We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

A globally unified governance framework for Open Source

00:00
subtitles
off
playback rate
1
subtitles
off
English (auto-generated)
playback rate
0.25
0.5
0.75
1
1.25
1.5
1.75
2
quality
576p
0
 Cite
 Share
 Download Purchase
Logo of FOSDEM VZWFOSDEM VZW
 Klooz, Christopher

Formal Metadata

Title
A globally unified governance framework for Open Source
Subtitle
International arbitration to harmonize the security provisions of sovereign states and Open Source? Learning from the Java Virtual Machine, Ceph and abstraction layers
Title of Series
Number of Parts
287
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Differentiating between architectural flaws and bugs in socio-technical systems: Open Source is no legal term or a political institution in dominant sovereign state systems, making it vague and interpretable in different contexts. However, it is a fundamental institution in security provisions in today's socio-technical societies. But it remains impossible to harmonize the transnational Open Source system with sovereign systems: both cannot be clearly mapped to each other. Yet, international arbitration provides a type of remedy that already exists in software development, illustrating how a shift from just fighting bugs to mitigating architectural flaws can look like. Initially, the Internet imitated the institutions of the social world despite their limited eligibility (such as "emails" with their complex and vulnerable architecture). Today, societies are socio-technical without delimitable transitions between technology/Internet and society. Societies have started to adapt to and integrate the possibilities the code provides, no longer vice versa. Sovereign state systems early found their limitations in tackling the resulting challenges. However, software development had already to manage comparable issues. The Java Virtual Machine and Ceph are two of many examples: another abstraction layer can create flexibility, simplification and unification on top of different systems. International arbitration could offer Open Source a transnational and globally-unified framework, enshrined in an arbitration agreement: embedded in a dedicated organization in an eligible legal system to facilitate the conduct of organizations and communities on which code and the Internet depend. Open source and its related institutions are already the core element of a transnational separation of powers, which is based upon competition: public processes & public code in conjunction with distribution (of development, code, review & testing) enable forking (to avoid monopolies and irrevocable consolidation of powers at one place). Reflecting the software engineering concept "secure by design", Open Source has created a "socio-technical system secure by design" because it avoids single points of failure both in social and technical realms: it does not relate governance to centralization but to distribution. Indeed, if issues like the 2020 Solarwinds Hack would spread in deployed Linux kernels, this could have unprecedented consequences far beyond the technical realms. However, Open Source and its institutions remain capable of providing sufficient security and deterrence. There is much more behind Open Source than just open/public code. The increasing use and consolidation of IT in governments may break the traditional separations of powers and does not provide the "security by design" of Open Source institutions if applied to socio-technical systems. Indeed, if one administrator and his password in one consolidated IT department can manipulate the databases used in executive, legislative and judiciary operations, new risks can arise. The system around Open Source already contributes to the security provision of and on the Internet and thus, indirectly to the overall security provision of people and entities that depend on the Internet: it facilitates security in socio-technical societies. If it proves eligible, enshrining the relevant (and legally implementable) Open Source institutions in an arbitration agreement may result in an compatible abstraction layer on top of the traditional state systems. Complementary, this abstraction layer may facilitate to release traditional systems from tackling issues they simply cannot tackle without softening and blurring their own institutional architecture. It may turn antagonism into symbiosis. However, Facebook's Libra indicates the complexity (but also the possibility) of creating such "implicit legal" ventures (in Switzerland). It also indicates that Switzerland could possibly enable the fusion of an international arbitration body (through its "international private law") with an open/public/distributed but regulable cryptocurrency to facilitate not just the (Open) Source but also (open) exchange within one globally unified system. Although they will be critical and challenging for any international arbitration approach, legal patent- and license-related questions are not considered in this lecture. This lecture is derived from the perspective of the field of international relations. It illustrates the role of Open Source in contemporary security provisions (next to and in interaction with sovereign states' security provisions for citizens) and it aims to put alternative (types of) approaches with and around Open Source into discussion.
FOSDEM 202218 / 287
1
Thumbnail
28:39
A gentle introduction to Picocli
2
Thumbnail
43:04
Z80: the last secrets
3
Thumbnail
34:39
Why your next embedded project should be written in Go
4
Thumbnail
32:07
Fuzzy generics
5
Thumbnail
23:40
A Better Public Transport App
6
Thumbnail
29:11
Open Geodata Digital Spaces
7
Thumbnail
16:22
Open Source Firmware status on AMD platforms 2022
8
Thumbnail
28:22
Firmware Settings and Menus
9
Thumbnail
28:50
Bringing RAUC A/B Updates to More Linux Devices
10
Thumbnail
11:45
GPIO across Linux and Zephyr kernels
11
Thumbnail
28:48
Eclipse Amlen: Messaging for IoT/Web/Mobile
12
Thumbnail
28:42
Back to DirectFB!
13
Thumbnail
29:23
Why Embedded Linux Needs a Container Manager Written in C
14
Thumbnail
1:00:10
Automotive Ethernet PHY bring-up: lessons learned and debug tips
15
Thumbnail
25:52
How to teach OSS licenses and compliances at a university
16
Thumbnail
30:10
Why the pandemic could help FOSS, but was a win for proprietary software
17
Thumbnail
58:11
Panel: Hot Topics
18
Thumbnail
27:53
A globally unified governance framework for Open Source
19
Thumbnail
28:40
An update on the Digital Markets Act
20
Thumbnail
28:19
Why Device Neutrality is important for Free Software?
21
Thumbnail
28:19
Somebody set up us the bomb
22
Thumbnail
29:12
Rapid Prototyping Physical Interfaces with Web Serial and Cheap MCUs
23
Thumbnail
29:05
Can JS also build the metaverse?
24
Thumbnail
41:39
Running trusted payloads with Nomad and Waypoint
25
Thumbnail
43:58
Simple (but useful) Ansible reporting with ara
26
Thumbnail
44:04
Deploying An Embedded Linux Distro Build Factory with Ansible And Proxmox: lessons learned
27
Thumbnail
28:48
Utilizing AMD GPUs: Tuning, programming models, and roadmap
28
Thumbnail
28:49
Porting Signal processing algorithms to CuPy for precision measurement
29
Thumbnail
28:54
PIRA: Performance Instrumentation Refinement Automation
30
Thumbnail
28:49
Bringing together open source scientific software development for HPC and beginners
31
Thumbnail
26:24
Containers in HPC
32
Thumbnail
25:34
Uncovering Arcon: A state-first Rust streaming analytics runtime
33
Thumbnail
46:07
v3dv: Status Update for Open Source Vulkan Driver for Raspberry Pi 4
34
Thumbnail
21:39
The status of turnip driver development.
