FOSDEM '09 is a free and non-commercial event organized by the community, for the community. Its goal is to provide Free and Open Source developers a place to meet.



Interview: Joe Brockmeier

Joe Brockmeier will give a talk about openSUSE at FOSDEM 2009.

Could you briefly introduce yourself?

My name's Joe Brockmeier - most people call me Zonker. I'm the community manager for openSUSE.

What will your talk be about, exactly?

About one hour long. :-)

Seriously, I plan to talk about openSUSE - where we're at, where the project is going, how to get involved, some of the tools we use that may be of interest to any Linux developer or FOSS contributor, and so on.

Show up and see! :-)

What do you hope to accomplish by giving this talk? What do you expect?

I'd like to inform people about openSUSE, encourage them to work with us -- if not on the distro itself, then on some of the platform tools (i.e., the openSUSE Build Service) and in finding ways to collaborate with us.

What does your job as openSUSE Community Manager at Novell look like?

Well, it's a lot of fun, very hectic and eclectic. I find myself working on a lot of different projects and tasks -- everything from giving talks at shows like FOSDEM, to show planning and budgeting, to actually working with the community and trying to work with our internal and external contributors.

How do you think openSUSE will evolve in the next 2-3 years?

I think the distro will continue to improve, continue to become easier to use, and will become radically easier to contribute to and develop on top of. The stuff that's being done to improve Factory as a development distribution and around the openSUSE Build Service is going to be amazingly good for openSUSE and likely other projects as well.

What are the biggest advantages of openSUSE? And the biggest disadvantages you would like to have solved?

Well, we have the openSUSE Build Service, YaST, Zypper, lots of great tools around the distro. But our biggest "advantage" is our contributor community. We have an awesome group of contributors, we just need to enable more and find better ways for our existing community to contribute more efficiently.

Our main focus should be on getting rid of any unnecessary hurdles to contributions. Having a well-defined roadmap, improving communication, and so forth.

How would you describe the openSUSE community? Is it friendly to new users?

I'd describe the community as a very smart, very focused and professional group -- people who are really interested in putting Linux on as many computers as possible.

Yes, I believe we're friendly to new users - in many ways. One of the goals of the project is for openSUSE to be the easiest Linux to get and use, and we're also interested in helping new users. Like any FOSS project, there are bound to be a few folks who are a bit gruff, but overall we're absolutely friendly to new users.

What do you consider the biggest openSUSE success stories?

Well, any of the millions of people who are using openSUSE successfully and getting their work (and play...) done on Linux thanks to openSUSE count as a success story as far as I'm concerned.

But, some of the things we've announced in the last year:

  • The 1.0 release of the openSUSE Build Service
  • The collaboration between Novell, the openSUSE Education Project, and HP
  • The work that's going on with the openSUSE Build Service and a port to the ARM architecture
  • The 11.0 and 11.1 releases -- which were very well received, and have been downloaded and installed literally *millions* of times now.
  • The inclusion of Smolt by default in 11.1 -- a minor collaboration with Fedora, which I hope will be one of many.
  • The new license in 11.1

And plenty of other major accomplishments.

You have been working for years as a technology journalist, writing about Linux and open source for several publications. Why did you decide to change careers and join Novell?

Primarily because I wanted to be directly involved with a project, rather than just writing about them. I think that openSUSE is a fantastic distro with a lot of great people working on it -- but not getting the attention that it deserves. My feeling was that this was a project I could make a difference in, and I hope that I have at least to some degree helped raise the profile of openSUSE.

I also had some concerns about the overall health of the tech publishing industry (which have been borne out), and felt like I needed a change. As Heinlein said "specialization is for insects," and my feeling is that the ability to do more than one type of work is really important.

If I ever go back to journalism, I'd be a far better tech journalist for having worked as part of the openSUSE Project and for having worked at Novell (or any vendor, to be fair). There's a lot that is opaque to reporters who haven't worked in the tech industry, and while I'd hesitate to say that tech journalists *should* work on the vendor side, I will say that it certainly improves perspective.

