diff --git a/talks-public/2021-12-07-ihedn/2021-12-07-ihedn.org b/talks-public/2021-12-07-ihedn/2021-12-07-ihedn.org new file mode 100644 index 0000000..c476c14 --- /dev/null +++ b/talks-public/2021-12-07-ihedn/2021-12-07-ihedn.org @@ -0,0 +1,109 @@ +#+COLUMNS: %40ITEM %10BEAMER_env(Env) %9BEAMER_envargs(Env Args) %10BEAMER_act(Act) %4BEAMER_col(Col) %10BEAMER_extra(Extra) %8BEAMER_opt(Opt) +#+TITLE: Assessing the Lack of Digital Sovereignity in Critical Open Source Components +#+BEAMER_HEADER: \date[7 Dec 2021, IHEDN]{7 Dec 2021\\COPIL Chaire Cyber et Souveraineté Numerique\\Institut des Hautes Études de Défense Nationale (IHEDN)} +#+AUTHOR: Stefano Zacchiroli +#+DATE: 7 December 2021 +#+EMAIL: stefano.zacchiroli@telecom-paris.fr + +#+INCLUDE: "this/prelude.org" :minlevel 1 +#+INCLUDE: "../../common/modules/169.org" +#+BEAMER_HEADER: \institute[Télécom Paris]{Télécom Paris\\ {\tt stefano.zacchiroli@telecom-paris.fr}} +#+BEAMER_HEADER: \title[Assessing the Lack of Digital Sovereignity in FOSS]{Assessing the Lack of Digital Sovereignity\\ in Critical Open Source Components} +#+BEAMER_HEADER: \author[Stefano Zacchiroli]{Jean Leneutre, \textbf{Stefano Zacchiroli}} + +** About the speaker + #+INCLUDE: "this/zack.org::#bio" :only-contents t + +** Context --- Free/Open Source Software is Everywhere +*** + - Modern software development relies heavily on *software reuse* + - Specifially, reuse of Free / *Open Source* Software (FOSS) + - 96% of software products on the market contains at least /some/ open + source code in them (OSSRA 2020, Synopsis) +*** + This induces *dependencies* of different kinds: + 1. Development /processes and tools/ --- e.g., GitHub, Travis, VS Code + 2. Specific /open source components/ --- popular languages, libraries, + frameworks, etc. +*** + - What happens to our development activities if we *lose access* to + dependencies? + - *Who* can affect our software development practices via dependencies? + - Such actors can *sneak code into* our products and impact us via + *technical decisions* + +** Digital Sovereignty Implications +*** + As part of this action we propose to perform a *digital sovereignty + assessment* exercise about critical open source components that will answer + the following questions. +*** + - *Who* develops critical FOSS components we depend upon for + sw. development? + - Which *type of actors* are them? + - individuals / public bodies / for-profit companies / non-profit + organizations + - Where, and in particular in *which countries*, are those actors based? + - What would be the *impact* of losing access, temporarily or in the long + run, to the relevant software components + - e.g., due to /unavailability/ or changes in /intellectual property/ + regimes? + - Which *preemptive countermeasures* can be put in place to mitigate the + impact of losing that access? + +** Action Description + #+BEAMER: \footnotesize +*** + - Identify *use cases* based on /chaire/ partners interests: full + ecosystems (e.g., Python, Node, Java, etc.) and/or development practices + and tools + - Define a *methodology* that, given as input a (potentially large) set of + FOSS projects, produces as output an overview of who contributes to them + - For each use case, *identify critical dependencies* on 3rd-party FOSS + components + - For each identified dependency, determine the practical and business + *impact of losing access* to it + - For each identified dependency, *determine who develop* it and collect + all relevant data that could inform strategic decisions (type of actor, + geographic location, business model and funding, etc.) + - *Summarize findings* in a comprehensive report + - *Recommend digital countermeasures* to either eliminate