35
Thumbnail
43:13
LVGL on Oniro
36
Thumbnail
56:34
Optimal buffer allocation on Wayland
37
Thumbnail
31:08
Fun with Finite Automata
38
Thumbnail
34:40
TornadoVM: Hardware Acceleration For Java In Practice
39
Thumbnail
27:03
Update On Java On The Raspberry Pi
40
Thumbnail
33:17
azul: How Your Java is Still Served Hot
41
Thumbnail
33:23
Jakarta EE: Present & Future
42
Thumbnail
30:47
Fundamentals Of Diversity & Inclusion For Technologists
43
Thumbnail
30:59
Polyglot Cloud Native Debugger: Going Beyond APM
44
Thumbnail
59:42
Using LibreSilicon
45
Thumbnail
38:42
Efabless Open ASICs
46
Thumbnail
48:35
Coriolis RTL-to-GDSII Toolchain
47
Thumbnail
44:00
Potato Zombies
48
Thumbnail
34:01
Next generation micro-controller programming
49
Thumbnail
39:35
Nim Metaprogramming in the real world
50
Thumbnail
33:59
Nim concurrency & Parallelism
51
Thumbnail
28:15
Why rule-based monitoring is (still) great
52
Thumbnail
29:06
Network Traffic Classification for Cybersecurity and Monitoring
53
Thumbnail
18:04
Peer-to-peer hole punching without centralized infrastructure
54
Thumbnail
29:04
Kubernetes networking : is there a cheetah within your Calico?
55
Thumbnail
19:05
Keep appetite for the stats, it costs nothing
56
Thumbnail
18:12
Faster memory reclamation with DPDK RCU
57
Thumbnail
29:02
2-cluster Kubernetes, with Calico, BGP Interconnect and WireGuard... All Without Leaving Your Laptop!
58
Thumbnail
29:06
Challenges and Opportunities in Performance Benchmarking of Service Mesh for the Edge
59
Thumbnail
22:05
The relational model in the modern development age
60
Thumbnail
23:52
Percona XtraDB Cluster(PXC) Non blocking operations, what you need to know to avoid pitfalls
61
Thumbnail
24:59
ProxySQL Cluster: challenges and solutions to synchronizeconfigurationacross multiple decentralized cluster nodes
62
Thumbnail
22:35
ProxySQL 2021 Dev Submit
63
Thumbnail
18:52
Release Note Highlights from 2021
64
Thumbnail
35:06
MySQL 8.0: Logical Backups, Snapshots and PITR like a rockstar
65
Thumbnail
56:43
MySQL Operator for Kubernetes
66
Thumbnail
25:07
MySQL on Kubernetes demystified
67
Thumbnail
18:53
Hash join in MySQL 8.0
68
Thumbnail
23:07
Flame Graphs for MySQL DBAs
69
Thumbnail
23:41
MySQL Performance on Modern CPUS - Intel, ARM, AMD
70
Thumbnail
42:25
Newest MySQL component services features
71
Thumbnail
59:43
MySQL InnoDB ClusterSet
72
Thumbnail
25:08
Encrypting binary (and relay) logs in MySQL
73
Thumbnail
39:55
Efficient MySQL Performance
74
Thumbnail
27:10
Backup/Restore tools performance comparison
75
Thumbnail
37:33
Bootstrapping a multi dc cloud native observability stack
76
Thumbnail
05:45
Monitoring and Observability devroom: Opening
77
Thumbnail
39:02
Profiling in the cloud-native era
78
Thumbnail
38:38
Adopting OpenTelemetry and its collector
79
Thumbnail
25:56
Suggestions for a Stronger Mozilla Community
80
Thumbnail
28:58
Collecting Sentences for Common Voice
81
Thumbnail
18:59
Introduction to Foxfooding
82
Thumbnail
37:12
Searchfox: Fast code search and indexing
83
Thumbnail
39:03
Linux Mobile vs. The Social Dilemma
84
Thumbnail
29:00
Phosh Contributors Get Together
85
Thumbnail
33:59
ModemManager in your phone
86
Thumbnail
38:46
2 Years of Mobian
87
Thumbnail
30:18
Mainlining the reMarkable 2 eInk tablet
88
Thumbnail
35:10
From Android to mainline on the Snapdragon 845
89
Thumbnail
29:05
Running Mainline Linux on Snapdragon 410
90
Thumbnail
24:05
Librem 5 phone kernel report
91
Thumbnail
39:01
The road towards using regular linux on ebook readers
92
Thumbnail
1:28:44
FOSDEM 2022 - Closing Session
93
Thumbnail
1:28:45
Status of camera support on mobile FOSS devices
94
Thumbnail
24:00
Anatomy of GNOME Calls
95
Thumbnail
33:50
FOSDEM 2022 - Welcome to Libadwaita
96
Thumbnail
29:01
Bring openwifi to PYNQ-Z1 with ultra low cost
97
Thumbnail
39:03
RedLeaf: Isolation and Communication in a Safe Operating System
98
Thumbnail
33:29
Unikraft: Debugging and Monitoring
99
Thumbnail
30:59
Mitigating Processor Vulnerabilities by Restructuring the Kernel Address Space
100
Thumbnail
48:18
Genode meets the Pinephone
101
Thumbnail
20:23
Advanced Unit Testing in the Hedron Microkernel
102
Thumbnail
43:53
The Composite Component-Based OS
103
Thumbnail
25:26
A practical solution for GNU/Hurd's lack of drivers: NetBSD's rumpkernel framework
104
Thumbnail
54:07
Unhackable across 30 Years, End in Sight
105
Thumbnail
28:31
UX/RT - a QNX-like OS based on seL4
106
Thumbnail
35:32
Hardware accelerated applications on Unikernels for Serverless Computing
107
Thumbnail
33:30
Managarm: Design of a pragmatic fully-asynchronous microkernel
108
Thumbnail
29:05
A year of RISC-V adventures: embracing chaos in your software journey
109
Thumbnail
19:00
Why everyone needs to know some coding: last-mile sandboxing
110
Thumbnail
23:44
Designing a programming language for the desert
111
Thumbnail
30:10
Fuzion Language Update
112
Thumbnail
18:37
How to design powerful DSLs for users
113
Thumbnail
15:09
Declarative and Minimalistic Computing
114
Thumbnail
33:59
The Concise Common Workflow Language
115
Thumbnail
29:01
Adventures in Dataflow
116
Thumbnail
28:47
The Matrix State of the Union