It's been an interesting year. Never a dull moment, except maybe some of the longer flights. :-)

Were you an openSUSE user before you joined Novell?

Yep, off and on. As you pointed out, I was a tech journalist covering Linux, so I switched distros quite a lot over the years. I also used SUSE for quite some time, so I have a long history with the Geeko. :-)

I do miss having time to really try out the other Linux distros. While I am perfectly happy with my openSUSE systems, it'd be fun to see what's being done with other distros like I did when doing product reviews. At heart, I love the Linux community and the technology, and I'm really happy to be involved with openSUSE and all the great work that's going on.

Creative Commons License
This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.

Last speaker interviews

To finish our collection of informative interviews with FOSDEM 2009 main track speakers, we proudly present:

See you at FOSDEM!

Interview: Matteo Meucci

Matteo Meucci will give a talk about secure software development at FOSDEM 2009.

Could you briefly introduce yourself?

Hi, thank you for the interview. I have been working in Information Security for some years, starting with a thesis in PKI and Attribute Certificates. I worked for many consultancy firms, then in 2007 with Stefano Di Paola and Giorgio Fedon we decided to create Minded Security, a company totally focused on Application Security Consultancy. I have been contributing to OWASP for many years and in 2005 I founded the Italian Chapter and from 2006 I lead the OWASP Testing Guide Project.

What will your talk be about, exactly?

The goal is to show the OWASP testing methodology and how you can implement a software development lifecycle that permits to develop more secure applications.

What do you hope to accomplish by giving this talk? What do you expect?

I’d like to promote the OWASP guidelines and find more people interested in OWASP and contributing to improve our projects.

What's the target audience for the OWASP Testing Guide?

We make this guide available in a completely free and open way because we believe sharing knowledge could contribute to develop more secure applications. The target audience here is not only the Application Tester, but everyone involved in the Software Development Life Cycle. So the Security Managers, the Internal Audit, the Developer Team, the Testers, are all interested to adopt a common and open source methodology to test the security of the application.

How would you describe the OWASP Testing Guide in a few sentences?

An open and standard methodology to perform Web Application Penetration Testing.

What are the biggest differences between v2 and v3 of the OWASP Testing Guide?

That's a good point. OWASP started in 2005 with the first testing guide version. We collected the set of test to perform and a short methodology. In 2006 we did a great job creating version 2 that collects 8 categories of tests for a total amount of 48 controls. The guide describes each single control to test.

Now v3 collects 10 categories of tests for a total amount of 66 controls and we have created a shared methodology in a 347 pages book.

How successful was the OWASP Summer of Code 2008? How many participants were there? What were the most important accomplishments during this period? What are the differences with the OWASP Spring of Code 2007 and OWASP Autumn of Code 2006?

Paulo Coimbra (OWASP Project Manager): OWASP Foundation is a voluntary, not-for-profit entity and open community. By responding so significantly to the Summer of Code’s challenge, this community has showed its vitality and true passion in improving application security.

We have invested roundly 275,000 dollars to fund the entire Summer of Code initiative. We have used slightly less than half of this amount to symbolically reward the work of one hundred project leaders, contributors and reviewers.

The remaining budget has been used to support the inter-linked OWASP Summit, a thrilling event set up to identify, coordinate, and prioritize OWASP efforts to create a more secure Internet in which the Summer of Code deliveries were publicly presented.

As it was said by OWASP Chair Jeff Williams, Our community is growing and organizing into a powerful movement that will affect software development worldwide and so the Summit, being the Summer of Code 2008 its central piece, has marked a major milestone in our efforts to improve application security.

Apart from launching more than two dozen of new or updated documents and tools, as for the most important accomplishments during this period, we would like to point out the reinforcement of an amazing knowledge sharing culture plenty of comradeship, curiosity and freedom.

