OSCon day 4 - Talks

• Keynotes
  • Most interesting stuff I learnt Formats are back, form can compensate substance... (not that this is any news...)
  • Take away Not much really though the talks were lively and the presenters entertaining. I liked the Origami talk the most.
  • Details
    • Nick Gall - How to Architect Freedom - IFaPs: Identifiers, Formats and Protocols. IFaPs opposed to API. The revenge of the formats? Interesting idea...
    • David Hansson - Secrets behind Ruby on Rails : I was afraid that Ruby would be boring, well, it is...
    • Kartik Subbarao - Enterprise IT Open Source Powerhouse - Very entertaining talk and rather smart points made on why enterprise needs to use Open Source. Preaching to the choir here though...
    • Robert Lang - Computational Origami . Very interesting and fun. Inspirational but little direct relevance for us.
    • Mitchell Baker interview
    • Dick Hardt - Identity 2.0 by sxip's CEO - Really fun presentation. Not a lot of idea though, more form than substance.


• Calculating the ROI of Open Source: How to Build Your Own Model - Robert M. Lefkowitz
  • I was kicked out of this talk for, apparently, not having the right credential on my badge. Unpleasant...


• The DNA of a Commercial Open Source Software Business Model - John Roberts
  • Most interesting stuff I learnt Pure Open Source project can be the basis of for profit start ups
  • Take away It was a very inspirational talk despite the fact that CRM is not really appealing to me. Apparently, VCs are warming up to the idea of funding Open Source companies. A good sign for sure. Somewhere, there's a little bit of the "lillipad" strategy on this growth model.
  • Details
    • Example of how running an OS Project and a company
    • 2nd look at the "manufacturing" of enterprise application
    • Frustrated by the traditional model : do engineering then be swamped in marketing and market forces
    • Wanted to bring back engineering up front
    • 1st Open Source application company founded by VC money
    • Got something on SourceForge out first, get validation from users, get feedback and a small community first
    • Keep the "org" and "com" separated ("church and state" analogy)
    • Use the MPL (Mozilla Public License) under the "Sugar Public License"
    • Now already a global presence without having done any international effort
    • Have a "Pro" version with some commercial code
    • Use a very similar model to MySQL as far as business strategy is concerned


• It's Time to Share: Calendar Data Interchange - David Sklar
  • Most interesting stuff I learnt iCalendar is a great spec, use it.
  • Take away We're apparently doing the right thing with Chandler and Cosmo. Chandler was mentioned and did rank pretty well against the other market players (including Outlook).
  • Details
    • iCalendar (RFC 2445) is the spec
    • Presentation of the existing client : Chandler was mentioned... Our icon SUCKS!!! Let's change it... please...
    • We don't support vCal : old spec so not really an issue
    • Contrast the different apps understanding of the subtleties of iCalendar : Chandler rated well (better than Outlook and Palm...)
    • iMip : scheduling via email : scheduling and resources incorporated in a VEVENT envelope
    • CalDAV will replace that...
    • TZ : if you think international time is hard, wait till you see all the counties exceptions in the US...


• Are Open Source Developers Prepared for Security Bugs? - Alex Vincent, Nitesh Dhanjani, Dan Veditz
  • Most interesting stuff I learnt Nothing really, I think I've been on MSRC mailing list long enough that no security scare can really surprise me...
  • Take away It doesn't look that the actors themselves have a strategy to deal with security issues. This in itself is an issue. To be honest, I was expecting some typology of security exploits and how to audit them in code.
  • Details
    • Confusing discussion on how to publicize security issues
    • Good and bad things about auto update, issues with hacked and malicious mirrors
    • Confusing discussion about triage and what makes a security issue


• Using WebDAV - Greg Stein
  • Most interesting stuff I learnt WebDAV is meant as a replacement to FTP over HTTP
  • Take away Technical but general content. I went there so that I could understand the CalDAV underlying technology better. No use of WebDAV I can think of for Chandler (short of moving the repository to a server... hmmm...)
  • Details
    • WebDAV : RFC 2518, 3253, 3648, 3744
    • Designed as extension of HTTP
    • Really replacing FTP in most ways, also more secure since relies on auth instead of account credentials
    • Bunch of use cases (including SVN using WebDAV and a piece of Delta-V)
    • Range GET implemented on all WebDAV servers, range PUT is only implemented on the Apache one (ModDAV)


• The Future of Firefox as a Platform: A Panel Discussion - David Ascher moderating
  • Most interesting stuff I learnt XUL and the rest of the Mozilla platform are actively developed.
  • Take away I really need to read Mike Shaver's papers. The panelist were rather pleased with Mozilla as a platform. Thorniest issue seems to be the plug-in API.
  • Details
    • Read Mike Shaver's text on Mozilla as a platform (works for Mozilla as a sort of evangelist)
    • Issue : some entry points not obvious, lack of documentation
    • Lots of work being done on the platform right now
    • Python and PyXPCOM? Mark Hammond working on it
    • Definitely looking into pushing the platform : XBL for widget extensions, Cairo, SVG 1.1 etc...
    • Check the 1.5 roadmap