hey everybody welcome back to the 22nd episode of open source for business brought to you by open teams my name is
henry badger and today i talked with james mcleod the director of community at finos james
has a lot of experience from both the developer side and the community side of open source
and in this episode we dive deep into open source communities and also enterprise involvement within those
communities some of the topics that we cover include what is an open source readiness program and
why should enterprises have one in place open source program offices and the benefits of contributing to open
source communities beyond the obvious things like hiring whether you are a user developer
manager or just curious about the industry open team is the place to find the information
news training and support you need to thrive with open source software now that the introductions are out of
the way let’s get started
james thanks so much for joining me on the podcast today hi henry um yeah it’s an absolute pleasure to be
here thank you for inviting me i’ve been looking forward to chatting with you i know we’ve been talking for a while now
and i’m excited to dig into your career to begin with so for most of your career you were a
techie working as a software engineer and in the last year you shifted towards
the community side of open source as the director of community at finos
for those listening finos is a linux foundation community that’s creating open source software solutions for
financial services so james can you walk us through your journey from software engineer to director of
community to give us a better idea of how you actually got into open source software yeah absolutely
um in fact that’s a really that’s a really great question um so i’ve been um in the industry now
for over 20 years so i graduated around 1999 um and when i did graduate i
graduated um as a software engineer so i did a software engineering degree in london
and soon after that i actually got my first role um as a c-plus plus developer working in
telecommunications um in a city called reading um which is about 50 miles west of london and it was
actually in a business park that was surrounded by some of the blue chip companies like microsoft and oracle and at that time
some micro systems and so my um career was kind of like deeply rooted
in developing for uh microsoft products which is people on the call will know or people listening to this um you
know podcast and webinar will know it’s very proprietary and so all of the software that we were developing
was for licensed products use it using microsoft visual studio and you know
um.net and you know c plus which um uh the people who i was developing
software for had to buy you know and so the actual environments were developed by microsoft for people
to develop using microsoft software and that continued um for a number of years
up until probably the mid-2000s when you know javascript and developing for
browsers and developing for the web um started to you know kind of come into its own so people wouldn’t
install um individual um applications um on their operating systems they would
actually look you know to the web um to run you know software and so i got
involved in developing um i switched from um c plus plus at that time to
net which you know it’s it’s only really kind of like um a shift in environment because the the way that you actually develop using
object-orientated techniques um and you know patterns is actually pretty similar but at that
time microsoft kind of knew that there was some a bit of a shift towards open source and so
they kind of said that net or the dot net framework was an open source you know um product even though people
weren’t necessarily contributing to it much you know from the external community but that was kind of like my first
um the first time that i had heard of open source you know because at that time github
didn’t really exist i don’t believe um then uh as
you know time moved on you people shifted away from actually using um at least you know around my circles
um shifted away from using product slide.net and c sharp and started developing more using
javascript um and then you got like libraries like jquery kind of like appearing
and that’s when github started to appear and um it also kind of converged with um
social networking um so a lot more people were appearing and using facebook
um to communicate with each other and you know twitter started to take off um and then people you know formed
their own groups um around the technologies that they um started to develop in you know in
order to help each other and learn and share and this is where kind of the at least for me i’m not
saying you know in terms of you know global open source but for me this is where my shift into open source started
because i quite like the fact that um engineering teams and you know people
from outside of your firm were coming together to educate each other and so i thought okay you know i’m
active on facebook i quite like talking to people um i had developed you know a few apps
for facebook in that time because people were using you know playing games on facebook then you know and it was actually quite a fun
kind of like social scene so i uh yeah farnfield and you know scrabble and
all of these kind of like games i mean they don’t exist anymore or at least i don’t think people are playing them anymore but um
you know it was actually you know that whole online community kind of um way of getting together with
people um you know i mean at that time it was you know already up and running but um
that’s when you know kind of external communities and you know technology
started bringing people together around coding you know and so that whole social media meets coding
you know and people from different countries coming together to share code across borders you know
and um you know communities of developers within cities or online coming together to teach
people how to you know further themselves and you know kind of take technology forward and so i started
um a meet-up called react london bring your own project um and it all kind of like started from
there i joined the financial services industry which was going through a bit of a