Given OWASP´s worldwide scope characteristic, several of its contributors from all earth corners had been collaborating to develop application security for several years often without personally meeting each other. By gathering the majority of the most active of them in a friendly and productive environment, both events the OWASP Summer of Code 2008 and the OWASP Summit have created the conditions for enhanced future achievements. This circumstance and an improved organizational support should have been the major differences relatively to the past seasons of code.

What can we expect from the OWASP Winter of Code 2009?

Paulo Coimbra (OWASP Project Manager): Although the OWASP Winter of Code 2009 design is not finished yet and so its final frame can yet be modified by the expected OWASP community inputs, I believe the new season of code to be very similar to the previous one.

Likely by the next month the call for applications will be sent and we will be accepting proposals in three distinct spheres, namely, Innovation/Start-ups, Integration/Development and Quality Improvement.

The entire cycle from launching to completion should last nearly six months and we will be expecting all the approved proposals to be executed in time to be presented in our next Summit which will be probably held next November.

Even if we are expecting applications from the majority of the former season of code participants, we certainly welcome new ones. In addition, to review the approved projects, several positions will also be open.

We are counting on involving no less than hundred people in the OWASP Winter of Code 2009 and we hope you can be one of them. Please check our main page for updates.

You have more than 8 years of experience in information security. What have you seen changing in this period with respect to web application security? Are most types of vulnerabilities still the same or are there any genuinely new developments?

The research on Application Security is a very active field. We are finding new vulnerabilities and new types of attack every week. That's why we have to verify continuously the security of a web application also if the application is not changed during that time.

What do you consider the most underestimated risk for web applications in the near future?

Every application is completely different from the others. Web Application Security is dynamic, it changes every day. The risk for the Companies is to think statically: If you think statically to your application probably you will expose that to some security trouble in the future. That’s why keeping up-to-date is a key factor for the Companies: the OWASP Community could contribute giving state of the art open guidelines and tools.

Creative Commons License
This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.

Interview: Kris Kennaway

Kris Kennaway will give a talk about optimizing FreeBSD systems at FOSDEM 2009.

Could you briefly introduce yourself?

I've been involved in the FreeBSD project since the late 1990s, and I've been a committer since 1999. Since then I've held a number of roles in the project. I am a former Security Officer, a founding member of the Ports Management team that oversees the FreeBSD ports collection, and I am currently a member of the Core Team since the most recent election in 2008.

For the past several years I have worked on FreeBSD performance and stability, trying to identify areas of poor performance or instability in the system on various interesting workloads, and working closely with other developers to develop and deploy fixes.

In my non-FreeBSD life, I was trained as a theoretical physicist and worked in the US, Canada and France for about 10 years. Recently I left that behind and moved to London to work for Google as a Site Reliability Engineer, where I help to keep Google's Ads system up and running.

What will your talk be about, exactly?

I'll be presenting some of the tools and methodologies I use to identify performance issues in FreeBSD workloads, proceeding from a high level system overview to pinpointing potential bottlenecks. Some of the tools involved are FreeBSD-specific, but the approach applies to almost any system troubleshooting problem.

What do you hope to accomplish by giving this talk? What do you expect?

There are two main reasons. Firstly, I'd like to share some of the experience I've gained over the past few years in applying these techniques myself. Secondly, I think there is a lack of good documentation on the topic, and I wanted to help to fill that void.

Which metrics are available to describe performance?

One of the points I stress in my talk is that the answer to this question depends very much on what your workload is, and what aspects of it you care about. A classic example is latency vs throughput; depending on what you are trying to achieve with the system, either one or the other -- or both -- may be the critical factors. Understanding what your particular workload is doing is key to improving its performance.

Which tools are available on FreeBSD to identify bottlenecks?

There are a large variety of tools that can be useful, ranging from the general (such as top(1)) to very specific tools such as kernel lock profiling or CPU performance counters. I'll be discussing a number of these in my talk in some detail.

One very powerful tool that I will not have time to discuss is Sun's DTrace framework, which is now also available in FreeBSD. There is some excellent documentation on Sun's website, which is well worth a look.

