ledger2beancount: a ledger to beancount converter

Stefano Zacchiroli and I released ledger2beancount, a script to convert ledger files to beancount. Ledger is a bookkeeping system based on text files. Beancount is another tool which follows a similar approach but which from my point of view is the way forward.

ledger2beancount supports most of the features and syntax of ledger. It also includes some features to improve the conversion from ledger to beancount. The supported ledger features are described in the README and there's a manual with detailed descriptions of ledger2beancount's features. There's also an illustrated example showing some of the differences between ledger and beancount.

Martin Blais released beancount 2.0 a few days ago, so this is a good time to give it a go. Beancount has a web UI called fava which is absolutely fantastic.

Debian on Jetson TX1

Debian is now working on the NVIDIA Jetson TX1 developer kit, a development board based on the Tegra X1 chip (Tegra 210), a 64-bit ARM chip.

We have a pre-built u-boot image in Debian as well as kernel and installer support. There are some minor kernel glitches but NVIDIA is very active upstream and I hope they'll get resolved soon.

The Jetson TX1 developer kit makes a pretty good 64-bit ARM development platform. The board is supported in mainline u-boot and the mainline kernel and NVIDIA are pretty responsive to bug reports. Unfortunately, a proprietary blob is required for USB (and Ethernet is connected via USB).

If you're interested in a good 64-bit ARM development platform, give Debian on the Jetson TX1 development kit a try.

Debian on Jetson TK1

Debian on Jetson TK1

I became interested in running Debian on NVIDIA's Tegra platform recently. NVIDIA is doing a great job getting support for Tegra upstream (u-boot, kernel, X.org and other projects). As part of ensuring good Debian support for Tegra, I wanted to install Debian on a Jetson TK1, a development board from NVIDIA based on the Tegra K1 chip (Tegra 124), a 32-bit ARM chip.

Ian Campbell enabled u-boot and Linux kernel support and added support in the installer for this device about a year ago. I updated some kernel options since there has been a lot of progress upstream in the meantime, performed a lot of tests and documented the installation process on the Debian wiki. Wookey made substantial improvements to the wiki as well.

If you're interested in a good 32-bit ARM development platform, give Debian on the Jetson TK1 a try.

There's also a 64-bit board. More on that later...

Debian on Seagate Personal Cloud and Seagate NAS

The majority of NAS devices supported in Debian are based on Marvell's Kirkwood platform. This platform is quite dated now and can only run Debian's armel port.

Debian now supports the Seagate Personal Cloud and Seagate NAS devices. They are based on Marvell's Armada 370, a platform which can run Debian's armhf port. Unfortunately, even the Armada 370 is a bit dated now, so I would not recommend these devices for new purchases. If you have one already, however, you now have the option to run native Debian.

There are some features I like about the Seagate NAS devices:

  • Network console: you can connect to the boot loader via the network. This is useful to load Debian or to run recovery commands if needed.
  • Mainline support: the devices are supported in the mainline kernel.
  • Good contacts: Seagate engineer Simon Guinot is interested in Debian support and is a joy to work with. There's also a community for LaCie NAS devices (Seagate acquired LaCie).

If you have a Seagate Personal Cloud and Seagate NAS, you can follow the instructions on the Debian wiki.

If Seagate releases more NAS devices on Marvell's Armada platform, I intend to add Debian support.

QNAP TS-x09 installer available again

Debian 8.3 came out today. As part of this update, Debian installer images for QNAP TS-109, TS-209 and TS-409 are available again. These devices are pretty old but there are still some users. We dropped installer support several years ago because the installer ramdisk was too large to fit in flash. Since then, users had to install Debian 6.0 (squeeze) and upgrade from there. When squeeze was removed from the Debian mirrors recently, I received mail from a number of users.

I investigated a bit and found out that we can bring back the installer thanks to XZ compression and some other changes. The installer is available for jessie and stretch.

Lessons learned from Munich's migration to Linux

I attended LinuxTag in Berlin last week and there was a very interesting presentation about the state of Munich's migration to Linux on the desktop. Andreas Heinrich explained that their goal is to migrate 80% of the 15000 desktops to Linux. At the moment, 6200 desktops have been migrated and they intend to have a total of 8500 Linux desktops by the end of the year.