technology transformation and i kind of brought all of those skills of bringing people together
into the industry and that’s when i became fast forward you know young so i’m really skirting over it now but
you know fast forward about five or six years i became director of community here um at finos which is um the fintech open
source foundation and part of the linux foundation and it kind of grew from that that sounds like a really interesting
journey and you’ve definitely seen the whole shift in attitudes at enterprises i know microsoft
used to be of the mind that open source is a cancer that infamous saying and now they have purchased github and they
are one of the leading companies today that are driving this open source ecosystem but to focus more on your
current role now what does it entail um and what do you do as the director of community at finos that is a really good
question because um not a lot of people would have heard of a director of community and in fact
um when i got my role you know when i started as director of community of finos i thought that it was actually you know
just really fortunate that i was able to take that role because um prior to that i was an engineering lead
um at lloyd’s banking group and so i had um a very traditional type you know um
job title but my role at lloyd’s banking group was
slightly different because i was um not focused purely on developing code
on my computer you know with um people around me kind of like fixating on one thing um my
role at that time was bringing lots of engineers together across the uk and also
you know across all of the various teams in order to share code you know across
you know the bank rather than developing features for one particular platform or one particular product um
and so being an engineering lead you know kind of bringing to people together in you know hackathons and tech sprints
and you know meetups um you know and going to events and conferences
to talk about you know engineering practices was actually a pretty different way of looking upon
engineering you know at lloyds um and so whilst i was kind of
um trying to get lloyd’s you know contribution into open source that’s when i met you know my colleagues
at finos um and they said hey james you know we’ve got a director of community role
um you know we think that that would be a great thing for you to you know focus on and i thought okay you
know um you know i’ve got my meet up i’ve done this type of thing before i kind of liaise with um
engineers and bring them together i’ll give it a shot um and so my role um at finos um
is still very engineering focused but it’s um kind of looking at the engineering um
landscape kind of across the financial services industry so rather than focusing on one product
or you know kind of working within one team i join um teams together from across you
know multiple different banks so like deutsche bank jp morgan city
goldman sachs et cetera namura and various other finnos members
to bring those engineering teams together to cross collaborate with other technology vendors and consultancies
and also um teach certain engineers so there’s a certain
perceived barrier of entry um that some engineering teams or individuals have
about whether they can actually do it because you know there’s new skill sets you know that people need to to know or
kind of practice in order to gain their confidence so i work within the teams you know showing
people how to do it as well as you know really magnifying all of the success that people are having
you know whilst they’re doing it as well so it’s almost like i’m um magnifying people’s success
you know showing people how to do it giving people the reason why they should be doing it and you know just trying to be as big
and loud and kind of um inviting as i possibly can be for that open source community
that’s really interesting and i think director of community and community manager are roles that are really coming into play
today and a lot of companies are hiring in those areas because people are finally starting to realize
how important community is not just in the open source software landscape but also
for startups too these days if you don’t have a community surrounding your startup then you really don’t have a lifeline kind of
pushing it and beating it along and selling it for you and i think yeah it’s really interesting that you’ve made that shift from
engineering to the open community side of open source but now i’d like to shift gears
and focus on some of the things that you’ve learned over the years about open source communities and also
about enterprise involvement within those communities so firstly one thing that we discussed
in a pre-core was this idea of an open source readiness program um yeah could you provide some advice
on what enterprises should do if they wanted to start one yeah that is actually a really great
question um because you know during our talk together today we’ve talked about software engineering
you know and the practice of you know laying down code or inviting developers you know to
contribute into open source um but actually open source um is there for
you know multiple people to get involved in um from within the organization um because there are different groups of
people um who would be your open source program office stakeholders
um and open source readiness is you know what we need to do um as you know members of you know that
type of group you know whether you have one or not um in order to bring everybody on the journey of open source
um so if i take the example of you know an engineer contributing code into an open
repo and when i say that um an open repo can be observed by anybody so your code
can be observed by anybody on the internet who has access to github or git lab or bitbucket
or wherever that code may land when i’m an engineer so if there’s a
engineer within your team he says hey i’d really like to contribute to an open source project which means that
the code that i write you know will be you know contributed into react.js
you know which is um a javascript framework that’s been written by you know facebook or you know i’d like
to contribute code into perspective which is a jp morgan contributed project which has been contributed