117
Thumbnail
59:00
The matrix-rust-sdk
118
Thumbnail
29:29
Growing Pinecones for P2P Matrix
119
Thumbnail
19:01
Opsdroid: Building a bot using Python3
120
Thumbnail
19:12
The next generation of Matrix interfaces
121
Thumbnail
30:02
All things with moderation
122
Thumbnail
29:15
MLS meets Matrix
123
Thumbnail
29:21
Beyond the Matrix: Extend the capabilities of your Synapse homeserver
124
Thumbnail
28:11
Events for the Uninitiated
125
Thumbnail
04:56
Decentralized Collaborative Annotations using Matrix
126
Thumbnail
04:28
ChatStat - An R package for Matrix stats
127
Thumbnail
29:35
Through The Looking Glass
128
Thumbnail
34:34
8-bit Character support on architectures were the smallest addressable unit size is 64-bit in Clang and LLVM
129
Thumbnail
23:20
LLSOFTSECBOOK: LOW-LEVEL SOFTWARE SECURITY FOR COMPILER DEVELOPERS
130
Thumbnail
16:25
Towards an Operational Code Aesthetics
131
Thumbnail
24:02
Online performance
132
Thumbnail
30:09
Why ODF is a better standard than OOXML
133
Thumbnail
10:33
Macro Dialog feature
134
Thumbnail
29:09
LibreOffice WASM – an Update: A status report from the journey to get LibreOffice into the browser, fully*
135
Thumbnail
11:07
Information Engineering Operations
136
Thumbnail
29:23
Improved coverage analysis for LibreOffice's CI
137
Thumbnail
10:24
Editing Simulation
138
Thumbnail
22:38
Improving Developer Experience at LibreOffice
139
Thumbnail
26:38
Curl based HTTP/WebDAV UCP
140
Thumbnail
09:21
Kubernetes setup & deployment
141
Thumbnail
09:49
Canvas For Rendering UX
142
Thumbnail
30:10
Advantages of LibreOffice Technology
143
Thumbnail
10:09
Building Collabora Online UI: based on the LibreOffice components
144
Thumbnail
18:26
Peergos - Combining peer-to-peer connectivity, end-to-end encryption and fine grained access control to build a secure and privacy focused self-certifying web protocol
145
Thumbnail
27:57
State of libp2p
146
Thumbnail
18:00
Edges Are Infrastructure: IPFS Everywhere for a More Resilient Future
147
Thumbnail
19:21
Hyper Hyper Space: In-browser p2p applications
148
Thumbnail
24:02
Earthstar: The merits of being a bicycle when everything else is a hyperloop.
149
Thumbnail
22:10
What's coming in VIRTIO 1.2
150
Thumbnail
19:13
Tracing KubeVirt traffic with Istio
151
Thumbnail
18:52
The story of adding TPM support to oVirt
152
Thumbnail
39:09
Phyllome OS: A friendly virtualization-focused Linux distribution
153
Thumbnail
27:30
Network interface hotplug for Kubernetes
154
Thumbnail
25:27
KubeVirt scale test by creating 400 VMIs on a single node
155
Thumbnail
23:54
Isolating PCI/CXL Devices: It All Starts with System Launch
156
Thumbnail
27:19
Introducing OKD Virtualization
157
Thumbnail
28:26
DevOps, Cloud Native, DPUs: beyond the buzzwords
158
Thumbnail
27:22
Cross-platform/cross-hypervisor virtio vsock use in go
159
Thumbnail
39:27
Panel 2: Dependencies for Vulnerability Discovery and Tracking
160
Thumbnail
24:03
SweetAda: A Lightweight Development Framework for the Implementation of Ada-based Software Systems
161
Thumbnail
1:04:19
SPARKNaCl: A Verified, Fast Re-implementation of TweetNaCl
162
Thumbnail
24:00
Exporting Ada Software to Python and Julia
163
Thumbnail
38:43
Proving the Correctness of GNAT Light Runtime Library
164
Thumbnail
34:15
The Outsider's Guide to Ada
165
Thumbnail
33:38
The Ada Numerics Model
166
Thumbnail
24:34
Ada Looks Good, Now Program a Game Without Knowing Anything
167
Thumbnail
13:49
Introduction to the Ada DevRoom
168
Thumbnail
1:03:39
Introduction to Ada for Beginning and Experienced Programmers
169
Thumbnail
03:37
Closing of the Ada DevRoom
170
Thumbnail
24:02
Implementing a Build Manager in Ada
171
Thumbnail
23:41
Getting Started with AdaWebPack
172
Thumbnail
29:04
Overview of Ada GUI
173
Thumbnail
28:41
Use (and Abuse?) of Ada 2022 Features in Designing a JSON-like Data Structure
174
Thumbnail
29:02
Alire 2022 Update
175
Thumbnail
21:27
secPaver: Security Policy Development Tool
176
Thumbnail
29:11
State of Open Source Databases
177
Thumbnail
46:51
IMPLEMENTING AN INCENTIVISED PARTNERS PROGRAM IN MAUTIC
178
Thumbnail
19:07
Introduction to qbe
179
Thumbnail
23:49
Verifiable Credentials and Decentralized Identifiers with DIDKit
180
Thumbnail
27:11
Automatic CPU and NUMA pinning
181
Thumbnail
39:32
Build and release tools tailored to building, releasing and maintaining Linux distributions and forks
182
Thumbnail
29:59
Modding the Immutable – how to extend Flatcar, an immutable image-based OS
183
Thumbnail
44:49
Collaboration instead of Competition
184
Thumbnail
38:16
CentOS Stream: stable and continuous
185
Thumbnail
09:00
Extending Kubernetes with WebAssembly
186
Thumbnail
28:41
Boot2container: An initramfs for reproducible infrastructures
187
Thumbnail
29:20
Free tools that help you run online events in an effective way
188
Thumbnail
25:37
Streaming and Edit Conference Videos with OBS, Jitsi and kdenlive
189
Thumbnail
38:34
FOSS Events Primer
190
Thumbnail
50:12
Run a conference with pgeu-system
191
Thumbnail
03:34
Welcome to the Conference Organisation Dev Room
192
Thumbnail
28:23
FOSDEM Conference Infrastructure
193
Thumbnail
28:57
