2013-08-24

Modules compatibility as business problem

While the issues(and solutions) bellow are not browser client specific, the current subject of API registry primarily focused there.
  • Legal compatibility. While open source is a great engine of progress it also a significant problem in keeping the application legally clean. Most of opensource contributors are enthusiastic junior developers who do not really paying attention for such things. And adding some fancy UI component could lead to the lawsuit with the cost way bigger than nice UI could ever bring. To prevent such gap the OSI licensing has been developed but going further it become not sufficient to use the library which has multiple contributors.
    Contributors License Agreement(CLA) has been developed by foundations and each code commit should be backed by it when applied to the library or application. When using external modules legal department should go over commit list and make sure that every committer have signed it.
    The complete chain of external modules licences and CLAs could relax the restrictions for external use or make the approval process straight.
  • Identity validation (electronic signatures on sources&/binaries) will give an assurance for security review. For now this is performed(if at all) by IT department while it could be delegated to the trusted verifier within API registry.
  • Methods overloading. JS methods could have multiple signatures as result there is a need for signature recognition in beginning of method and routing to the code matching the particular signature in run time. That increases JS code size, makes API confusing and code hard to maintain(as business logic mixed with signature recognition).
    In compiled languages this problem is resolved by performing of signature recognition and type casting during compile time. That way methods overloading does not cost in development/maintenance and runtime performance.
  • Extending the existing API. Some existing API often need to be extended with additional functionality. For example retryCount in XHR or alternative location for AMD MID. Shim code could be attached to API similarly to AOP advise.
  • Platform support. Often the API has a generic solution which is broken in some environments( like lack of Html Components or Web Components in browsers ). Special treatment could be done before|after|instead of original module methods for such special case. The problem is in separation of main codebase and special cases. It is pretty similar to extending the existing API but with platform conditional inclusion applied on top.
  • API registry. For one or another reason like licensing or platform support the alternative modules could be demanded. The AMD does not answer whether AMD MID has a backup location or what licence it uses. The API registry meant to hold information about the module for legal, design, development, maintenance reasons
    • API - interface definition locator. The reference to pure API(s) which will be implemented by module.
    • dependencies presenting not just a list of modules used by given one bul also their validated/permitted revisions and perhaps sources.
    • API compatibility. The similar business logic could be implemented by different modules but not all of them could be compatible between each other and the caller. Method signature will resolve just the API syntax but not the implementation compatibility..
    • Localization I18N and accessibility support.
    • source and primary source location (VCS branch+revision)
    • identity validation. Verifiable source(as particular module as involved in binary assembly other modules) and binary signature, trusted compilation environment reference and locator, binary assembly all sources
    • help,blog,FAQ,discussion
    • support abilities
    • legal (license, foundation, contributor CLA, etc)
    • Platform support
    • Test( + against dependencies revisions) and results matrix and related support. The test in this case is treated as "test" dependency for original module.
    • Other dimensions TBD. Registry should permit custom attributes  of different types.
  • Open registry network. Currently solutions for the some of problems above are insulated under single foundation umbrella with same ( like ISI or Dojo ) licence or API convention. Having registry as open platform capable of passing through and caching data should take the compatibility complexity out of decision making opening the doors for individual contributor modules into enterprise. The best analogy for data sharing would be DNS.

2013-08-01

opensource micro projects hosting

It is time to split playground kitchen sink set into independent subprojects. Question is

what opensource hosting platform will serve the project better? 

It should serve as contributors as developers who use it, project discoverability and popularity.

Required components:
  • Version control( SVN, HG, GIT )   with 
    • http(s) protocol
    • free for opensource
    • project with contributors ACL
    • private repositories *
  • Ticket tracking(Jira,bugzilla,Track,etc)
    • link to VC via commits*

  • Wiki(w/ comments)
  • FAQ( w/ comments)
  • Forum
    • web+mailist
    • spam control
    • filters( aka out of office removed )
    • moderation (permissive and by approval)
    • voting
  • project management *
  • public discover-ability/self-advertisement
  • demo site
    • static content with own JS
    • active content (php,.net,py,java)
    • SQL
  • integrated continuous builds and tests environment *
What is missing?

* nice to have but for micro-project alone has no value, just as potential to grow into complex or commercial project.

There are some commercial suites like cloudforge.com, offering free service; free ones like sourceforge.net.

The popularity of GitHub among of opensource community is unquestionable and it grows along with GIT popularity itself. While the startup commercial pricing is loosing to bitbucket.org, should the herd instincts be accounted as more significant factor for opensource project?

Conclusion.


  • Host VC, bug tracker, Wiki on GitHub, outsource demo to JsFiddle + PHP hosing, mail list/forum either to google groups or one of PHP+maillist apps. Static pages and forum could be over GitHub Pages but need some extra effort to learn jekyll.
  • cloudforge.com - all including continuous integration. As integration requires $20/m (standard account+integration daemon) multiple projects could be integrated into common test flow. Active back-end and demo outsourced.
  • sourceforge.net hosts most of services. Developer web given PHP,  Perl, Python, Tcl, Ruby, and shell scripts. No direct build integration.
  • codeplex.com - .NET centric Microsoft source hosting proj. Has all except of content hosting.
My preliminary choice is GitHub for VC+Tracking ( has GIT with SVN bridge, best visibility and toolset ), CloudForge for test integration as cumulative proj; external demo hosting, forum TBD(perhaps CloudForge or SourceFourge).

Helpful links:
jsfiddle.net - front-end code demo site (JS, HTML, CSS, web service simulation)
GitHub Pages hosts myproj.github.io and uses static HTML (could be with HTML generator jekyll with disqus blog services- run by ruby locally and committed to github )

ajaxian.com - popular blog on Web 2.0 subjects.

Comparison of open-source software hosting facilities