into finnos um the first thing that some people might say is you know does that mean that you know um
my code will be scrutinized will it look bad you know for the firm that you are representing you know
are you going to be giving away you know secrets and intellectual property um you know if our code is out there
does that mean that our systems will be insecure because people will be able to see you know the vulnerabilities you know
that exist in our software you know and so what open source readiness actually does
it brings to together people from procurement you know because sometimes when you
consume open source you know procurement teams like to know what software and you know what licenses
are actually being brought into an organization because procurement you know certainly within banking will
go around multiple different vendors and make sure that you know the right software and the right licenses are being brought
into a bank so they can number one make sure that um we’re getting the best deal on the software
you know we’re not signing ourselves up to terms you know which you know you can’t you know carry forward
you know you need to make sure that you can kind of like break out of certain contracts and that is also the same for open
source because although open source is free you’ve got multiple different licenses you know that you can actually consume
um which you know for the majority of the time it’s an apache 2 license but procurement
need to be involved in open source because they like to have an idea of your technology landscape
that they’re bringing and betting you know for your firm the other group is human resources so human resources
like to be involved in open source because when you’re putting your work
out there you are representing the firm you know and when you’re out there representing the firm
it has a great you know kind of quid pro quo for human resources because you get to attract you know
the engineers of the future um through that contribution into open source you know whether it’s through code
contributions or being in a special interest group kind of given opinion
um or speaking at a meetup or speaking at an event and so open source readiness also includes
human resources because you know we want to make sure that we’re attracting the best talent and we want to make sure
that we’re you know kind of representing the firm in the best way um and then as you get kind of closer to
systems you know you would have solutions architects um you would have cyber security you know
and probably within financial services you’ll have the policy makers and the people who represent you know
the regulators etc as part of that program office as well um because you know cyber security are there to
make sure that everything that’s being contributed and consumed is safe um and so they need to make sure that we
are writing the best code you know that um you know represents the
business in the best way um and we’re also not you know consuming code that could
you know include vulnerabilities um policymakers need to make sure that you know we’re
contributing in a way that doesn’t you know kind of um uh contradict
you know any rules you know that have been placed you know uh around engineering teams
about you know contributing into open source because um sometimes you know there will be policies in place that you know restrict
um open source and you need to make sure that those people you know who write the policies
understand the advantages and the reasons why you are kind of you know making those contributions and you are
consuming them um and then obviously the regulators are there to make sure that everything that you
you are doing adheres to the regulations that you’re adhering to and so open source readiness is about
communicating in a positive way to make sure that people know that open source you know doesn’t um uh
contribute to vulnerabilities you know kind of being consumed and it also doesn’t open your systems up
to attack just because your um code is you know in the open in fact
um when your code is in the open is actually scrutinized by more people and uh your engineers also put a lot
more effort you know into that contribution and so it kind of increases
quality and rigor and brings out the best in your engineering teams when they know that they are writing code for their peers um
rather than just contributing code into a closed repo inside the firm so it sounds like the open source
readiness program might be a precursor to setting up an open source program office is that right or is it something
that i guess are they are they the same thing uh or is the open source program offers more the
structural integrity of an open source relatedness program carried out into the future that is
actually a really good question as well um i would say the open source readiness
is for all groups to get involved in at the point in which you’re starting to explore
um getting involved in open source um i would actually recommend that you don’t do it you know independently
of the teams that want to contribute into open source it’s almost like um open source
readiness is it is a precursor you know without you know getting the backing of the
stakeholders you know who need to you know put ticks in boxes in order for you to contribute
without getting that you know you can’t contribute into open source you know because there are certain
um things in place you know within your firm that could potentially stop an engineer from doing that
um such as intellectual clauses you know in their um work contracts you know and
so all of these different things need to be you know explored within that open source readiness group
um but equally you don’t want to make decisions within that group that could actually negatively impact
the engineers who want to contribute into open source in the future you know and so rather than um planning
your open source readiness as a gantt chart you know and having a waterfall kind of like approach to
answering these questions i would actually say that the very first thing that you want to do
um even before creating an open source you know program office is get together all of the groups you
know particularly the people who feel the strongest about open source and you know kind of contributing to it and