Lessons from 6 Virtual Ansible Contributor Summits
194
Thumbnail
19:54
Debian Conference Infrastructure
195
Thumbnail
29:06
Introducing ONLYOFFICE Forms for paperwork automation and smart collaboration
196
Thumbnail
24:28
Oniro - an open-source starter for fast-paced IoT environments
197
Thumbnail
32:04
Unifying Infrastructure and Application Delivery Using Keptn
198
Thumbnail
23:46
Porion a new Build Manager
199
Thumbnail
23:46
Massive Unikernel Matrices with Unikraft, Concourse and More
200
Thumbnail
23:58
How to improve the developer experience in Heptapod/GitLab
201
Thumbnail
44:26
Continuous Integration Pipelines with Nomad, Vault and Jenkins
202
Thumbnail
19:00
Pushing the Open Source Hardware Limits with KiCAD
203
Thumbnail
19:37
Open CASCADE Technology: status update
204
Thumbnail
18:51
ngspice - current status and future developments
205
Thumbnail
18:38
LibrePCB Status Update
206
Thumbnail
59:14
KiCad Project Status
207
Thumbnail
18:40
Hacking through BIM models
208
Thumbnail
29:43
Valgrind and debuginfo
209
Thumbnail
21:49
Adding Power ISA 3.1 instruction support to Valgrind
210
Thumbnail
53:16
Upstreaming the FreeBSD Port
211
Thumbnail
10:11
Enable AVX-512 instructions in Valgrind
212
Thumbnail
20:31
Privacy-preserving video object detection in WebAssembly inside Veracruz
213
Thumbnail
20:13
SGX Enclave Exploit Analysis and Considerations for Defensive SGX Programming
214
Thumbnail
23:51
Secure boot, TEEs, different OSes and more
215
Thumbnail
23:18
Logging, debugging and error management in Confidential Computing
216
Thumbnail
23:20
Intravisor -- a hypervisor for fine-grained isolation using CHERI
217
Thumbnail
23:18
Symbolic Validation of SGX enclaves using Guardian
218
Thumbnail
23:16
Gramine Library OS
219
Thumbnail
23:59
Rethinking the OS for Isolation Flexibility with FlexOS
220
Thumbnail
20:46
WebAssembly + Confidential Computing
221
Thumbnail
23:15
Developing for the AWS Nitro Enclave Platform
222
Thumbnail
58:13
Process-based abstractions for VM-based environments
223
Thumbnail
23:10
Arm CCA enablement through the Trusted Firmware community project
224
Thumbnail
35:09
Unit testing Linux kernel drivers
225
Thumbnail
13:10
How (not) to make a mockery of trust
226
Thumbnail
43:01
LAVA + OpenQA = Automated, Continuous Full System Testing
227
Thumbnail
21:33
Data Replication and Migration from Ceph RGW to Cloud
228
Thumbnail
28:57
Introducing Garage, a new storage platform for self-hosted geo-distributed clusters
229
Thumbnail
36:33
COSI : a brief update
230
Thumbnail
09:43
Migrate to Ceph-CSI
231
Thumbnail
29:01
Trajectware - timeline-based navigation across computing heritage
232
Thumbnail
58:59
A Brief History of Spreadsheets
233
Thumbnail
37:28
Debunking The Myths About The Raku® Language
234
Thumbnail
58:31
Keeping old Unix/Linux up-to-date with pkgsrc
235
Thumbnail
1:24:01
A Computer Museum Why and how?
236
Thumbnail
27:40
FrogFind and 68k News
237
Thumbnail
29:33
Old Web Today: Keeping Flash (and other) Retro Web Sites Accessible on the modern web
238
Thumbnail
33:58
Hack for the Planet
239
Thumbnail
19:45
Getting 1K Chess for the ZX81 online
240
Thumbnail
29:35
AOSC OS/Retro - An Introduction
241
Thumbnail
43:57
Made by Woz: how Apple-1 operating system works?
242
Thumbnail
28:21
Radically simple testing in Raku
243
Thumbnail
57:44
Raku Steering Council Q&A Panel
244
Thumbnail
24:00
Class learning analytics with Raku
245
Thumbnail
36:23
A Raku Grammar for Navigation Lights
246
Thumbnail
33:36
GitHub Actions (in|for) Raku
247
Thumbnail
22:12
Free Software, Dependency Management, and what I got wrong at FOSDEM 21
248
Thumbnail
33:33
Keeping the past to preserve the future
249
Thumbnail
38:23
Decentralized DevOps with Unfurl
250
Thumbnail
29:02
Voyager 1 adventures
251
Thumbnail
29:05
Opensource WiFi chip (openwifi) progress and future plan
252
Thumbnail
29:06
gr-ofdmradar: OFDM Radar in GNU Radio
253
Thumbnail
09:34
Introducing the M17 Project
254
Thumbnail
29:42
Emitting Hellschreiber from a Raspberry Pi GPIO: combining gr-hellschreiber with gr-rpitx
255
Thumbnail
58:07
AlekSIS, the Free School Information System
256
Thumbnail
42:59
Working effectively with (-support-) the community
257
Thumbnail
56:43
Solving the knapsack problem with recursive queries and PostgreSQL
258
Thumbnail
58:30
Slow things down to make them go faster
259
Thumbnail
29:37
PostgreSQL Distributed & Secure Database Ecosystem Building
260
Thumbnail
28:30
Future Postgres Challenges
261
Thumbnail
43:42
What I wish I knew about security when I started programming
262
Thumbnail
58:22
Secure Communication with Tls
263
Thumbnail
38:12
Sudo: Watch and control your blind spots
264
Thumbnail
44:27
WebRTC broadcasting with WHIP
265
Thumbnail
43:06
UnifiedPush: A FOSS cross-platform push notifications protocol
266
Thumbnail
48:16
Jitsi: 20 years of Real Time Communications
267
Thumbnail
58:58
On the Far Side of REST
268
Thumbnail
58:44
Implementing the NTFS filesystem in Rust
269
Thumbnail
45:09
Open Source Network Automation in 2022
270
Thumbnail
43:48
European digital sovereignty and open source
271
Thumbnail
35:38
Are we being inclusive with our community recognitions?
