GNU Savannah: 100% free software mass-hosting
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 97 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/45707 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 201068 / 97
1
2
4
5
6
8
14
15
16
17
23
29
38
41
42
44
46
47
48
50
53
54
62
63
64
65
66
71
74
75
77
78
79
80
82
84
85
94
00:00
SoftwareMassFunction (mathematics)Electronic mailing listDigital rights managementImage registrationFast Fourier transformInterface (computing)Projective planeServer (computing)Computing platformMereologyService (economics)BacktrackingSoftware developerElectronic mailing listAutomatic differentiationAreaFluid staticsWeb 2.0EmailPivot elementWebsiteMoving averageComputer fileWeb pageProcess (computing)Perturbation theoryGraphics tablet40 (number)Group actionCellular automatonComputer animation
02:02
CodeHacker (term)FreewareInstallation artMachine codeComputerProjective planeComputing platformSource codeWebsiteSoftwareOpen sourcePhysical systemLevel (video gaming)Server (computing)Software testingType theoryVirtualizationFreewareComputer animation
03:40
FreewareCodeOpen sourceWeb applicationMathematicsKernel (computing)Machine codeProjective planeBitComputing platformWebsiteArmDatabaseSource codeComputer animationLecture/Conference
05:03
Block (periodic table)CodeGoogolHacker (term)Control flowBackupComputer hardwareComputerServer (computing)SpacetimePlanningPerfect groupForcing (mathematics)Position operatorBitMultilaterationIdentity managementState of matterArmSurfaceBlock (periodic table)Computer animationLecture/Conference
05:59
Human migrationComputer hardwareAuto mechanicDuality (mathematics)Core dumpSoftwareCuboidCondition numberComponent-based software engineeringRight angleSpacetimeService (economics)Goodness of fitComputer architectureServer (computing)Projective planeBand matrixComputer hardwareComputer animationLecture/Conference
07:07
Instance (computer science)Physical systemLevel (video gaming)EmailUser interfaceMereologyDatabaseService (economics)Electronic mailing listScripting languagePolar coordinate systemWebsiteWeb 2.0Computer animation
07:36
Physical systemArchitectureCodeComputer programmingDemosceneReplication (computing)Line (geometry)Network switching subsystemScalabilityRevision controlInformation securitySoftware maintenanceTerm (mathematics)Human migrationSystem administratorProgramming languagePhysical systemFront and back endsStandard deviationSystem administratorGroup actionDirectory serviceMultiplication signProcess (computing)WindowMathematicsWebdesignGoodness of fitBeta functionInformation securityDatabaseLine (geometry)Formal verificationInternet forumRevision controlService (economics)Limit (category theory)Cartesian coordinate systemSoftware testingReplication (computing)Complex (psychology)Vulnerability (computing)ComputerLevel (video gaming)MereologyProjective planeDebuggerKey (cryptography)User interfaceKernel (computing)Computer programCellular automatonWordSoftwareMachine codeSoftware frameworkIntegrated development environmentTraffic reportingFormal languageWeb 2.0DampingRight angleEndliche ModelltheorieWeb serviceBitExtension (kinesiology)NumberView (database)Computer hardwareBand matrixComputing platformGame controllerPasswordSlide rulePatch (Unix)Computer animationLecture/Conference
14:58
Computer animation
Transcript: English(auto-generated)
00:07
Thank you. So I am Sylvain, I am part of the Savanna Hackers group, and I'm going to talk to you about Savanna. So what is it? If you already saw this website, then you have already been to one of the projects
00:23
that is hosted on our platform. Savanna is essentially like other hosting platforms such as SourceForge or Debian Elliot or Launchpad. It is sponsored by the new project. We have 3,200 projects and around more than 40,000 users.
00:46
What do we provide? We provide tools for you to work efficiently on your project in your team. So we provide VCSEs such as CVS, SVN, Git, Markel, Basar. We provide backtrackers so users can report back to your project.
01:02
We have an upload area for you to put files, which is mirrored worldwide. We also have mailing lists and web pages, static web pages, which are on another infrastructure. So I'm not going to present them in details. We have jobs. That means you want to look for a developer for your project, and you can say, I'm looking
01:26
for a C developer or for a technical writer. You have an interface to post the jobs, and people can browse the jobs and check what project they want to contribute to. And all of this is free advertising.