What's the biggest difference between desktops and servers with respect to the evaluation of the performance?

The workloads tend to be very different: on a server you typically care about maximizing the use of the hardware. On a desktop things like interactive response often tend to be more important. I tend to focus more on server performance because that is where my interest lies.

In which situations is the performance of FreeBSD in need of improvement?

We're constantly working on improving performance on various workloads, as we identify new issues and work to resolve them. One area in which we have made significant recent progress is in UDP packet transmission on SMP hardware, which is important for certain server workloads including DNS and other high volume UDP services. We're seeing dramatic performance benefits in FreeBSD 7.1 compared to Linux and older versions of FreeBSD, and we're working on new APIs for allowing applications to achieve even better performance on certain workloads.

Some of the things we're working on for FreeBSD 8.0 include improved filesystem performance, virtual memory performance, and improvements to other aspects of networking.

What's FreeBSD used for at Google?

Something interesting I learned recently is that there is FreeBSD code (as well as code from other open source projects, such as NetBSD) used as part of the Google Android mobile phone platform (if you have a G1, you can see this for yourself under "Legal Information > Open Source Licenses" in the settings menu - or by downloading the Android source code). FreeBSD has been making a lot of inroads into the embedded space in the past few years, with ports to various ARM and MIPS targets available, but it's always nice to see it popping up in new places!

Creative Commons License
This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.

Interview: Jasper Capel

Jasper Capel and Robert Lazzurs will give a talk about Cobbler & Koan at FOSDEM 2009.

Could you briefly introduce yourself?

Sure! I'm fairly new to the open source world as a Contributor / Developer. I've started submitting patches to open source projects only about a year ago, as I then decided I didn't only want to use open source software; I also wanted to help make it better. Luckily, this goes hand in hand with my daytime job: I'm a technical consultant for Stone-IT, an open source consulting firm in The Netherlands.

What will your talk be about, exactly?

We have two talks, actually. At first, we were going to do a Cobbler talk/demo in the Fedora room, but since we've been asked to do a lecture in the Main Tracks, this allows us to split it. The Main Tracks lecture will be an overview of the Cobbler project. We'll explain how this project started, present the roadmap, explain some use cases and talk about integrating Cobbler in your environment.

What do you hope to accomplish by giving this talk? What do you expect?

We hope to get people interested in our project! Our current user base consists of mostly Red Hat, CentOS and Fedora users, so if we can reach users of other distributions, or *BSD, that would be great. If we can get some of them involved, even better. We're very keen on supporting more hardware and distributions. If we could, we'd probably install an OS yet to be invented on a coffee machine. Also we like to assimilate ideas from other folks who might have their own home grown provisioning environments. The idea behind Cobbler is that we can get everyone together to share their ideas and build up this one, really feature rich common codebase that has the features of /everyone's/ environment, so if someone starts up a new project they don't have to spend time building a new tool, they already have one they know available. It's very much everyone's project, and where we go is limited only by what ideas people have.

What was the motivation to start with the Cobbler project?

I can interpret your question in two ways: "Why did I start using Cobbler?" and "Why was the Cobbler project started". I'll just answer both, starting with the first: For one of my projects (developing a cloud / managed hosting environment), I was looking for a good way to provision many virtual servers at once. After some searching, Cobbler turned out to be that tool, as it was the only solution I could find that didn't involve creating system images. It gave us the ability to deploy a lot of systems that weren't 100% identical. For example: we'd make a base profile which all systems use, and then create sub-profiles for different use cases without much effort. The templating is done with Cheetah, so effectively we could just use Python in our kickstarts and snippets (small, re-usable pieces of code). All functionality I needed that wasn't in Cobbler, I just added.

Why was the Cobbler project started? I'll just quote the founder (Michael DeHaan) here. I've asked him the same question in preparation for FOSDEM, as I've only been using Cobbler for a little over a year myself ("we" in this context is Red Hat):

"Cobbler was started about 3 years ago when we were looking at gaps in OSS technology for systems management. There were plenty of good monitoring frameworks but we lacked a provisioning server, and none of our options addressed both bare metal installations and virtual installations at the same time. Other features that came along later (managed DHCP, managed DNS, yum mirroring, etc) were largely suggestions from users and we just kept adding to it as people had good ideas to speed up their deployments."