272
Thumbnail
20:35
Strengthening Developer Communities in Unprecedented times
273
Thumbnail
20:10
Tracking your time with Timewarrior
274
Thumbnail
19:18
A lightning intro to re-Isearch
275
Thumbnail
18:59
Rapid Prototyping of a Positioning System
276
Thumbnail
14:58
NetOTA: Quick introduction to IoT centric package archive
277
Thumbnail
20:10
Jupyter for React.js developers
278
Thumbnail
18:06
Measuring and analyzing humidity data using Python, syslog-ng and Elasticsearch
279
Thumbnail
14:29
C meta-programming for the masses with C%: cmod
280
Thumbnail
18:45
Generating virtual 3D exhibitions from Wikipedia
281
Thumbnail
20:42
Collabortive group self-awareness with Where, a Holochain app
282
Thumbnail
17:21
LibreOffice 7.3 New Features
283
Thumbnail
13:47
Thunderbird in 2022
284
Thumbnail
20:30
ToroV, a kernel in user-space, or sort of
285
Thumbnail
05:18
Hardware-accelerated graphics in secure multi-tenant environments
286
Thumbnail
37:27
Making a Community Managed FOSS Project Sustainable
287
Thumbnail
22:18
Valgrind on RISC-V
00:00
Open setOpen sourceInformation securityStationary stateAbstractionVirtual realityJava appletSystem programmingInternet service providerIntegrated development environmentFlow separationPoint (geometry)Enterprise architectureFunction (mathematics)PasswordTask (computing)Normed vector spaceFormal grammarImplementationShape (magazine)Advanced Encryption StandardInformationChainSoftware engineeringDependent and independent variablesHypermediaFlow separationArithmetic meanPoint (geometry)System programmingSoftware bugVulnerability (computing)Focus (optics)Open sourceStationary stateSubsetInternetworkingService (economics)Perspective (visual)Information securitySingle-precision floating-point formatIntegrated development environmentMereologyPower (physics)Multiplication signFunction (mathematics)Process (computing)Enterprise architectureMedical imagingFLOPSFormal grammarSoftware developerDistributive propertyInterpreter (computing)SoftwareNormal (geometry)Different (Kate Ryan album)CuboidGroup actionStandard deviationMathematical singularityProduct (business)Gastropod shellValue-added networkSakokuOperator (mathematics)FamilyUsabilityQuicksortNeuroinformatikOcean currentMathematicsData miningWordGodBlogCodeState of matterCASE <Informatik>Distribution (mathematics)Rational numberBlock (periodic table)Exterior algebraoutputFlow separationType theoryTerm (mathematics)Software frameworkEncryptionSystem administratorShift operatorPasswordFormal verificationRegulator geneInternet service providerDiagramComputer animation
07:06
System programmingImplementationOpen sourceAdvanced Encryption StandardShape (magazine)Point (geometry)Enterprise architectureStationary stateData storage deviceInformation privacyServer (computing)CodeTerm (mathematics)Interpreter (computing)Logical constantChemical equationFluid staticsFormal grammarAerodynamicsLibrary (computing)ConsistencyVector potentialoutputKernel (computing)Flow separationFunction (mathematics)Translation (relic)Data structurePairwise comparisonOpen setDistributive propertyIntegrated development environmentModel theoryMoving averageDerivation (linguistics)DataflowDisintegrationLink (knot theory)PredictabilityDatabase normalizationCodeNormal (geometry)Representation (politics)CASE <Informatik>Exterior algebraChainCondition numberRevision controlData storage deviceSoftware bugTerm (mathematics)Type theoryMathematicsINTEGRALStationary stateProcess (computing)Information privacyEnterprise architectureInterpreter (computing)Different (Kate Ryan album)Dynamical systemSoftware developerDistributive propertyLogical constantConsistencyPerspective (visual)Fluid staticsPhysicalismoutputFunctional (mathematics)Library (computing)Kernel (computing)Flow separationTheory of relativityDistribution (mathematics)System programmingPower (physics)Arithmetic meanData managementState of matterSoftware testingChemical equationOpen sourceStandard deviationDependent and independent variablesInformation securityOperator (mathematics)ImplementationFocus (optics)DataflowMereologyCuboid1 (number)MultiplicationPosition operatorOffice suiteFlow separationMultiplication signForcing (mathematics)Cellular automatonOcean currentPrisoner's dilemmaInsertion lossInternetworkingRecurrence relationExecution unitSign (mathematics)Pairwise comparisonClient (computing)Computer animation
14:01
Open sourceCodeLogical constantMoving averageModel theoryIntegrated development environmentDerivation (linguistics)DisintegrationDataflowSystem programmingWebsiteKernel (computing)Operations researchInformation securityRouter (computing)Enterprise architectureInternet service providerStatisticsMobile WebTable (information)Communications protocolAsynchronous Transfer Mode9K33 OsaOpen setJava appletVirtual realityReal numberImplementationCodeDatabase normalizationDistribution (mathematics)WebsiteDistributive propertyPower (physics)System programmingCASE <Informatik>Term (mathematics)Chemical equationSoftware developerDynamical systemImplementationInformation securityCartesian coordinate systemOpen sourceSoftwareMultiplication signFunction (mathematics)Kernel (computing)Different (Kate Ryan album)InternetworkingCommunications protocolState of matterStandard deviationService (economics)MereologyTorvalds, LinusExploit (computer security)Shared memoryChainOperating systemFile systemInternet service providerMachine codeHexagonLibrary (computing)InformationModel theoryIntegrated development environmentSoftware maintenanceTheoryProcess (computing)Goodness of fitVideo gameCore dumpPairwise comparisonHecke operatorWindowData storage deviceInsertion lossStationary stateForcing (mathematics)Constructor (object-oriented programming)MassWater vaporPoint (geometry)Software development kitWeb 2.0Population densityComplete metric spaceComputer animation
20:56
ImplementationSystem programmingOpen sourceDistributive propertyInformation securityData managementIntegrated development environmentAttribute grammarKernel (computing)CodeSoftware developerKernel (computing)CASE <Informatik>System programmingCryptographyRule of inferenceCodeDistributive propertyMereologyWebsiteDynamical systemImplementationDifferent (Kate Ryan album)Constructor (object-oriented programming)Software developerOpen sourceInformation securityPower (physics)Price indexProduct (business)Software maintenanceTerm (mathematics)Service (economics)Stability theoryIdentifiabilityStationary stateStandard deviationAssociative propertyFacebookOcean currentDistribution (mathematics)Category of beingStatuteSoftware bugEnterprise architectureDatabase normalizationReal numberSoftware frameworkType theoryLocal ringBitLink (knot theory)Context awarenessFrequencyCollaborationismMetreMultiplication signAdditionElectric generatorTournament (medieval)FluidWater vaporCuboidPublic key certificateCellular automatonPlastikkarteMedical imagingSinc functionInsertion lossComputer animation
27:48
Computer animation
Transcript: English(auto-generated)
00:13
Welcome to my lecture, Global Unified Governance Framework for Open Source. My name is Christopher Klortz and I have studied in both the realms of computer and social sciences
00:24
and so I have made a different perspective on several of the current developments and today I want to give you an alternative perspective and also a potential approach that can help us to tackle several issues. We will begin with the problems we have in the international society,
00:41
so the society of sovereign states as of today. Then we will have a look on the open source system, what is it and in the end we will come to the obstruction, the international arbitration and how it can give us possibilities we have not yet used. The security providers of today are of course the sovereign states.
