Interview: Ben Nickolls from Libraries.io the open source delivery service – TechSPARK (blog)

We find out about the organisation looking to improve software worldwide by categorising and improving its open source components

Its amazing how much of the technology we use every day is dependent on open source software. Developers are continually drawing on free code repositories that have been shared by friendly developers. With them so freely available, its no wonder that these open source libraries can be found in all kinds of software the world over, including in technologies that are essential to how we live our lives.

However, these bits of open source code are often not maintained, not updated, and can lead to security risks such as theOpenSSL vulnerability Heartbleed, which threatened the security of people using the internet. Even if they have been updated, how do you know where those updated libraries are, or which versionsyou should be using in your own projects?

Bath-based developer Andrew Nesbitt (pictured left) has been wrestling with this problem since 2014. To help combat it he created Libraries.iowhich now monitors over 2 million open source libraries across 33 different packet managers. This service helps to ensure developers are using the latest version of the code, as well as showing where those libraries are being used already and in what software projects.

Now, hes been joined by Ben Nickolls (pictured above, in main picture), another Bath-based developer keen to highlightfree and open source projects that are essential, and yet under-supported. To find out more about how the service works and how people can get involved with such a worthy project, we caught up with Ben at The Guild co-working hub to ask him a few questions:

TS:What is Libraries.IO?

Ben Nickolls:In short, Libraries.io (as a project) aims to improve the quality of software. All software. Open source software has been welded into a huge variety of technologies that are fundamental to our modern lives. Its time to make sure those crucial building blocks are properly cared for.

We have three aims: to improve search and recommendation engines. To create tools that help people make informed decisions about what software they use in projects. And to highlight free and open source projects that are essential, and yet under-supported.

By understanding the relationships between software we can very quickly provide a recommendation for a piece of software lets say a Redis client for Ruby by knowing that the recommendation at the top is the one most frequently listed as a dependency in other projects. Its one of three core approaches that were taking to try to improve all software.

TS: How does Libraries.IO work?

BN:Libraries.io harnesses the same techniques Google uses to index the internet, but applies them to software. Andrew substituted a network graph of websites and pages connected by hyperlinks, for one with software projects and links representing the use of code within another project as a dependency.

TS: What will you be bringing to Libraries.io in the new role?

BN:The easiest thing to say is that I will be doing everything that Andrew doesnt, including finding funding. Which is to say that I wont be spending 100% of my time developinglibraries.io though I might sneak a cheeky commit in there every now and again.

TS:How is Libraries.IO funded?

BN: Were currently under what is know as fiscal sponsorship of Brave New Software, which means they actually hold and disperse of the grants that we have received. Were currently funded by the Alfred P. Sloan Foundation and the Ford Foundation, both of whom were born of the motor industry in the US.With them on board we have funding until 1st January 2018 so well be looking for further support in 2017.

TS: You are concerned about the future of open source, what is it that concerns you and how can it be addressed?

BN:Ive spent most of professional life working in or very close to open source. In my professional life it all began with Osmosoft and Jeremy Ruston at BT. I then fell into developing mobile applications using web standards and tools like PhoneGap, around the same time as Node.js was released. Having left software development for 2-3 years while I did other things at BT I suddenly found that I could get so far with these technologies that I could start my own company. So I did.

And herein is the issue.

I like many other developers these days gain so much from open source. Theres a reason why seed funds exist today when they could not in the late 90s. All that value instilled in freely available tools and technologies enables them to stand on the shoulders of those who built them. But while its fair to say that free and open source software has won whatever than might mean I suspect its success could also be its downfall.

I dont think people today contribute enough back to the foundational projects that underpin thousands of others: our core, digital infrastructure. These projects are often supported by individuals or small groups on the basis of some moral obligation. I think this could be catastrophic for open source. I think we need so to make open source as egalitarian as it was back in the day.We also need to tackle the cultural aversion to money in open source, at least when it pertains to work these types of projects.

TS: How can people get involved with Libraries.io?

Contribute! Libraries has a long list of package managersthat it doesnt yet support. We also need users to tell us what they think of the site and whether there are any issues. With only two full-time staff we cant do everything, but were looking at ways to reward those who are contributing from the community. Were also redeveloping our documentation to encourage contributors of all ages and skills

TS: Is it easy to get involved with the open source movement in the West of England? How can people do this?

BN: When I first moved here I was told Bath was the graveyard of ambition, a common clich touted by those who have gone belly up in the sun. I was amazed at just how open a community there is, both here and abroad in Bristol *waves*. This area almost immediately felt like a place I could fall into very easily from a techie POV. Bath:Hacked, Bath Ruby, The Engine Shed/Set Squared lot, all great people, and some amazing companies too. But now Im sounding like a Trumpain demagogue so I will stop myself and say, come say hi.

Many thanks to Ben for taking the time to answer our questions. You can see more at the Libraries.IO websiteand get in contact viasupport@libraries.io, you can also follow them on Twitter here: @librariesio And while you are about it, why not give us a follow too!@TechSPARKuk

Read the original:
Interview: Ben Nickolls from Libraries.io the open source delivery service - TechSPARK (blog)