consuming it bring those groups together with all of the various different stakeholders
you know who have an opinion about it um and maybe have you know a brainstorming you
know hour or two just to kick off you know the list of requirements you know so
ask the question why should we be contributing and also consuming open source
you know ask people you know what they need in order to be able to do that you know ask people what are the
barriers you know that they can you know foresee that will stop them from being able to do that
you know so for instance um even if you know the uh people who
give the okay to contribute to open source if they say yeah you can do it you can do it readily there might be certain teams with
product owners and scrum masters and you know other people prioritizing backlog backlogs etc that actually prioritize
internal work rather than the open source contributions and so you need to find those people and
um the engineering teams and you know the solutions architects need to
educate people on the reasons why open source contribution is actually really important
you know um you may also need to bring devops you know engineers in to talk about um
continuous integration and you know deployment and how you know that can be leveraged in order to
um have open sources kind of like a external kind of like um uh push from your engineering teams
and so by bringing all of those people together you won’t just be answering questions in isolation that
impacts people into the future you’ll be um answering all of the questions and providing solutions
as one united group okay so it’s really important to bring all the key stakeholders together and make sure everyone’s aligned
and has the same idea and understands why they are doing what they’re doing because i know it’s definitely
over the last decade or so it’s become best practice for companies of all sizes to set up an
open source program office uh even a study by the linux foundation found that
53 of companies across all industries say their organization either has an
open source program office or plans to have one at some point in in the near future
based off something you said before it’s really important to know why you’re consuming or why you’re contributing back to open source
software because for for the companies that have made the shift from purely consuming
open source to now actively contributing to the communities what have you found to be some of the
main benefits that they’ve reaped beyond those that are obvious like for example hiring
yeah okay so that’s um that’s a really good question as well um so okay if um we decided
you know that we didn’t want to consume or contribute to open source at all you know so if we belong to a
firm that was totally you know believed that open source was risky you know and so they um you know put a
barrier around it um what we actually found you know in that scenario
is that those firms are actually consuming open source anyway you know whether they know it or not you
know so it might be the case that you know people outside of engineering who make
the decisions about you know what the business gets involved in says we’d only get involved in open source
you know we don’t know who the people are who are actually writing the software they’re not under any form of
contractual agreement by this firm therefore we don’t want to take the risk on consuming their software we can’t see
we can’t look them in the eye we can’t prioritize their backlog you know therefore we don’t want anything to do with that you know
engineering teams now would say okay i understand your risk position but actually do you realize
that you know if we are actually um uh
if our production systems are running running in the cloud so if you’re running on any of the cloud providers such as
aws um gcp or azure if you’re consuming or
using docker or kubernetes you know if you are writing using javascript and many of the
you know javascript libraries they’re all javascript developers rely on in order to build software using node
you know or software using any of the javascript frameworks for front-end development all of that stuff is open
source software you know and so whether you like it or not it’s very difficult for you to actually avoid
you know having any form of open source involvement um even if you are running you know
your software using you know some form of windows server on a server under your desk you know
which is locked in you know a cupboard somewhere you know there’s going to be open source software you know
running on that server even though windows is totally proprietary um and even if you take it as far as
saying well actually we use mainframe servers you know um they’re in a data center run by you know
an external vendor that we have total control over it’s highly likely that that mainframe server is going to be running some form
of linux kernel you know and at the very core of that kernel will be open source software because you know
that’s where the linux foundation kind of like um spawns from it’s kind of you know the contribution of people into the linux
kernel so even if you know you want to try and lock um you know open source out of your life
it’s never going to happen you know even kind of like the code editors that your developers are using
are built on top of open source you know it’s there and so we took that argument or have taken that
argument not necessarily well i’ve taken the argument you know in previous roles for previous firms
um and have said in order for you to have control over open source you need to be part of
that landscape you know you need to be able to um say that you understand it
um and you need to kind of understand you know the benefits of open source so as soon as you turn that risk
position around and say actually it’s greater risk for us not to understand or contribute
into open source it’s almost like you go with the flow of the river rather than trying to hold the tides back you
know so by saying okay we’re going to understand open source you know we’re going to understand what
we’re consuming all of a sudden your engineering leads are able to peer under the hoods of you