How big is the Cobbler developer community?

There are about 50 people who have contributed code to the project, and more that are active on the mailing-list and IRC (freenode, #cobbler) and are contributing their ideas.

Which distributions can we install with Cobbler?

Currently: Red Hat Enterprise Linux, CentOS and Fedora work really well and recently, support for Debian and Ubuntu has been added by Javier Palacios. Work has been done on supporting SuSE as well, deployments work now and we hope to get the import command working soon too. For what's to come: There are people working on adding Windows deployment support and we're speculating on Jumpstart support for Solaris. Folks interested in any of the above, or interested in adding support for other operating systems, are welcome to stop by the mailing list and share ideas.

How well does Cobbler integrate with other tools?

Cobbler integrates pretty well in both directions (information from Cobbler to other systems and vice-versa). We can manage DNS- and DHCP-servers, and support linking Cobbler to a configuration management system (Puppet, for example), so all of these can be managed from Cobbler.

There are also projects using Cobbler as their provisioning-backend. Examples are: Spacewalk and oVirt. Another cool example is Beaker, which is an upcoming Fedora QA project for test automation. Also lots of folks integrate Cobbler with their own in-house software over XMLRPC to make custom interfaces or connect it with other scripts. Cobbler comes with a powerful Python and XMLRPC API, so you can basically connect it to anything if you write the glue.

Which new features or improvements can we expect to appear in Cobbler in the next 2 to 3 years?

Two/three years is a long time, and judging by the current pace of development, we can get a *lot* done in that time. I (personally) hope we'll be able to deploy every major operating system by then.

Creative Commons License
This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.

Speaker interviews installment 3

We here over at FOSDEM headquarters can almost sense the typical atmosphere of a new fresh conference in the air around Brussels.

In the mean time, let's try to keep up with the main track speakers that we'll meet in exactly seven days.

Are you keeping up?

Interview: Theodore Ts'o

Theodore Ts'o will give a talk about Ext4 at FOSDEM 2009.

Could you briefly introduce yourself?

I have been a Linux kernel developer since the very early days (August, 1991, version 0.09), and am the first North American Linux Kernel Developer. I am the ext4 filesystem maintainer, and primary author and maintainer of the e2fsprogs utilities for ext2/3/4 filesystems. I am a member of IBM's Linux Technology Center, and I am currently on a two-year assignment with the Linux Foundation where I am serving as the Chief Technology Officer.

What will your talk be about, exactly?

My talk will cover the new features in the ext4 filesystem, why it is better than ext3 and how it compares to other filesystems. I will also talk about the history of its development.

What do you hope to accomplish by giving this talk? What do you expect?

I hope to encourage people to try out ext4 and upgrade their ext2/3 filesystems to ext4.

What new functions will be added to ext4 in the near future?

We are still working on on-line resize support, and the 64-bit block number support for filesystems larger than 16 TB is still undergoing testing.

Is ext4 ready for production use as a replacement for ext3?

I have been using it as my laptop filesystem since July. We're still getting some bugs reported, so I wouldn't recommend it for critical servers just yet, but for personal laptops and especially for people who are willing to keep up with the latest kernels it is something that people should definitely try.

Editor's note: Since the interview, a stable ext4 was released in kernel v2.6.28.

Is ext4 only useful for users who have more than a few terabytes of disk space?

No, ext4 has many features that make it useful for personal systems, such as much faster fsck times, much better performance, and better fragmentation resistance.

When will GRUB support booting a kernel from a ext4 partition?

There are patches for GRUB and GRUB2 available for ext4 today. So it is really a matter of when a particular distribution has full support for ext4.

How big of a role will ext4 play within Linux, knowing already that BTRFS will be the next generation filesystem for Linux?