01:41
On other hosting platforms which use advertising, we can see that when you look at your project, you can see advertising for proprietary competitors. So we don't run ads on the server. A brief history. So it all started in 2001, where we decided to take the existing service infrastructure and put it more structured.
02:03
And we used the SourceForge source code. SourceForge is a website which is also – it was also a source code, a piece of software that you could install on your own computer to make your own SourceForge. So we used that and installed it at Savannah, because it was a good methodology to be
02:21
efficient when you work in team. And sadly, it quickly became proprietary. So we decided to run our own fork of this code, and we've been maintaining it ever since. In 2002, we opened the platform for non-new projects. Previously, it was only for new projects, and now everybody can contribute to the project
02:42
– host a project on the platform if they meet a few requirements. In 2004, we decided to make things more clearer. The code was called Savannah, and the website was called Savannah also. So we decided to call the code Savannah to make things clearer.
03:01
And then we don't have the dates, but we – since then, we've added more support for more VCSes. I mentioned Git Bazaar. We have cleaned up the system level with a lot of virtualization, first with the vServer and with the exam. We've introduced mirrors, and our latest work is rewriting the code. I will mention it later.
03:23
So what is different in our platform? First, we are showing that we can make a free hosting platform using only 100 percent free software. We don't use any non-free software. We don't have any need to. We use, in particular, all package from Debian.
03:43
All the code that we code, including Savannah, is under the AGPL license. The AGPL license is a GPL for web applications. If you make a GPL web application and somebody takes it, makes changes, and put it on a website,
04:00
he do not have to give you back the changes. With AGPL, he asked to provide you the changes, so you have to contribute back to the community. I recommend AGPL for your web-based applications. And also, we want to promote base licensing practices. When a project is submitted to our platform, we review it for legal issues.
04:21
Ever since the SEO attack on the Linux kernel, we know that we have to be perfectly clean on licensing, and so we have to warn people. We want to educate them about what dangers they might encounter and what they should do. A bit of war.
04:40
This is recent, apparently. So source code and Google code are now blocking countries based on the origin of the visitors. So our IP to countries' databases. And they decided to block completely users from using or contributing to the platform. So this is a problem. Some people are moving to our platform because of this.
05:03
So currently, I don't have an official position because this is very recent. But we do not intend to apply such blocks. And if there is a problem, if the U.S. government – because the server is located at Boston – if the U.S. government forces to make such blocks, we have a backup hosting plan
05:24
in France that you might migrate to, but hopefully not. So now let's talk a bit about the technical details. So first, this is not exactly this hardware. I found the perfect picture later. So we recently moved to another hardware.
05:45
It is donated by the Free Software Foundation. It is quite a good computer. We haven't changed it for five or six years, so it is relieving. The hardware is donated by the FSF. It is hosted at the Global Knobs, which is donating the collocation, that is, the space
06:04
to physically place the server, and the bandwidth. So we have good hosting condition, and now we can implement more services easily. Yes, we recently switched to XAML because the FSF infrastructure is also using XAML, which means that if this particular box is crashing, then we might easily migrate
06:25
to other hardware easily enough. I have to mention GNAR also. This is another installation of the Savant software, which is located in France. So again, everything is stored on a single box, and it is easily hosting 1,300 projects.
06:45
So you do not have to have a lot of expensive hardware to run your own forge. It is very efficient. So let's have a look at the architecture.
07:01
So Savant is a central component. It is essentially the glue that makes everything together. People use the web interface. This changes the database at this level. On them, there is a lot of system-level scripts that replicates the database to all
07:23
the services that we provide, the BCSs, the mailing lists, the websites, et cetera. So we have two distinct parts above the front end, which is the web interface, and the system back end, which is the system, all the system stuff.
07:45
Now we're going to say what we are going to make changes. We are making changes to both of those. I'm going to introduce what we are working on right now. So first, the front end.