Here are some of the key lessons they shared with the audience:

  • Technical activities and requirements are easy to manage but managing social factors of change is hard since all change is associated with fear. They have specific people who are responsible for change management and for communication. For example, they organize events to share information and provide training. They also give away CDs so that employees can use the software at home.
  • Make sure the new system is accepted: if users don't like the system (for whatever reason), their boss and other employees will know immediately since "bad news travels fast". Make sure that user needs are met: they talk a lot to their users to find our what their needs are and how to meet them.
  • Don't make a "big bang" migration: instead of migrating everyone at the same time, they prefer gradual change. They started with some users, saw what worked and what didn't and then used that knowledge to improve their migration process.
  • Don't migrate everyone: their aim is to convert 80% of desktops to Linux. There are some users who have specific needs for which only proprietary solutions exist. If Linux and open source offers no solution, it doesn't make sense to migrate those users.
  • Don't go with dual-boot: if open source meets the needs of your users, there's no reason to provide an alternative. On the other hand, if open source does not meet their needs, don't attempt a migration.
  • Continuous improvement: after making a new release of their software or migrating users, don't consider the migration as complete. Instead, see how you can further improve the user experience.

It seems that the city of Munich has learned a lot from their Linux migration. We can hope that other Linux migrations will make use of the lessons learned by the folks in Munich.

Open Source Contributor Agreements: Some Examples

The first part of this article explained the purpose and scope of Contributor Agreements in open source projects. This article presents an overview of some Contributor Agreements that are used in the community.

Contributor Agreements come in all shape and forms, ranging from full-fledged Contributor License Agreements (CLA) that have to be signed to informal consent to some set of rules. This article will take a look at a number of different agreements in order to show that community norms can vary widely.

Apache's Individual Contributor License Agreement

The Apache Software Foundation (ASF) maintains two formal Contributor License Agreements (CLA), one for individual contributors and one for corporate contributions. The Individual CLA covers the following points:

  • Contributors grant the ASF and recipients of software distributed by the ASF a broad copyright license.
  • Contributors grant a patent license to their contributions.
  • Contributors acknowledge that they are legally entitled to grant the above license.
  • Contributors acknowledge that each of their contributions is their original creation.
  • Contributors are not expected to provide support for their contributions, except to the extent they desire to provide support.
  • How to handle submissions of work that that is not their original creation (i.e. works by a third-party).
  • Contributors agree to notify the ASF when any circumstances change.

Fedora Project Contributor Agreement

Fedora is in the process of adopting the Fedora Project Contributor Agreement (FPCA), which covers the following points:

  • Contributors have to ensure that they have proper permission to make a contribution. For example, they can ask their employers to put the contribution under an open source license that Fedora accepts.
  • If a contribution has a license, this license is followed.
  • Fedora defines some default licenses for contributions which don't explicitly state the license. For code contributions, the MIT is used; the Creative Commons Attribution ShareAlike 3.0 Unported license is used for content.

The Fedora Project Contributor Agreement does not require contributors to assign copyright to Fedora or Red Hat.

Linux kernel Developer's Certificate of Origin

The Linux kernel project has adopted the Developer's Certificate of Origin. Developers use it to assert the following points:

  • The contribution was created by me and I have the right to submit it under the indicated open source license.
  • The contribution is based on previous work that is also under the indicated license.
  • The contribution was provided directly to me by someone who certified it and I didn't modify it. -- This clause is useful because contributions pass through subsystem maintainers without modification until they reach Linus Torvalds, the maintainer of the Linux kernel.
  • I understand that the contribution and project are public and recorded. -- This has nothing to do with code origin but with privacy, as all the work on the Linux kernel is done in the public.

The way by which developers accept the Developer's Certificate of Origin for each contribution is to put a Signed-off-by line with their name between the description of their change and the actual change.

Debian's Social Contract

While Debian has no formal Contributor Agreement per se, all contributors who become official members of the project have to accept Debian's Social Contract for their Debian related activities. Among other things, the Social Contract states that "Debian will remain 100% free" (free according to the Debian Free Software Guidelines). Therefore, it can be implied that all contributions to Debian made by members of the project are open source. The license of contributions without explicit license statements is not clear since Debian does not define a default license like Fedora. However, Debian developers are encouraged to specify the copyright and license information for their submissions in the debian/copyright file of their software packages.

Open Source Contributor Agreements: Purpose and Scope

Contributor Agreements, also known as Contributor License Agreements (CLA), are increasingly being adopted by open source projects. This article explains the purpose of these Contributor Agreements.