Ext4 was designed to be something that could replace ext3; it isn't necessary to reformat a pre-existing ext2 or ext3 filesystem to use the ext4 filesystem driver. This makes it highly attractive for users who want an easy migration path. In addition, while I do believe that btrfs will a very good filesystem in the long term, and one that will likely supplant the ext2/3/4 filesystems, it takes a long time for filesystems to mature. (For example, many system administrators did not trust ZFS for production use on critical servers for 5-6 years after it was first introduced.) As of this writing the on-disk format for btrfs is still being finalized, and btrfs does not have yet a rich set of filesystem support utilities such as is provided by e2fsprogs' e2fsck and debugfs.

One of the critical advantages of ext4 is that it reuses a lot of very well tested code from the ext2 and ext4 filesystems. This conservative design means that we have been able to stablize the filesystem much more quickly, and we have been able to leverage utilities originally designed for ext2 and ext3. In addition, and very importantly, there are many people all over the world who are familiar with the implementation details of the ext2 and ext3 filesystems, which will make it easier to find skilled engineers to provide support for ext4 --- both in the community and in the commercial enterprise distribution market.

Now that you are the new CTO of the Linux Foundation, how does this change your focus?

The CTO is a new title for me at the Linux Foundation but the sort of things that I have been working on hasn't changed much from last year. I am still working hard on ext4, making the Linux Standard Base better and to get more distribution and ISV applications certified to the LSB, and helping to organize various Linux Foundation events such as the Kernel Summit, Linux Con, and the Japanese Linux Symposium.

Creative Commons License
This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.

Interview: Bryan Østergaard

Bryan Østergaard will give a talk about Exherbo at FOSDEM 2009.

Could you briefly introduce yourself?

I'm the founder of the Exherbo Linux distribution and have been an active participant in the open source community since the late 90ies. Besides work on Exherbo I've also spent 4 years as a Gentoo Linux developer and about a year as a freenode staff member.

What will your talk be about, exactly?

For my talk I'm going to discuss 10 small but significant ways that Exherbo improves on known distribution concepts. I'm going to focus on how users as well as developers benefits from our ideas as well as touch some of the technical details behind them.

What do you hope to accomplish by giving this talk? What do you expect?

One of my biggest hopes for Exherbo is that other open source projects can benefit from our ideas and implement them in their own projects. That would be an important confirmation that we're on the right track and would help foster the open source community that we're all part of.

With that in mind I've formed my talk with the express goal that everybody should be able to take one or more good ideas back to their projects. And while my talk will be focused on mainly distribution related problems several of the ideas should be applicable to other types of projects as well.

Why did you decide to start with Exherbo after spending 4 years as a Gentoo developer?

I left Gentoo after getting increasingly frustrated with the direction it was taking and lack of important new features and being (in some ways at least) the center of many internal fights. At the time I was leading Gentoo developer relations as well as being a council member and leading a handful of smaller technical teams and quickly on my way to burning out.

After realising this I left Gentoo and after cooling down a bit I started thinking about what I wanted to do now. I had a lot of ideas about what I wanted to do differently but wasn't quite ready to start my own project at this point. After a while a began experimenting with building my own distribution from scratch and was lucky enough to hook up with a few developers that shared most of my ideas and wanted to work on my project.

How big is the Exherbo developer community?

At this point we're about 20 official Exherbo developers and probably the same amount of users contributing code. Some of the users contribute code fairly frequently and are able to get their code in the official repositories almost as quickly as the official developers.

What do you consider the biggest advantage of Exherbo?

From my own point of view it would have to the amazing rate at which we've been able to come up with new ideas and implement them, often changing several major features in a single day.

From a users point of view it would probably be the way we have decentralised development and enabled users to easily participate in the development without having to make any commitments to the project.

The project website says that "current source based distributions were a good starting point. However, to provide what we need and what we want, a new generation of tools and development is required." Which kinds of tools are missing in other source based distributions?

