Components Becoming Major Source Of CVEs

Earlier today Sonatype released the results of  their annual survey. The survey looks at the extent to which developers use open source components, with a particular focus on how they balance the competing needs of speed and security. The data makes it clear that security is very often not the priority.

The results of the survey show the massive extent to which developers now rely on components. Of course, this has been the case for many years, but the full maturation of the concept of component assembly rather than code writing is well illustrated here. Continue reading

Stopping the Snoopers Charter isn’t Enough

In a welcome move, Nick Clegg announced his opposition to the communications data bill (CDB) last week. His article in the Telegraph listed five reasons why CDB went “too far” in its attempted legislation. Among those reasons was the ease with which competent criminals could sidestep the effects of CDB and the alarming precedent the UK government would be setting for other countries in the scope of its jurisdictional claims. He’s not on his own; these arguments and many more have been brought against CDB from a wide range of opposition.

Continue reading

On Tour

Simon is heading to the USA soon, and will be at the following venues:

If you would like to meet him or even book him for your own event, please let us know and we’ll see what we can do.

Two Weeks of Big News at MariaDB

MariaDB LogoLots of big MariaDB news these last couple of  weeks:
  • Last week Wikimedia foundation fully migrated their English and German Wikipedias over to MariaDB.
  • As reported here on Meshed Insights, we also heard that the MariaDB Foundation has appointed an interim board to oversee the election process of a new board in July.
  •  This week brought the exciting news of a merge between SkySQL and Monty Program Ab. This is especially good for the core MariaDB developers as it assures them ongoing backing.
  • Along with the above announcement, SkySQL joined the MariaDB Foundation as its first Platinum member.
  • Matthew Aslett  highlights the growth of MariaDB and importance of  the MariaDB Foundation during his Percona Live keynote.

Community vs Technical Debt

OpenJDK CommunityOracle’s Java technical chief recently admitted that dealing with long standing security issues has hampered the release of the latest Java instalment. The issues didn’t necessarily originate with Oracle, they’ll have been accumulating over many years, first at Sun and then at Oracle. The problem has been that until now these issues have been on a continual back burner, the “tyranny of the urgent” focussing developer attention onto business considerations as the priority.

Dealing with this technical debt is clearly a time consuming affair, but eventually it catches up with a project and needs to be handled. Some long lived projects don’t seem to gather this sort of flotsam though; the key is in the community. Proprietary projects are often forced to be solely feature focussed, but open projects with a healthy community are in a much better position to bypass the problem of technical debt, as community members will often pour enthusiasm and expertise into resolving the backlog. Continue reading

Free Software Needs Support

This open letter from the director of Bytemark Hosting is a call for other hosting companies to help financially support the development of a new free email client. It asserts that by supporting this particular project the industry as a whole can progress, becoming better able to compete with propriety software giants.

The principle seems valid enough, if you want a project to succeed, adding value to your own product, you need to give that project your support. Hopefully hosting companies will see this call, respond, and take its underlying principle on board. Read more in today’s CWUK article.


Open Rights GroupORGCon is the UK’s largest digital freedoms conference. This year’s edition will include sessions and workshops on net filtering, open data, the Communications Data Bill and copyright, to name a few. The event takes place in London on the 8th of June but tickets are already available and going fast (last year’s event sold out)!
If you’re new to the Open Rights Group and their work campaigning to preserve digital freedoms, you can even get a free conference ticket if you take this opportunity to start supporting their work. It’s a good time to join as they’re throwing in a free copy of headline speaker Tim Wu’s book “The Master Switch” too.

Options in Place of New Foundations

For the majority of projects a software foundation is not the next step. There are plenty of other options available to developers looking for a way to protect the interests of their project and contributors. Using existing fiduciary hosts and fiduciary and governance hosts allows you to take advantage of proven approaches and experienced stewards. Read more in today’s InfoWorld article.

Helping MariaDB Move Forward

MariaDB LogoMariaDB is an open source database that’s used increasingly in place of the MySQL project. It’s developed by many of the original developers of the MySQL project, working in an open source community. It has recently been chosen by the Fedora and OpenSUSE Linux distributions as their default SQL database, and it is being used for significant applications such as Wikipedia.

That community is progressing towards open governance anchored in a not-for-profit Foundation. Today that Foundation announced its next steps towards community-centric governance, with diversification of its Board of Directors and with the appointment of Simon Phipps from Meshed Insights as its interim CEO. We are delighted to be able to help the MariaDB community on its journey.