOpenJDK




    • Eclipse Adoptium provides an OpenJDK distribution


    • That distribution is called Temurin

    View Slide

  46. This is a very very very long gag
    @hendrikEbbers
    Why not 'Eclipse AdoptOpenJDK' ?
    • The answer is quite simple:





    • The Eclipse Foundation trademarks all names and
    'AdoptOpenJDK' is just not trademark able
    OpenJDK Java
    ® ®

    View Slide

  47. The Eclipse Temurin Java runtime
    builds by Adoptium can not be
    named 'AdoptOpenJDK' since
    OpenJDK is owned by Oracle
    ™ ™
    ®

    ™ ®

    View Slide

  48. View Slide

  49. This is a very very very long gag
    Temurin by Adoptium
    OpenJDK Sources
    Temurin Installer
    Binaries / Distribution
    ci.adoptopenjdk.net


    (ci.adoptium.net in near future)
    adoptium.net
    github.com/adoptium/installer
    github.com/adoptium/jdk


    github.com/adoptium/jdk8u
    Build / CI Infrastructure
    github.com/adoptium/temurin8-binaries/releases


    github.com/adoptium/temurin11-binaries/releases


    github.com/adoptium/temurin16-binaries/releases


    github.com/adoptium/temurin17-binaries/releases
    Platform Builds AQAvit
    github.com/adoptium/temurin-build
    github.com/adoptium/aqa-tests
    *
    *
    Redirect to
    @hendrikEbbers

    View Slide

  50. This is a very very very long gag
    @hendrikEbbers
    Just call the distro 'Adoptium' ...
    • NO! We want to be convenient:


    Like ___________ provides ___________ the Adoptium
    project provides Temurin
    Azul Systems Zulu
    Amazon Coretto
    Bellsoft Liberica
    Oracle Oracle JDK

    View Slide

  51. This is a very very very long gag
    @hendrikEbbers
    Why 'Temurin' ?
    TEMURIN
    • The answer is quite simple:





    View Slide

  52. This is a very very very long gag
    • The answer is quite simple:





    @hendrikEbbers
    Why 'Temurin' ?
    N
    N
    N
    N
    O
    H3
    C
    CH3
    CH3
    O
    N
    N
    N
    N
    O
    H3
    C
    CH3
    CH3
    O
    CH3
    O
    Caffeine Temurin

    View Slide

  53. This is a very very very long gag
    @hendrikEbbers
    Eclipse Adoptium is MORE
    • NO! Adoptium is much more than 'just the binaries':
    AQAVIT is the quality and runtime branding
    evaluation project for Java SE runtimes and
    associated technology.
    Any Java runtime
    Open source AQAVIT test &
    benchmark suite
    Enterprise ready runtime

    View Slide

  54. This is a very very very long gag
    @hendrikEbbers
    Eclipse Adoptium is MORE
    • NO! Adoptium is much more than 'just the binaries':

    View Slide

  55. This is a very very very long gag
    @hendrikEbbers
    Eclipse Adoptium is MORE
    • Adoptium is much more than 'just the binaries':
    Community

    View Slide

  56. JakartaEE &
    MicroPro
    fi
    le

    View Slide

  57. This is a very very very long gag
    @hendrikEbbers
    Open Speci
    fi
    cations
    • JakartaEE / Micropro
    fi
    le is not 'old JavaEE'

    • JakartaEE / Micropro
    fi
    le speci
    fi
    cations are used by Spring
    Boot, Micronaut, Quarkus, ...


    • When you create enterprise applications and
    (micro-)services in Java you need to know and use the
    specs

    View Slide

  58. This is a very very very long gag
    @hendrikEbbers
    Open Speci
    fi
    cations
    • A spec always contains 3 parts:


    • API that contains the Java interfaces, annotations...


    • SPEC that contains the documentation of the API, its
    usage and interoperability with other speci
    fi
    cations


    • TCK that contains a test kit to validate the full
    functionality of an implementation

    View Slide

  59. This is a very very very long gag
    @hendrikEbbers
    Eclipse Foundation
    • Both JakartaEE and Micropro
    fi
    le are top level projects at
    Eclipse Foundation


    • An open source foundation allows a transparent and
    solid support and sponsoring by companies and
    organisations


    • An open source foundation provides work
    fl
    ows, rules,
    infrastructure and support (for example in marketing
    issues)

    View Slide

  60. This is a very very very long gag
    @hendrikEbbers
    Eclipse Foundation
    • All projects and speci
    fi
    cations are hosted at GitHub


    • Everybody can do a pull request


    • Contributions and discussions are more than welcome


    • Attend a meeting to start your open source journey!
    https://bit.ly/3l4I4E5
    Jakarta EE Community Calendar

    View Slide

  61. Hacktoberfest

    View Slide

  62. This is a very very very long gag
    @hendrikEbbers
    Hacktoberfest
    • A month long celebration of open source software


    • It happens every year in October.