dependencies or + mitigate the impact of losing access to them + +** Project Management Details +*** Timeline + | T+0M | kick-off | + | T+2M | use cases identification | + | T+8M | analysis of technical dependencies | + | T+10M | analysis of relevant geopolitical data | + | T+12M | summary of findings and recommendations (report) | +*** Budget :noexport: + | /Description/ | /Cost/ (EUR/month) | /Person-months/ | /Total/ (EUR) | + |---------------------+--------------------+-----------------+---------------| + | Research engineer | 4580 | 12 | 54960 | + | Prof. Télécom Paris | 27211 | 1 | 27211 | + |---------------------+--------------------+-----------------+---------------| + | /Total/ | | | 82171 | +*** Budget :noexport: + | /Description/ | /Person-months/ | /Total/ (EUR) | + |---------------------+-----------------+---------------| + | Research engineer | 12 | 54960 | + | Prof. Télécom Paris | 1 | 27211 | + |---------------------+-----------------+---------------| + | /Total/ | | 82171 | + +** Wrapping Up +*** + - FOSS components are commonplace critical dependencies in software + development and that has profound implications on our digital sovereignty + - We will explore who develop critical FOSS components we depend upon and + characterize them along geopolitical aspects like geographical origin and + actor type + - We will summarize our findings and propose risk mitigation approaches +*** Contacts + [[https://upsilon.cc/~zack/][Stefano Zacchiroli]] / [[mailto:stefano.zacchiroli@telecom-paris.fr][stefano.zacchiroli@telecom-paris.fr]] + +* Appendix :B_appendix: + :PROPERTIES: + :BEAMER_env: appendix + :END: diff --git a/talks-public/2021-12-07-ihedn/Makefile b/talks-public/2021-12-07-ihedn/Makefile new file mode 100644 index 0000000..68fbee7 --- /dev/null +++ b/talks-public/2021-12-07-ihedn/Makefile @@ -0,0 +1 @@ +include ../Makefile.slides diff --git a/talks-public/2021-12-07-ihedn/this/prelude.org b/talks-public/2021-12-07-ihedn/this/prelude.org new file mode 100644 index 0000000..db6d37f --- /dev/null +++ b/talks-public/2021-12-07-ihedn/this/prelude.org @@ -0,0 +1,96 @@ +# #+BEAMER_HEADER: \titlegraphic{\includegraphics[width=\extblockscale{0.7\textwidth}]{SWH-logo+motto}} + +#+STARTUP: hidestars +# activate org-beamer-mode minor mode automatically +#+STARTUP: beamer + +# org export options +#+LANGUAGE: en +#+OPTIONS: H:2 num:t toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t +#+OPTIONS: TeX:t LaTeX:t skip:nil d:nil todo:t pri:nil tags:not-in-toc +#+EXPORT_SELECT_TAGS: export +#+EXPORT_EXCLUDE_TAGS: noexport +#+LINK_UP: +#+LINK_HOME: +#+LaTeX_CLASS: beamer +#+LaTeX_CLASS_OPTIONS: [presentation,xcolor=table] + +# +# important font choice! +# +#+LaTeX_HEADER: \usepackage{libertine} + +# +# Let's move that logo... +# +#+LaTeX_HEADER: \usepackage{animate} + +#+COLUMNS: %40ITEM %10BEAMER_env(Env) %9BEAMER_envargs(Env Args) %10BEAMER_act(Act) %4BEAMER_col(Col) %10BEAMER_extra(Extra) %8BEAMER_opt(Opt) + +# have the theme desired +#+latex_header: \mode{\usetheme{swh} \beamertemplatenavigationsymbolsempty \setbeamertemplate{navigation symbols}{} \setbeamertemplate{headline}{} +#+latex_header: \setbeamertemplate{footline} +#+latex_header: { +#+latex_header: \leavevmode% +#+latex_header: \hbox{% +#+latex_header: \begin{beamercolorbox}[wd=.5\paperwidth,ht=2.25ex,dp=1ex,center]{author in head/foot}% +#+latex_header: \usebeamerfont{author in head/foot}\insertshortauthor%~~\beamer@ifempty{\insertshortinstitute}{}{(\insertshortinstitute)} +#+latex_header: \end{beamercolorbox}% +#+latex_header: \begin{beamercolorbox}[wd=.5\paperwidth,ht=2.25ex,dp=1ex,right]{title in head/foot}% +#+latex_header: \usebeamerfont{title in head/foot}\insertshorttitle{}\hspace*{2em} +#+latex_header: \usebeamerfont{date in head/foot}\insertshortdate{}\hspace*{2em} +#+latex_header: \insertframenumber{} / \inserttotalframenumber\hspace*{2ex} +#+latex_header: \end{beamercolorbox}}% +#+latex_header: \vskip0pt% +#+latex_header: } +#+latex_header: } + +# some color +#+latex_header: \rowcolors[]{1}{blue!10}{blue!05} + +# set the paths for images +#+latex_header: \graphicspath{% +#+latex_header: {../../common/images/}{../../common/logos/}% +#+latex_header: {pics/}{../images/}{../../images/}{../pics/}{../../pics/}% +#+latex_header: {../figures/}{../../figures/}{../logos/}{../../logos/}{../../../logos/}% +#+latex_header: {../../communication/web/graphics/carousel/}% +#+latex_header: {../../communication/web/graphics/pictos/png/400x400/}% +#+latex_header: } +# some default information I did not find how to set this in org-mode + +# to add the picblock macro +#+latex_header: \usepackage{extblocks} +#+latex_header: \usepackage{pgfpages} +#+latex_header: \usepackage{animate} +#+latex_header: \usepackage{alltt} +# +# Itemize in multiple columns +# +#+latex_header: \usepackage{multicol} +# +# Requires +# +# http://www-ljk.imag.fr/membres/Jerome.Lelong/latex/appendixnumberbeamer.sty +#+latex_header: \usepackage{appendixnumberbeamer} + +# +# Colors, color boxes +# +#+latex_header: \usepackage{color} +#+latex_header: \usepackage{soul} + +# http://tex.stackexchange.com/questions/41683/why-is-it-that-coloring-in-soul-in-beamer-is-not-visible +#+latex_header: \makeatletter +#+latex_header: \newcommand\SoulColor{% +#+latex_header: \let\set@color\beamerorig@set@color +#+latex_header: \let\reset@color\beamerorig@reset@color} +#+latex_header: \makeatother +#+latex_header: \SoulColor + +#+LATEX_HEADER: \usepackage{listings} +#+LATEX_HEADER: \usepackage{forcebeamermode} + +# +# Color of links +# +#+LATEX_HEADER: \hypersetup{colorlinks,linkcolor=,urlcolor=cyan} diff --git a/talks-public/2021-12-07-ihedn/this/zack.org b/talks-public/2021-12-07-ihedn/this/zack.org new file mode 100644 index 0000000..e509805 --- /dev/null +++ b/talks-public/2021-12-07-ihedn/this/zack.org @@ -0,0 +1,12 @@ + +** Short Bio: Stefano Zacchiroli + :PROPERTIES: + :CUSTOM_ID: bio + :END: +*** + - Professor of Computer Science, Télécom Paris, Institut Polytechnique de + Paris + - Free/Open Source Software activist (20+ years) + - Debian Developer & Former 3x Debian Project Leader + - Former Open Source Initiative (OSI) director + - Software Heritage co-founder & CTO diff --git a/talks-public/2022-01-27-telecom-idia/2022-01-27-telecom.idia.org b/talks-public/2022-01-27-telecom-idia/2022-01-27-telecom.idia.org new file mode 100644 index 0000000..6cbfdf7 --- /dev/null +++ b/talks-public/2022-01-27-telecom-idia/2022-01-27-telecom.idia.org @@ -0,0 +1,210 @@ +#+COLUMNS: %40ITEM %10BEAMER_env(Env) %9BEAMER_envargs(Env Args) %10BEAMER_act(Act) %4BEAMER_col(Col) %10BEAMER_extra(Extra) %8BEAMER_opt(Opt) +#+TITLE: Software Heritage +#+SUBTITLE: Large-scale Source Code Archival for Open Science +#+BEAMER_HEADER: \date[2022-01-27, IDIA]{27 Jan 2022\\IDIA, Institut Polytechnique de Paris} +#+AUTHOR: Stefano Zacchiroli +#+DATE: 27 Jan 2022 +#+EMAIL: stefano.zacchiroli@telecom-paris.fr + +#+INCLUDE: "../../common/modules/prelude-toc.org" :minlevel 1 +#+INCLUDE: "../../common/modules/169.org" +#+BEAMER_HEADER: \institute[Télécom Paris]{Télécom Paris --- {\tt zack@upsilon.cc, @zacchiro}} +#+BEAMER_HEADER: \author{Stefano Zacchiroli} + +* Why we must preserve the history of software source code +** Software /source code/ is precious knowledge + #+INCLUDE: "../../common/modules/source-code-different-short.org::#softwareisdifferent" :only-contents t :minlevel 3 +** Calling for source code preservation: UNESCO +*** :B_column:BMCOL: + :PROPERTIES: + :BEAMER_col: .53 + :BEAMER_env: column + :END: + #+ATTR_LATEX: :width .7\linewidth + file:UNESCOParisCallMeeting.png + UNESCO, Inria, Software Heritage invite\\ + [[https://en.unesco.org/news/experts-call-greater-recognition-software-source-code-heritage-sustainable-development][40 international experts meet in Paris]] ... + #+BEAMER: \pause +*** :B_column:BMCOL: + :PROPERTIES: + :BEAMER_col: .5 + :BEAMER_env: column + :END: + #+ATTR_LATEX: :width .65\linewidth + file:paris_call_ssc_cover.jpg + [[https://en.unesco.org/foss/paris-call-software-source-code][The call is published on Feb 2019]]\pause +*** :B_ignoreheading: + :PROPERTIES: + :BEAMER_env: ignoreheading + :END: +*** + :PROPERTIES: + :BEAMER_COL: 1.06 + :BEAMER_env: block + :END: + “[We call to] support efforts to gather and preserve the artifacts and + narratives of the history of computing, while the earlier creators are still + alive” + + https://en.unesco.org/foss/paris-call-software-source-code + +** Source code history --- for open science + #+INCLUDE: "../../common/modules/swh-ardc.org::#pillaropenscience" :only-contents t :minlevel 3 +*** + \hfill Preserving the history of source code is important for /reproducibility/ +** Fragile + #+INCLUDE: "../../common/modules/swh-motivations.org::#fragile" :only-contents t :minlevel 3 +* How we can preserve our software heritage +** Software Heritage in a nutshell \hfill www.softwareheritage.org + #+BEAMER: \transdissolve + #+INCLUDE: "../../common/modules/swh-goals-oneslide-vertical.org::#goals" :only-contents t :minlevel 3 +** The largest public source code archive, principled \hfill \small \url{bit.ly/swhpaper} +*** + :PROPERTIES: + :BEAMER_env: block + :BEAMER_col: 0.5 + :END: + #+latex: \centering + #+ATTR_LATEX: :width \linewidth + file:SWH-as-foundation-slim.png +*** + :PROPERTIES: + :BEAMER_env: block + :BEAMER_col: 0.5 + :END: + #+latex: \centering + #+ATTR_LATEX: :width \linewidth + file:2021-09-archive-growth.png\\ + [[https://archive.softwareheritage.org][archive.softwareheritage.org]] +*** linebreak :B_ignoreheading: + :PROPERTIES: + :BEAMER_env: ignoreheading + :END: +#+BEAMER: \pause +*** Technology + :PROPERTIES: + :BEAMER_env: block + :BEAMER_col: 0.34 + :END: + - transparency and FOSS + - replicas all the way down +*** Content (billions!) + :PROPERTIES: + :BEAMER_env: block + :BEAMER_col: 0.32 + :END: + - intrinsic identifiers + - facts and provenance +*** Organization + :PROPERTIES: + :BEAMER_env: block + :BEAMER_col: 0.33 + :END: + - non-profit + - multi-stakeholder +** A peek under the hood: a global view on the software commons +*** + #+BEAMER: \begin{center} + #+BEAMER: \vspace{-2mm} + #+BEAMER: \includegraphics[width=.8\textwidth]{swh-dataflow-merkle.pdf} + #+BEAMER: \end{center} + #+BEAMER: \pause +*** + #+BEAMER: \vspace{-2mm} \small + A *global graph* linking together fully *deduplicated* source code artifact + (files, commits, directories, releases, etc.) to the places that distribute + them (e.g., Git repositories), providing a *unified view* on the entire + */Software Commons/*. + + (Size: *~20 B* nodes, *~200 B* edges, *~900 TB* blobs) + +** Software Heritage /intrinsic/ Identifiers (SWHID) \hfill [[https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html][(full spec)]] + #+LATEX: \centering%\forcebeamerstart + #+LATEX: \mode{\only<1>{\includegraphics[width=\linewidth]{SWHID-v1.4_1.png}}} + #+LATEX: \mode{\only<2>{\includegraphics[width=\linewidth]{SWHID-v1.4_2.png}}} + #+LATEX: \only<3->{\includegraphics[width=\linewidth]{SWHID-v1.4_3.png}} + #+LATEX: %\forcebeamerend +*** An emerging standard :B_block: + :PROPERTIES: + :BEAMER_act: <4-> + :BEAMER_COL: .6 + :BEAMER_env: block + :END: + - in Linux Foundation's [[https://spdx.github.io/spdx-spec/appendix-VI-external-repository-identifiers/#persistent-id][SPDX 2.2]] + - IANA registered, WikiData property [[https://www.wikidata.org/wiki/Property:P6138][P6138]] +*** Examples: :B_block: + :PROPERTIES: + :BEAMER_act: <5-> + :BEAMER_COL: .4 + :BEAMER_env: block + :END: + - [[https://archive.softwareheritage.org/swh:1:cnt:64582b78792cd6c2d67d35da5a11bb80886a6409;origin=https://github.com/virtualagc/virtualagc;lines=245-261/][Apollo 11 AGC excerpt]] + - [[https://archive.softwareheritage.org/swh:1:cnt:bb0faf6919fc60636b2696f32ec9b3c2adb247fe;origin=https://github.com/id-Software/Quake-III-Arena;lines=549-572/][Quake III rsqrt]] +* Preserving our software commons: the present and the future +** Focus on Academia: growing adoption (selection) + #+INCLUDE: "../../common/modules/swh-adoption-academic.org::#adoption" :only-contents t :minlevel 3 +** An international, non profit initiative\hfill built for the long term + :PROPERTIES: + :CUSTOM_ID: support + :END: +*** Sharing the vision :B_block: + :PROPERTIES: + :CUSTOM_ID: endorsement + :BEAMER_COL: .5 + :BEAMER_env: block + :END: + #+LATEX: \begin{center}{\includegraphics[width=\extblockscale{.4\linewidth}]{unesco_logo_en_285}}\end{center} + #+LATEX: \vspace{-0.8cm} + #+LATEX: \begin{center}\vskip 1em \includegraphics[width=\extblockscale{1.4\linewidth}]{support.pdf}\end{center} + #+latex: \small And many more ...\\ + #+latex:\mbox{}~~~~~~~\tiny\url{www.softwareheritage.org/support/testimonials} +#+BEAMER: \pause +*** Donors, members, sponsors :B_block: + :PROPERTIES: + :CUSTOM_ID: sponsors + :BEAMER_COL: .5 + :BEAMER_env: block + :END: + #+LATEX: \begin{center}\includegraphics[width=\extblockscale{.4\linewidth}]{inria-logo-new}\end{center} + #+LATEX: \begin{center} + # #+LATEX: \includegraphics[width=\extblockscale{.2\linewidth}]{sponsors-levels.pdf} + #+LATEX: \colorbox{white}{\includegraphics[width=\extblockscale{1.4\linewidth}]{sponsors.pdf}} + #+LATEX: \end{center} +# - sponsoring / partnership :: \hfill \url{sponsorship.softwareheritage.org} +*** :B_ignoreheading: + :PROPERTIES: + :BEAMER_env: ignoreheading + :END: +*** Research collaboration :B_picblock:noexport: + :PROPERTIES: + :BEAMER_COL: .5 + :BEAMER_env: picblock + :BEAMER_OPT: pic=Qwant_Logo, leftpic=true + :END: + source code search engine +*** See more :noexport: + \hfill\tiny\url{http:://www.softwareheritage.org/support/testimonials} +*** Global network :B_picblock:noexport: + :PROPERTIES: + :BEAMER_COL: .5 + :BEAMER_env: picblock + :BEAMER_OPT: pic=fossid, leftpic=true, width=.3\linewidth + :END: + - first *independent mirror* + - increased reliability +** Software Heritage and IDIA +*** Recommendations + - have an *Open Science policy* encompassing the trifecta (data, papers, + source code) + - encourage researchers to: + - *archive source code* used to support research work in Software + Heritage (/GitHub is not an archive!/) → save.softwareheritage.org + and/or HAL integration + - *reference source code* from scientific papers using intrinsic, + persistent identifiers → SWHID (Software Heritage IDentifiers) and + biblatex-software + - guidelines for researchers: + https://www.softwareheritage.org/save-and-reference-research-software/ +*** Other ways of helping: engage with Software Heritage as an organization + - become [[https://www.softwareheritage.org/support/sponsors/][a member/sponsor]] + - build a Software Heritage mirror diff --git a/talks-public/2022-01-27-telecom-idia/Makefile b/talks-public/2022-01-27-telecom-idia/Makefile new file mode 100644 index 0000000..68fbee7 --- /dev/null +++ b/talks-public/2022-01-27-telecom-idia/Makefile @@ -0,0 +1 @@ +include ../Makefile.slides