01:02
They are determined by geography, their sovereignty and obviously they are designed for purely social systems. This leads to the question, what if the social environment is replaced by a socio-technical one? What does socio-technical mean? It means blood borders among the technical systems like the internet and the social system.
01:23
There are no longer clear or distinct points of transition. There are persistent reciprocal interactions, influences and impacts and so it is no longer possible to separate or split these two systems. They are persistently interdependent and interacting. So, are sovereign states and their traditional separations of powers
01:44
secure by design in this new environment? What does secure by design mean? It is a concept from software engineering and it shifts the focus from the bugs, the errors, the mistakes we have to the architecture and asks whether these are just symptoms of an architectural flaw
02:01
and so finding the bugs doesn't make a difference. The first issue for us here is we have to avoid single points of failure, abuse and manipulation by architecture. So, in purely social systems we have already separations of powers that can fulfill this purpose. On the other hand, we need a predictable behavior of the system.
02:22
So, we need to ensure intended input to have predictable output. I need to know what I am allowed to do to not get punished. Otherwise, the system cannot offer me security. So, this is a common approach where we have already two single points of failure. The IT operations and the development of the IT systems
02:42
affecting the whole social system at once. So, a very well example is the SolarWinds hack of 2020 where many public agencies, private customers and people were affected because there was a hack in the build processes, in the build environment
03:01
which is the part where the software we can use is created to have finally something usable. We can have a comparable issue in the IT operations. For example, if there is one weak password from one admin which also was the origin of the SolarWinds hack in the IT development environment.
03:20
Another issue here is of course the consolidated fertile IT agencies. Another issue manifest could be the blockchain approach as it is currently used or implemented in Estonia for example where we have many different blockchains to create no single point of failure.
03:43
Of course, affecting one node doesn't make a difference for the remaining but if we have one company that propertarily, without external review develops the technology, the software for all blockchains and if there is one IT agency that does the administration of all we have still the same two points of failure
04:01
and then anticipating these blockchains offering me security can be very dangerous if I then use them to verify everything legislative, judiciary, court systems, police files, healthcare and such which is planned and given the public papers we have, it cannot be excluded that this will be possible. And the absence of full information to everything there
04:22
also makes it hard to determine whether they have considered everything because of the absence of external review. So what you see here is just an illustration, one manifest of an institutional problem because the system, the traditional system is focusing on responsibility and liability. And so it needs one entity that has to take over the responsibility
04:42
and thus this entity also needs to have the means, the full access to possess this responsibility. And so also the public review is something that is still partly seen as a vulnerability on itself and so there remains a focus on security through obscurity
05:01
which consolidates review because external review is also a type of distribution even if I have just one agency for example and the system also anticipates that flaws imply bad work. So good work means we won't have flaws and so everything will be fine and we don't need to consider it. So this can have many manifests
05:21
and if I have multiple agencies that distribute this does not necessarily make a difference if every agency can create full harm. So this is just one example how I can manifest a much deeper institutional problem and we have also to see that security is much more than not getting hacked
05:43
but also offer the services people need. For example currently we have big issues in Germany with the COVID apps that are able to really implement the new regulations in an accessible, suitable amount of time.
06:01
So this approach is generally no integral part of the international society, it's no formal thing. I think that means getting rid of these problems implies getting rid of the international society or a sovereign state. It's an informal thing and it's architectural, yes, it's an architectural flaw but of a subsystem, not of the system as a whole.
06:21
It's an informal problem of the society and the society develops over time. It has integrated passive development where the society adjusts its behavior and its interpretations of the norms and its interpretations of laws when their traditional interpretations are no longer competitive. So this is something that can happen within the system
06:41
and where the society can learn and interact with open source, public drafts, public standardization which leads to distribution and also an ongoing public review. We have already examples like the advanced encryption standard, SHA-3, the security enhanced Linux, where public agencies or publicly strongly influenced agencies
07:03
like the Internet Engineering Task Force or in terms of IAS and SHA-3, the National Institute of Standardization and Technology, strongly interact with open source and possess open source institutions. They have adopted public drafts, public standardization. So we see open source and international society,
07:21
we cannot just say these are two entities, it's the institutions that make up what we are up against and so it's also a blurred thing and you can only see is it open source by institutions and so it's also a blurred thing and there are public agencies and publicly strongly influenced entities
07:41
that are already part of the open source system. And so we have also many implementations already, systems are using open source, supporting it and using publicly reviewed systems, for example Linux, and have also distributed types of operations of review. So once again the graphics is just an illustration,
08:02
multiple possibilities, how I can create distribution but also within an agency, not just among different ones. So the architectural flaw I see in a subsystem is not a general issue and so we can mitigate it by alternative subsystems but it's more than just fighting the bugs and something that means replaceable norms from within.