Other source based distributions follows a fairly closed development model that relies on a particular group of developers doing most, if not all the work and a somewhat complex organisation model that's supposed to help solve internal problems. The most common solution when technical problems (such as packages not getting timely updates) occurs is to add more developers to the organisation. Unfortunately this also tends to amplify any organisational problems.

So I'm going in a totally different direction with Exherbo and deliberately trying to keep the amount of developers minimal and instead make sure that we have the tools and infrastructure needed for a much more distributed model. This way we can keep the core team small and make sure we agree on the direction of Exherbo and still benefit from a big number of contributers.

Exherbo will implement Genesis, a replacement init daemon. How will it compare to existing replacements, such as Upstart, launchd and Service Management Facility? What's wrong with these alternatives?

Genesis is one of the few larger projects remaining in Exherbo before I'd consider it ready for wider usage.

I've been looking at all the current initsystems to see which one of them would fit Exherbo and my own ideas best. They all seem to have a few ideas that I really like but also fail badly in some areas important to me. After spending a couple weeks researching this subject and considering the different options I decided it would be best to write a completely new initsystem. The reason I finally decided on this instead of contributing to an existing initsystem is that I want to take it in a fairly different direction from the other systems.

Most current systems focuses primarily on starting and stopping services with maybe one or two small features added. But if you sit down and try to make up some use cases for initsystems you quickly come to the conclusion that just starting and stopping services is only a very small part of what's needed.

Network administrators need to control services across complex network for example. Today this problem is solved by systems like puppet or cfengine that periodically poll servers using their own scripts as the initsystems are completely focused on single machines and don't really provide any useful features for network administrators.

This leads to a bunch of other problems as polling service status doesn't really help the administrator detect problems like services repeatedly segfaulting and restarting. These are problems that a redesigned initsystem could easily solve in my opinion and worth solving these problems for many people even if it's going to remove backwards compatibility and require some time to learn the ropes of a new and different system.

What's the status of the project at this moment? And what can we expect from Exherbo in the next 2 or 3 years?

We're still adding new features fairly often and sometimes making the upgrade path a bit more interesting than people are used to from other Linux distributions. As such we still consider Exherbo to be in the early development and don't provide any real user support yet.

2 or 3 years from now I expect Exherbo to have left the current phase and be considered a full-blown distribution along the lines of other source based distributions. I'd also still expect new features to be added frequently as we try to make sure that we can still provide big changes without requiring complicated upgrade paths for users.

Creative Commons License
This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.

Interview: Bdale Garbee

Bdale Garbee will give a talk about Debian at FOSDEM 2009.

Could you briefly introduce yourself?

I made my first personal contribution to what we now call Free Software in 1979. In 1994 I joined the Debian project, and over the years I've contributed to Debian in many ways, technically and socially, including serving as Debian Project Leader and my current post as Chairman of the Technical Committee. I also serve as President of Software in the Public Interest, an "umbrella" organization that provides US legal existence and holds assets for Debian and many other significant Free Software projects.

What does your job as Open Source & Linux Chief Technologist at HP look like?

My job includes educating people in HP about Open Source, mentoring HP teams that want to participate in the Open Source process, and serving as the leading advocate for Open Source within HP. To help keep myself in touch with the issues, I continue to actively make personal contributions to various development projects, I look for interesting opportunities to speak about Free Software, and I represent HP on various boards and advisory panels. All of that enables me to be credible and effective at guiding HP's participation.

What will your talk be about, exactly?

You'll have to be there to listen, because I rarely have that sorted out until very close to when I stand up to speak!

What do you hope to accomplish by giving this talk ? What do you expect?

I've never been to FOSDEM, even though I've really wanted to, due to various conflicts with my family and work. So, I really don't know what to expect!

I hope I can convey some useful insights gleaned from my years of participation in Free Software, combined with my perspective working on behalf of Free Software inside one of the world's largest IT companies.

What are the reasons for HP to work with Debian as a GNU/Linux distribution next to Red Hat and SUSE?

