So here we are, 13 weeks into 2020 and everything is not as it was 4 weeks ago. Our team is isolated in home offices, DevOps Engineers are trying to step in as substitute teachers and apparently mining for toilet paper is the new thing. And while all the front line defenders are stocking shelves, delivering parcels and are preparing the ICU beds for what’s to come, we thought about things we, as an IT company can do to help and show some solidarity.
Since the beginning of this year, Endocode has been part of a consortium of partners that develop intelligent software package management systems to enhance robustness and security in software ecosystems. The project “Fine-Grained Analysis of Software Ecosystems as Networks” is led by the TU Delft and has received funding from the European Unions H2020 research and innovation programme. Endocodes contribution in this project has its focus on licensing and compliance. License compliance requires analysis of own source code combined with an understanding of the complete dependency graph of the distributed packages.
Disclaim, disclaim Here at Endocode we love Microsoft Active Directory. Mostly because we don’t have to deal with it internally. But let’s be honest, we do understand that there are a couple of reasons to stick to this long-standing giant. Hence, this article is not another rant about Active Directory. It’s actually quite the opposite, because we are truly excited to tell the internet how it can be federated with Google easily.
Endocode believes that Free and Open Source software benefits all of us. Open Source licenses provide the legal backbone for our intentions to share the created code so that everybody can use, study, modify and improve it. Copyleft licenses, in particular the GPL, model this relationship in a reciprocal manner by requiring all modified and extended versions of the code to be free as well. Some of our Quartermaster code is released under the GPL-3. We also believe that our users share this vision and comply with the terms of the license by default, and that deviations from this norm are probably honest mistakes. By entering into the GPL cooperation commitment, Endocode aims at giving a fair chance to correct violations before licenses are terminated.
With the end of the year, Endocode is announcing some changes to reshape the company’s leadership. Lisa will take over the role of CEO and Sebastian will take over as CTO. While this might come as a surprise to some, for most of us, this is a natural evolution of our company. What we mean with being a meritocratic and inclusive company is that those who are eager to participate, thrive and lead will get the chance to do so.
April 11 marks an important milestone in our favourite compliance project of the year: Quartermaster - the compliance tool that implements a full Open Sourcce license compliance audit as part of a modern DevOps cycle. On April 11, 2018 Endocode will host the Quartermaster v.0.2 requirement workshop. This workshop marks the end of the development of v.0.1 of Quartermaster. A development cycle that added a completely new architecture, a modular implementation, a master graph database, gPRC based APIs for phase-specific modules written in different programming languages, and more demo builds to the initial prototype.
“You build it, you run it” is not a philosophy that can easily be taken to non web tech industries. This harsh reality is something we ran into while making our journey through the automotive industry. But if we cannot duplicate this philosophy outside of our web tech bubble, maybe it’s possible to create a mentality that at least supports the feeling of responsibility for every line of code that eventually finds its way into a product.
Today is the 14th of February. An important day for people worldwide. Why? Well obviously because it is “I love Free Software”-Day! The “I love Free Software Day” is where we give a shout out and thank you to all contributors in the community. What unites us as a community is that we share ideals like collaboration, constant improvements and equal opportunity to access, learn and contribute to Free Software. And all this would not be possible without everyone contributing their piece of the puzzle: The developers, the designers, the translators, the lawyers, the testers, the documentation writers and last but not least, the pizza bakers.
Maybe it’s just me, but it seems like Marty McFly somehow stole 2017 because it’s almost over and I’m sure it was only yesterday that we shared what Endocode achieved in 2016. Yet somehow, here we are and a lot has happened in 2017. We continued to shape our concept of life-long learning in tech in the Endoctus Academy, and started a new initiative to improve the overall state of FOSS compliance.
Auditing and documenting Open Source license compliance is a strict requirement for any software vendor or device manufacturer. Open Source licenses commonly require products to be accompanied with offers to provide the full corresponding source code, authors to be attributed, and other documentation. In addition to that, Open Source license compliance needs to be audited continuously, for each build, along the complete supply chain of the product. These challenges are various and well known in the IT industry.