08:00
I said we forked the software original code, which is like 10 years old. It wasn't really so great. It didn't use model view controller models. So we tried to clean it up, but we faced the fact that this is not enough. We also saw that there are a lot of new web frameworks that allow to program efficiently.
08:23
And we considered that we might more easily rewrite all the web front end using far less code rather than try to clean up the existing code. So that's what we are working right now. We also wanted to use something else on PHP because PHP wasn't so satisfying as a
08:44
programming language and had a few legal issues because since the PHP license is not compatible with the GPL license, you might have problems with PHP extensions. Don't use a PHP license. So we tried to find a good web framework and a good programming language.
09:00
And essentially, we choose Python and Django. Python might not be the greatest language, but it is a good compromise. And Django has a lot of advantages. In particular, it is very well documented so that newcomers might quickly learn how it works, and it is also not so complicated.
09:22
Again, somebody who wants to contribute doesn't need months of experience. He can learn the basic of Django in a couple of weeks. There are some limitations because it is not really meant for reusable applications. So we had to choose a few naming conventions, do some tests, but I think we did it right now.
09:48
At the same time, we tried to clean up the backend, so the system level. Previously, we had a huge cruncher that was supposed to take the database and merge it
10:02
with the system, trying to preserve the system changes. And it was not very maintainable. We decided to use NSS. NSS is a name service switch, which is a standard Unix way to access your users. You can put your users in a slash etc slash password or slash etc slash group, and with
10:24
NSS, you can put it in an LDAP directory, and you can also put it in our SQL database. And that's exactly what we did. So now, each time we make a change using the web frontend to the database, it is immediately replicated to the system. So with no replication, it is directly available.
10:43
It greatly simplifies the code because all of the complexity is delegated to NSS. Or cron jobs. We still have cron jobs. For example, we have a cron job that is used to replicate all the SSH keys to the system. And those cron jobs are really simpler to write.
11:06
This is a time-filling slide. I'm going to talk about it later. So what I wanted to say is that we are greatly looking for contributors. In particular, we are looking for moderators. That is, we want people to review the projects and verify their licensing good practices
11:26
so that we can approve projects more quickly. We are also looking for web designers because we think that our design is a bit oldish now, and we would really like to make it more attractive.
11:41
We are also looking for coders, as I explained, for programming the new web frontend, adding new features. And we are also looking for system administrators because each time we add a new feature, it's like we add a new VCS, it requires experiences, skills, and it also requires time to deal
12:03
with users' requests, upgrade the system, make sure it is good at the security level, and make it evolve. So currently, we would like to introduce more services, and we would like more system administrators to implement these changes.
12:26
So what are the challenges if we want to contribute? First, you have 80% of history, so you have to make sure that all the history is kept clean. It is quite easy to make a new service from scratch without any data. Here, you have to respect all the data that is existing and maybe migrate it to something
12:46
more clean. Also, this is a web service, which means there can only be one version at once. You cannot fork the service and put it on your computer because you want it to be available for everybody.
13:00
You can't just copy paste the hardware. You can't copy paste the bandwidth. So you only have one website, and only one can work at once. So we have to first please everybody, and then when we make a change, we have to make sure that it is perfectly clean before putting it into the public.
13:21
We cannot really make release candidates, so we have to have a good testing environment. Also, I said that we are 80 years of data. We have to think about the future. In 80 years, we will also have to maintain this data. So we cannot just go to the fashion service and implement it if we know that we might
13:47
have trouble to maintain it in the long run. We have to think about it. At the security level, we decided to restrict shell access. If there is a vulnerability in the kernel, people won't be able to exploit it because
14:02
they are using a research channel. We will, of course, try to patch the security issues as soon as possible, but at least the window, the vulnerable window won't be as critical. So this has a certain number of impacts. In particular, people can do things on their own.
14:20
This needs to be implemented. We need to have cron jobs for everything that people need to do, and it needs to be scalable. It is easy to make a service for 10 projects, but when it comes to 300 projects, 3,000 projects, then we can't manually fix things. So we have to make sure that everything works.
14:41
Usually what we do is we implement it as beta for a few selected projects, and when it is fine, we implement it for all the platforms. And thank you. Do you have any questions?