know the various different systems that they’re consuming they can look at the code you know that these um systems are
actually developed you know with um they can um understand that some of these systems
are actually written using an apache license which means that you can start you know avoiding consumer contractual
tie-ins you know with um vendors you know so um if you’ve got one vendor who’s
supporting so you can still have support contracts with external vendors open source doesn’t mean that all of a
sudden the systems belong to you so you can have support contracts you know with um external consultancies who
support those systems but because those systems are open source it means that if one support contract
doesn’t suit you you can go to a different vendor um and they can support the same system because
that system is an open source system and the only thing that you are actually um
engaging in is the support contract around it rather than buying a proprietary system written by
one vendor and only that vendor can support that server or that piece of software
um and then you know um if you throw the net you know a little bit wider it might be the case that
you know an engineer or an engineering lead or whoever finds a bug you know within a system then if they
um fix that bug you know and they uh contribute that bug into open source you’re not just um you know
fixing that bug for your um team but you’re fixing that bug for the world
you know and the people who are also consuming that system and that’s where kind of like the um
the you know pay it forward kind of like um mentality of open source starts coming in that’s
where people start understanding that your firm is contributing to the success of global
technology you know so the more you contribute into something the more the cycle kind of like feeds
back around towards you because your engineers are out there they’re fixing things they’re contributing things
you know and it doesn’t even need to be code it can be ideas you know so it can be feature ideas
you know or it can be you know um you’ve noticed a gap you know where a piece of
software may be useful they might go to a meet up and talk about it and then you’ve got a self-organizing team that starts forming
and starts you know penciling together you know how that you know piece of code could come
together as a project and so it becomes very kind of organic and you know self-organizing and
you know that’s where special interest groups and um you know all of that type of activity
also come into play and that’s what also influences hiring as well because
um engineers coming straight out of university want to be in that team they want to be in the team that kind of
um reflects you know the way that people are now engaging online now you know
which was totally different to when you know i came out of university people engaged by going down the pub at lunchtime but
people are now engaging you know now i don’t know everyone has a different idea of fun yes
yeah it’s it’s different you know the the way that we kind of like um shared ideas it was very closed you know
amongst the same group of people you know but now people are sharing ideas by
getting onto slack getting onto discord you know writing comments on github you know
tweeting things out you know um people go on to egghead io and they record their own you know
kind of tutorials and then they listen to comments of people who are feeding back and they improve themselves
you know and the world is shifted people come onto podcasts you know and they they talk about this
stuff and this is the world that you know people are moving into and this is the world that people want to be part of
i mean you can see it um with and it’s a really it’s probably a little bit out there but
the way that tick tock has taken off and everybody’s you know kind of creating reels um the same with
instagram you know you can subscribe to reels on instagram which are talking about javascript
you know and there’s just loads of different platforms out there that people are actually getting involved in
you know it’s not about you know being in your scrum team anymore it’s about how do you meet the world you know how do you use technology to fulfill
technology i really love yet your description of what the world is like now and how it is so different
and just how connected everyone is i think it’s such an exciting time to be alive and i think
we’re just at the beginning of seeing not only the boom of open source but just technology in general really
really excites me and i think yeah it’s it’s it’s an exciting field to be a part of and i know also just on your point about
open source and some of the benefits i’ve learned from quite a few people that it really is about
having that connection to the community under understanding how the community works and actually contributing back to the
community because people think why would i pay my developer to go and work for an open
source projects my competitors will have access to that and so many other people
but they really do you kind of get this power and influence over the community and the direction of the community that
is really really important and you’ve seen some of the companies like pytorch say for example
uh facebook is a big contributor and there’s just many other open source projects which is a lot of
larger companies are now driving and at the forefront of changing the world in in the open
source space absolutely and i can um i can give you an example of where
you know competitors come together in order to solve a problem both for the benefit of them and also
for the benefit of a particular problem within financial services so within finos we have um a standard
right so projects don’t necessarily have to be you know software projects or the writing code that you actually install
um and leverage on on your mac or on your pc or on your server or wherever it lives
um it can also be standards you know about how um software interacts with
each other you know across boundaries and you know that is basically interoperability you
know it’s um how do you actually pass information from one system to the next
you know in a way that means that um software um vendors don’t have to
interpret you know information in many different ways in order to transform it you know so say for