When a contribution is made to an open source project, there is an implicit assumption (and sometimes explicit consent) that the contribution (code, translation, artwork, etc) may be incorporated into the project and distributed under the license the project is using. However, many conditions of the contribution are not explicitly called out. The purpose of Contributor Agreements is to make the terms under which contributions are made explicit, thereby protecting the project, the users of the software and often also the contributors.

Apache Software Foundation (ASF) describes the aim of their CLA in this way: "The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to the ASF and thereby allow us to defend the project should there be a legal dispute regarding the software at some future time." Contributor Agreements also ensure that contributions cannot be withdrawn by the contributor, as the FAQ for the Django CLA explains: "The CLA also ensures that once you have provided a contribution, you cannot try to withdraw permission for its use at a later date. People and companies can therefore use Django, confident that they will not be asked to stop using pieces of the code at a later date."

Contributor Agreements therefore provide confidence that there likely won't be any legal issues in the future regarding the individual contributions that make up the project, such as disputes over origin and ownership. A downside of Contributor Agreements is that they pose a small overhead and barrier to contribution. This can particularly be a problem for minor contributors who may feel that getting their fixes accepted is not worth the hassle of filling out a Contributor Agreement.

Which points do Contributor Agreements generally cover? There is a lot of variation among Contributor Agreements but the following areas are often covered:

  • Copyright: contributors grant a broad set of permissions and they are sometimes asked to assign their copyright to the project. The Contributor Agreement also ensures that contributors are entitled to contribute their changes to the project.
  • Trademarks: contributors ensure that marks (if there are any) are owned by the project rather than by individual contributors. This avoids possible disputes in the future if contributors leave a project.
  • Patents: contributors grant a patent license to the project in order to ensure that a contributor cannot attack the project in the future by asserting its patents against it.
  • Moral rights: contributors are asked not to assert any moral rights (where they exist) in order to stop derivative works.
  • Contributions by minors: some Contributor Agreements define how contributions by minors are handled.

I'll give an overview of some Contributor Agreements in a future article.

Resources for Open Source Compliance

Open source is everywhere today and there is growing awareness that companies have to meet certain obligations when distributing open source software. Here are some useful resources to learn more about open source compliance.

  • Organizations
    • The FSF Free Software Licensing and Compliance Lab handles all licensing-related issues for the Free Software Foundation (FSF), the maintainers of the GPL license. They offer a lot of information about the GPL and other open source licenses.
    • The Freedom Task Force (FTF) of the Free Software Foundation Europe (FSFE) shares knowledge about open source licensing and offers training about licensing and related topics for companies.
    • The GPL-Violations project is a good point of contact for resolving GPL violations, especially in Europe.
    • The Open Source Initiative (OSI) maintains the Open Source Definition and approves open source licenses.
    • The Software Freedom Law Center provides legal representation and other law-related services to open source projects and shares a lot of knowledge on legal topics, such as a legal issues primer for open source projects.
  • Communities
    • FOSSBazaar is an open community about the governance of open source. It provides a platform to discuss and exchange best practices related to the governance of open source.
    • The FSFE Legal Network is an invitation-only network of legal professionals and compliance folks that aims to facilitate knowledge exchange.
  • News and journals
  • Conferences
  • Software
    • The Binary Analysis Tool can be used to audit the contents of compiled software.
    • FOSSology is a tool to study and analyze open source code. It can be used for license and copyright detection.
    • The Open Source License Checker is a tool for the inspection and analysis of license information from open source packages.
    • Proprietary tools from Black Duck Software, Palamida, etc.

Open source compliance: know your obligations

One key element of open source compliance is to know your obligations. There is a lot of confusion about what open source means exactly and some people believe that open source means you can do whatever you want. While open source grants users many freedoms, open source code comes under specific license terms which often include obligations that have to be followed by companies distributing open source software.

Because of recent lawsuits by the Software Freedom Law Center on behalf of the busybox project and the activities of the GPL-Violations project, awareness is growing that copyleft licenses such as the GPL come with obligations. For example, the GPL requires source code to be offered to those who receive binaries. The AGPL goes a step further and additionally requires that the source code be made available to users who interact with the software over the network.

But what about so called permissive licenses, such as BSD and MIT? Some people say that those licenses allow you to do anything, including putting the code into proprietary applications. And while you can do that, there are still obligations that have to be met. For example, the BSD class of licenses has this condition:

Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

If you want to distribute software that is under a BSD license, that's a condition you have to follow. The MIT license also has a very similar clause. That's the reason why you can often find license information in the "about" window of commercial applications or PDFs on CDs that come with hardware products.

The bottom line is simple: know your obligations!