    • Everyone can support open-source by contributing
    changes, and then earn a limited edition swag
    https://hacktoberfest.digitalocean.com
    Visit

    View Slide

  63. This is a very very very long gag
    @hendrikEbbers
    Good First Issue
    • Search for issues that are
    labeled with 'good
    fi
    rst issue'


    • As a maintainer take care to
    have such issues...


    • ... with a good description and
    additional help

    View Slide

  64. This is a very very very long gag
    @hendrikEbbers
    Good First Issue
    Description of the issue


    Best to add examples and name
    needed Actions
    Generic information


    Step by step information of the
    work
    fl
    ow


    Generic information of the project


    Links for questions, documentation
    and contact options

    View Slide

  65. Cyberland

    View Slide

  66. This is a very very very long gag
    @hendrikEbbers
    Cyberland OS Camp
    • Du
    fi
    ndest die gezeigten
    Themen spannende


    • Du hast keine Ahnung wo du
    anfangen sollst?


    • Das Cyberland hat ein neues
    Event-Format für dich!

    View Slide

  67. This is a very very very long gag
    @hendrikEbbers
    Cyberland OS Camp
    • Lass uns zusammen an Open
    Source Projekten arbeiten


    • Lass uns zusammen die
    (ersten) Hürden nehmen


    • Lass dir helfen ein Commiter
    zu werden

    View Slide

  68. This is a very very very long gag
    @hendrikEbbers
    Cyberland OS Camp
    29.09.2021 - 18:00


    Virtuelles Event


    https://cyberland.ijug.eu/2021-09-open-source-camp/
    https://bit.ly/3yTLezf

    View Slide

  69. This is a very very very long gag
    @hendrikEbbers
    Cyberland OS Camp
    • Keynote von Adam Bien


    • Vorstellung der Eclipse Projekte von

    Commiter:innen

    View Slide

  70. This is a very very very long gag
    @hendrikEbbers
    Cyberland OS Camp
    • Keynote von Adam Bien


    • Vorstellung der Eclipse Projekte von

    Commiter:innen
    Wenn dieser Vortrag wieder zum
    besten gewählt wird, gibt es nächstes
    Jahr einen Adam Bien Starschnitt
    zum Ausdrucken !!!

    View Slide

  71. This is a very very very long gag
    @hendrikEbbers
    Cyberland OS Camp
    • Keynote von Adam Bien


    • Vorstellung der Eclipse Projekte von

    Commiter:innen
    Wenn dieser Vortrag wieder zum
    besten gewählt wird, gibt es nächstes
    Jahr einen Adam Bien Starschnitt
    zum Ausdrucken !!!
    Scherz!!! Wenn dieser Vortrag nicht
    gewählt wird, gibt es einen
    Starschnitt von mir!!!!

    View Slide

  72. This is a very very very long gag
    @hendrikEbbers
    Cyberland OS Camp
    • Viel wichtiger: Wir hacken zusammen und wollen
    unsere ersten PRs für Adoptium / JakartaEE umsetzen

    View Slide

  73. This is a very very very long gag
    @hendrikEbbers
    iJUG Open Source Stipendium
    • Der iJUG möchte seine

    Mitglieder:innen fördern


    • Der iJUG ist Eclipse Member &

    Mitglied in den Adoptium, Micropro
    fi
    le & JakartaEE
    Arbeitsgruppen


    • Fördert Mitarbeit an Projekten z.B. durch Freikarte zum
    JavaLand
    https://github.com/ijug-ev/Stipendium

    View Slide

  74. Let's work together

    View Slide

  75. This is a very very very long gag
    @hendrikEbbers
    Call for Action
    • Contribution to open source projects becomes easier
    every day


    • Join initiatives like the Cyberland open source camp


    • Start with simple tasks like typos or documentation


    • Ask questions, create issues, listen to other commiters

    View Slide

  76. Stay safe & healthy

    View Slide

  77. @hendrikEbbers
    dev.karakun.com

    View Slide