08:22
How the system tackles its approaches but it's a bigger issue when we come to here. We have in terms of predictable behavior, state one, a customer, he's the customer of a company in state two and this company processes its data in state three but storage is done in state four
08:41
and this leads us indirectly to problems, to bugs, like how to enforce European institutions on Telegram, which is in UAE, a current problem in the European Union but also a very old issue, how to enforce European privacy institutions when data is stored in the United States, which also wants to protect its territorial integrity
09:01
and its own laws. So we can tackle each one of these on its own but finally there is an architectural flaw and it's comparable when we have the GPL, version two, whichever, can be different and interpreted in different states and also within a state that can have different interpretations
09:21
because these are not legal terms and they are so very ambitious and can be interpreted in different ways, my judge, and they are not interpreted in neither state and they are interpreted and derived from the legal constants of the traditional system. They are not prepared for the transnational dynamic socio-technical system
09:41
because this new system has much more dynamics, it's persistently developing and it has not this integrated development of the society, which is passive and so asynchronous developing, if we have a well precedent or a well law on day one, on day two, everything can have changed
10:00
and so the system needs to start again by zero and also in a different case, things can be differently interpreted. So in Germany, I can own something, I can possess something and I can use something but if I use a library, what's the difference to forking code and what's the difference between a static link or a dynamic link of a library?
10:21
So this is heavily probabilistic in terms of a traditional system and so I cannot have security here. And so a question for the lawyers, how stare is the agency of stare diseases, which is representative for what our current system wants to achieve? How stare is it in the socio-technical dynamics of code?
10:42
So only dynamics can balance dynamics and so if I try to seek or to get a static condition on one side, I cannot foresee how it will act when there is a change on the other side so it will be even worse in the situation possibly. So in the current social system,
11:01
we have the interpretation of laws that develops with the society and this gives us a static field, it's a passive process of the society but the code does not develop with these informal dynamics. It's a completely different thing but that's not an issue because the code itself is unbiased, it's maths, it's physics and it has a static dynamics
11:22
because the dynamics can be anticipated how it will develop, we both. We know what we are up against and so this is not an issue. We have the static dynamics of code in this other system that have to be considered as such and that offer us a constant security. And so from the perspective of socio-technical open source system,
11:42
the traditional system, contains inconsistency among interpretations and thus among cases. And so a judge can anticipate, we can anticipate that he knows its law but what is the difference,
12:02
the relation between library and executable for him? He doesn't really know much about it and his law doesn't help him really. So it's very probabilistic again and so we have no reliable consistency or predictable behavior here and thus a lack of security. So if you input data into a system which does not intend it, I have the same thing on a Linux.
12:21
It wouldn't behave different. It's unpredictable behavior. It will be a kernel panic. And so we are talking here about architectural flaws that have to be considered that way and this leads us to the open source system. First in comparison, we have the geographical separations in the dominant sovereign states and we have functional separations in open source.
12:41
So geography is really a secondary thing. It's more about are you a kernel developer? Are you a tester of a distribution? Are you one of the management guys? So it's a functional thing and everything else is secondary and instead of separations of powers which is a type of command economy in itself, we have a distribution of powers which is competition and it captures the dynamics of code,
13:02
the static dynamics of code within this distribution of powers capturing the development. So the interpretation of laws is changing with the society, for example. So it's a balancing itself, balancing thing.
13:21
On the other hand, we have also responsibility and liability focus in a traditional system. We had initially already talked about it and we have an individual focused chain of trust in open source in many cases which is also a very different thing. So the major institutions for open source are forking, redundancy and transparency
13:40
which also link already to Linux law and flow anticipation. So forking means that I can use any code if I disagree with how it develops, how things are done and create something else just by forking using it and create something new and we have a lot of redundancy. So build processes,
14:01
we have many different build processes where the Linux kernel is tested. There is much redundancy in review codes are tested, reviewed and such and this also needs transparency otherwise it doesn't work. And so these are the major institutions where flaws are anticipated and just one problem
14:21
that has to be solved as any other problem. It's nothing where you talk about fault. It's something new in the system because it's actively developing itself not passively. And so we have also within the communities a rough consensus that is driven by merit-based persons. So for example, Linus Torvalds who is more or less deriving the consensus
14:41
of the Linux kernel community. And so this gives a one person a lot of theoretical power where we can have a very efficient development but it's still a very good balanced power because if someone disagrees we have still the possibility of forking through redundancy and transparency and so these people like Linus Torvalds
15:01
are still affected by competition with others. And the constant obviously remains the code. And because of these asynchronous development we have a rolling release model in this technical open source system in the socio-technical open source system. It's no anticipation of a static environment
15:21
because we are doing the development actively and so we are anticipating the development and not seeking something static. Just we are seeking the static behavior of the development of code. We know its dynamics, how they will develop. This already captures the dynamics of the code
15:42
creating competition-based distribution of powers. We have many different communities within with our mouse cases rough consensus driven some in different ways and if you disagree with it you can always create forks which happens from time to time. This does not have to have hostile reasons and forking is usually caused by redundancy and transparency.
16:03
Also in terms of standardization not just in new protocols and such it's not just software development. So is this security critical? The majority of websites are Linux driven given the fact that just 0.3% are not Linux.
16:21
Of those we know you can anticipate that a majority of the unknown sites are also Linux and when it comes to companies who spend money to get security that they can rely on their operating systems 34% rely on Red Hat Linux just one of many different Linux distributions so the Linux market share in general will be much more
16:40
and Cisco and Juniper themselves have 44% in the market of the service providers so the providers of the internet that run the infrastructure where all the traffic of the internet is passed through and their current, their new systems are all based on Linux and there are many more providers
17:01
that are maybe also using Linux but where I couldn't get reliable information and also 70% of the phones people use are Linux driven by a modified kernel and so this is also not just about HEX but about services it's for me today an important part of security to be reachable, to have access to Signal, to be able to buy something on Amazon
17:21
to rely that my system is able to manage the output of the Amazon website so this is all belonging to security as of today and despite opportunities when I can get malware into the Linux kernel there is no exploitation until today so there is a reason for that which does also include a chain of trust of course
17:43
which is also a related institution and despite its dominance the Linux community still does not behave like a dominant market player and this is something we have to consider it has stable competition within and around and there is much more protocol, standardization and software we are using and also libraries and things like WebKit
18:02
are also part of proprietary system for example Safari uses WebKit in its Corus engine and much software and proprietary uses open source libraries so we cannot really foresee how much this is and because of the development which is active unlike the social system where society develops passive
18:21
the development and maintenance have to be considered on themselves in the development in security aspects because it's done actively so this is also something the traditional system is not prepared for this is how it looks we have the development life of the Linux kernel where the open source system is more or less on itself
18:41
next to anarchy doing the work on itself but in most cases of course it's still subordinated to the international society in some cases it even gives security to its communities by managing unseatable precedents or laws of the system so what does technology do in such cases?