Well, one reason is that some customers want to run Debian and ask us to support Debian on the HP hardware they want to buy.

From an engineering and larger business perspective, working with a commercial distribution and participating in a community driven non-commercial distribution are very different experiences. When our interests align with one or more of the commercial distributions, such as delivering solutions for enterprise server customers, we happily and profitably work with them. When our needs differ from theirs, participating in Debian has proven to be an effective way to get things done and deliver solid Open Source solutions to HP customers.

How did you become involved in Debian and what are you doing now in the Debian project? Do you still work on Debian in your spare time or is it all HP related work?

I was working on an amateur satellite project that needed a development platform and stumbled over Debian through the Linux for Hams project that Bruce Perens started. Today, I continue to maintain a number of packages, I'm chairman of the Debian Technical Committee, and because of that I've currently also the Acting Secretary.

Since my job expectations at HP include continuing to be a Free Software developer, the boundary between what I do for HP and what I do as a hobby can get fuzzy sometimes. The best answer is probably that I'm doing a little of both when I contribute to Debian... some things I can rationalize as directly helping HP, but other things I work on because I care a lot about the project personally.

There were some strong discussions before, during and after the voting for the general resolution about firmware and the Lenny release. What's your opinion about it?

I've been in and out of the middle of the discussion about kernel firmware since the 2002 kernel summit. Even though it has taken a lot longer than anyone hoped, I'm really pleased that the kernel guys have now done most of the hard work to allow Debian to separate firmware from sources in future packaging. We're getting close, but there's still enough work to do that I'm ok with releasing Lenny with the kernel firmware blobs still present.

With respect to other bugs regarding DFSG compliance issues, I'm pleased that in the last week I was able to help finally get the two bugs related to GLX closed, and I think we're making real progress towards resolving the Sun RPC issues in glibc and portmap.

The bottom line is that I'd rather we fix these bugs than talk incessantly about them, so that we won't need to run a GR like this one again before future Debian stable releases!

How do you think Debian will evolve in the next years, after Lenny?

That's hard to predict. Greater use of distributed revision control tools and collaborative maintenance of packages seems likely, as does some further evolution of the process by which we attract and accept new participants into the project.

What are the biggest advantages of Debian? And the biggest disadvantages?

This depends on who you are and what you're trying to do. My personal use of Debian is better than other alternatives because of how much software is packaged for Debian and integrated into our mirror network. Software that is well integrated with open processes to report and resolve problems gives better results than any other approach I've been exposed to. My biggest personal frustration is that our release freeze process takes so long. It would be nice if unstable could again earn its name by staying fresh with only short upload hold-off windows during a shorter stable release cycle.

When people think about corporate contributions to Linux and free software, they don't see HP as the big contributor it is. Why is that? A lack of communication by HP? Or the type of projects it's involved in?

I used to get asked this question a lot, particularly in the era when some other companies were spending lots of money on Linux related advertising. But I think some of our activities in the last year, from launching the FOSSology and FOSSbazaar communities to the release of AdvFS sources to our recent introduction of new customer experience software on netbook products that's built on top of Linux are helping people see the broad range of ways that HP is participating.

Your hobbies are model rocketry, amateur radio and amateur satellites. Supporting the idea of Debian as "The Universal Operating System", do you run Debian on or around these devices?

While I often try out other operating systems for various reasons relating to my work, Debian runs on my servers, my notebook, and the computers that my wife and children use. All of my development work on hardware and software in support of my hobbies is done on Debian, and virtually all of it is done with Free Software.

One of my current hobby projects is an avionics package for high powered model rockets that is designed and developed entirely with Free Software tools, and the resulting design is completely open hardware and software. The target system is a tiny 8-bit processor, so of course it doesn't run Linux. See my website Altus Metrum for more details... ;-)

Creative Commons License
This interview is licensed under a Creative Commons Attribution 2.0 Belgium License.

More speaker interviews

We hope you're hungry for more...

Because here are some more speaker interviews:


Syndicate content