instance um software vendor a wants to pass software vendor b you know
um what we call a financial object so whether that’s a payment or you know some other form of example
of how you actually um you know take that financial
representation and pass it from one vendor to the next you know so it could be the case that
without a standard you know that um piece of information is represented by one vendor in one way
and it’s passed to another vendor in that way but that the second vendor you know uses a
different way to describe you know their um you know financial object and so they need to then
transform from vendor a into vendor b and that kind of transformation
of that information just um is very inefficient because um
when you’re kind of passing information between two vendors maybe that transformation is just a
nuisance but when you’ve got like multiple vendors you know if you’ve got x vendors you know x being a multiple and you’re
having to do that multiple multiple times then it just becomes impossible and so
what a standard project actually does is brings all of those vendors together who are
competitors you know so their pro their software that they are writing may also be proprietary you know so
there’s no reason why um the software that those people are writing needs to be open source you know it
could be the case that it’s a licensed product however it could also be the case that you know it only has
it has you know value when it’s living in an environment where information can be shared about
and so we have um a standards project called fdc3 which is um interoperability standard
which brings all of these vendors together to say we have you know certain representation
of financial information that’s needed but we’re going to agree in the way that that is represented so
even though our proprietary you know product may be developed within our team because
we want to be able to sell the license for that the actual standard for how we pass information from
one to each other may be in the open so at least if we’re adhering to that standard
we know that i can pass information from vendor one vendor a to vendor b to vendor c to
vendor e f g um in a very kind of like consistent way
um which adheres to that standard as well and so by saying um our competitors
you know will be able to see what we’re doing and we’re giving our secrets away that doesn’t necessarily need to be the
case when you you are actually getting involved in open source because there are different types of
open source um activities that actually you know bring
advantages to that competitive market um especially when
you know that those particular vendors are living in an environment like a financial
desktop you know where all of those different pieces of software
provide different functionality but the information that drives them is actually the same and so yeah
standards projects um bring more efficiency um even
across competitors whereas you know having close competitors you might be able to deliver one kind of
like user experience but you might not be able to join it together with lots of different you know other vendors who can bring an
even bigger ecosystem you know to the world um compared to if they weren’t joined
together in that interoperability no way okay that’s really interesting i think standards have a big role to play
in growing the pie uh in a lot of different realms particularly in open source too just making it bigger
uh for everyone by working together is there anything happening at finos or the linux foundation that you’d like to
share with those listening yeah so thank you um for giving me the opportunity
um so within finos um all of the work that we actually do is continuous um
all of the projects you know within um open source are running as you would expect an
internal project to run um so if you want to get involved in any of those projects or
understand more about them if you go to finnos.org that’s the the foundation website where
you’ll be able to find our news and events you know and everything that’s happening and you’ll also be able to
get pointers to um github.com forward slash finnos which is our open source organization
where you’ll be able to see where all of the engineers and projects actually live um and like i
said before you know you can actually explore all of those repositories and see the code that’s in there and you know
all of the various different project documentation um this year we have the open source
strategy forum which is the finos um conference and there’s currently a
call for papers out um so if there’s anybody who either wants to attend um the open source strategy forum or
would like um to put a you know um an idea for a presentation that you would like to
give um please feel free to find me on linkedin where if you search um james macleod finis you’ll be able to
find me um or you can find me on twitter at twitter.com forward slash
mcleod but there’s a underscore between the o and the b so it’s m c l e o underscore d
um and also you know come and find me if you want to find out more and maybe i’ve not
spoken about it you know during this podcast because um open source is so broad you know it kind of covers consumption and contribution
if you’ve got any questions you know please do reach out and find me um we have a finn or slack i can invite
you there and we can you know have a chat or we can jump on the zoom um awesome yeah thanks so much for your
time it’s been great chatting and i’d love to get you on the podcast at some point in the future too perfect thank you very much for inviting
me today henry it’s been um really great being here with you um and i hope things are good where you are
they are they are good and likewise on your end and for everyone listening thank you for tuning in
if you like what you listened to today and saw something that maybe heard something that maybe a friend would like then please share this with
them it really does help to get the podcast out there and and the aim of this podcast is really to educate
a c-level managers at companies that use open source to better manage open source technologies so
with that we hope that open source can thrive thanks everyone thanks james and until next time