19:04
it creates obstruction layers we have running systems we cannot simply replace Windows, Linux, whatever we can create an obstruction layer on top that gives us the possibility to have an application that can be run on everything comparable we have it with Ceph where we needed simplification where it was no longer possible
19:21
that one file system could seat any need we have especially in terms of distribution and so everything out we had an output was too complicated and so we now just use the systems we already have which we are used to that are running everywhere we cannot get replace everywhere just within an hour or so and so we can still use them for what we are doing traditionally
19:43
and just we added another obstruction layer like in another application to add the distribution so obstruction layers can make a big difference and they can also help us to give the judge something the system is intended for but we have to consider the institutions that are important for us not just in this case at another CURD
20:00
as we know it so the big issue here is the convention of New York 5859 this does not introduce international arbitration but just gives an international foundation to enforce arbitration awards more or less globally and so the relevant implementation of the arbitration law
20:23
is always the national one so the law of the arbitration body and it's irrelevant where the parties are placed so we have also much security here and an award can be enforced globally by the state system itself but to give the judge something he knows he's intended for
20:41
he has just to verify the compliance of the arbitration case to the arbitration agreement and of the arbitration agreement to its national law in the case of an arbitration body always the national implementation of the law so this is something he's intended for and we can use it more or less globally because you see in blue the majority of states of the world
21:02
are member states of this convention to enforce an arbitration award two examples you can get into also to have some illustration of what this is all about and so what can we do with the system here what can it be enhanced and how to add this obstruction layer this is what we will have
21:20
an international arbitration obstruction layer for the open source system for create security for both sides and it will be also complementary for the international society because through the international arbitration we help the international society through open source system to also fill the remaining gap with this arbitration concept it is used to, it knows how to handle it
21:42
and so it's a symbiosis more or less we're talking about and in terms of Swiss arbitration just one example we can have also many other states that have suitable laws like UK or such it has two laws but we are free to choose which one we want to apply and so only the highest curd of Switzerland
22:03
this one curd treats cases against arbitration issues other curds are not allowed to do so so we have much specialization experience and knowledge which gives us security and also the public and politics in Switzerland tend to facilitate such implementations socio-technical things in Zug you can already pay public agencies with crypto currencies
22:23
we have the Facebook driven Diem associations or the regulated Libra currency and we have just passed a new law to further facilitate international arbitration and just a little additional incentive partly related to here
22:41
can such a regulated crypto currency which is also possible in Switzerland be complementary because it can give us the possibility for a global stable type of transnational currency which is backed by a stable transnational legal framework which gives us the possibility for linking the source and its exchange which is today of course in most cases a service thing
23:01
which can also drive development because a legal stable framework and a currency and a stable one is also a big issue that can give us access to even more contributors worldwide and some incentives for this arbitration thing what could prove competitive what we have to maybe consider
23:21
instead of just adding a new curd it has to be tailored of course for the rolling needs of this new system which also differs strongly because it is based on community and not on deterrence because you can anticipate in this system that people who are engaging in the socio-technical open source system
23:42
have a very high human development and so it's more competitive to anticipate community rather than crime because the system and its dynamics its efficiency, the flexibility already we know that it automatically gets rid of behaviour that is not competitive for the system
24:01
so it's already very efficient and so here it makes sense to go more towards collaboration because it's just problems we are up against that have to be solved to create security for the future and not punishment which is done by the system already and also by the criminal law
24:21
which is also something that is not part of the arbitration but where the arbitration can also which can be complemented by it another issue that is already widespread in open source self-certification for example for code coverage or for implementing best practices
24:40
you can have rules that just have a shawl which means you don't must but where the self-certification means a company says hey we are implementing this we are making the shawl to a must and so an arbitration would also treat this entity that way when it comes to arbitration and so it's also something that gives us security, flexibility
25:01
for future and so constructs like the Linux kernel development or the ITF are maybe more suitable indication than traditional currents here and we have also to consider the back parts so if we make a global rule we have also to think of what will be the differences in local implementations
25:21
so how does local systems behave to it, how to make local entities aware of what are the differences for you with this new rule so this is something important that has to be considered on itself in terms of intentional property we already know it becomes more and more services rather than products because
25:43
it's hard to implement such a system so it makes sense in such an arbitration to simply assume everything is open and the intentional property protection is not our business but has to be done separately in another traditional current it's important to keep the system transparent, redundant and also forkable
26:02
by statutes and this links also to the question has a lawsuit to be in advance or can it be done just like the development in the system where we have debates for example among arbitrators how they will treat a case if it will happen based upon the rules done possibly by maintainers or so
26:21
because the bureaucracy we want to avoid in a normal system is here not necessary this avoidance because the system already competes towards efficiency in the realms of code anyway we know this so here we can also create or add further security if we keep for sure that there is a distribution given the forkability
26:42
and such and implement the standards the system the open source system and its distribution of powers is used to and of course we have to carefully identify stakeholders maintainers of the rules, arbitrators the users, developers and whatever and of course the question remains how much of this can be really implemented
27:01
in a real arbitration law which also has rules and so what I'm talking here about my incentives are really just implicitly legal and nothing explicit and so a lawyer can come to the conclusion that maybe much is not possible and of course we have to consider that and the transition of the existing licenses is
27:21
also a bit problematic which has to be considered on itself and so always consider architectural flaws and bugs are different things and have to be considered respectively and so now I'm looking forward to your questions and given the very short Q&A period we have now feel free to do some background investigation and add further
27:41
questions on the GitHub site I have set up for this or other comments so looking forward to your comments