In this episode of the Open at Intel podcast, host Katherine Druckman and guest Edoardo Dusi from Sparkfabrik discuss the significance of community involvement in open source software, the supportive nature of open source communities, and provide advice for newcomers. Dusi speaks about his career path from a backend software engineer specializing in Drupal to his current role in developer relations (DevRel). Druckman and Dusi share their experiences with the Drupal project, the gratification of identifying and solving problems, and their involvement with the Open Source Security Foundation (OpenSSF), highlighting the importance of security in open source projects. Dusi emphasizes contributing in various ways beyond writing code, advising newcomers to engage in projects they know well and participate in discussions and issue tracking, while also mentioning the role of GitHub and the potential pitfalls of overemphasizing GitHub profiles and badges. The conversation underscores the human aspect of open source, focusing on community and collaboration.
“Helping others was amazing for me. This is the spirit of the open source world. It's not just about writing code.” - Edoardo Dusi
Katherine Druckman: Hey, Edoardo. Thank you for joining me in the fishbowl here at KubeCon. You're with a company called SparkFabrik, but we also know each other from volunteering with OpenSSF, and we'll get into that. But first, why don't you introduce yourself?
Edoardo Dusi: Yes. I am a DevRel at SparkFabrik. I have been a DevRel for one year now. Before I was a software engineer, I started with the backend with Drupal, and I know you worked with Drupal.
Katherine Druckman: Yes, we have the same story.
Edoardo Dusi: I started with Drupal, then shifted to the front end, and worked with React with Angular first and a bit of mobile with React Native. I was a front-end engineer and then decided to go full DevRel. I was doing conferences and a podcast before, and when I decided to do DevRel full-time, they said, "Yes. Okay." The job position didn’t exist at SparkFabrik. It was created for me. It was exciting.
Katherine Druckman: Does your company use Drupal extensively?
Edoardo Dusi: Yes.
Katherine Druckman: That's interesting.
Edoardo Dusi: We are a consultancy company, and we do custom application development. On the back end, we use Drupal. We use all open source. We are fully committed to open source. Drupal is our first choice always for the backend and for the front end, we use Next.js, Angular, or React. We also combine things and do Drupal for the backend and headless front end with Next or React. Drupal is, and has always been, the first choice for us.
Katherine Druckman: I am super biased because my background for many, many years was Drupal, and they have a great open source community.
Edoardo Dusi: Fantastic.
Exploring KubeCon
Katherine Druckman: For that reason, Drupal is a great introduction to the world of open source. It provides a nice onramp. I'm really curious though, what are you doing at KubeCon?
Edoardo Dusi: First of all, I'm with the delegation of SparkFabrik with the platform engineering team, and I wanted to explore what the topics are in KubeCon this year and chat with people. I would like to understand the environment because it's my first KubeCon, so I wanted to better understand what's behind the scenes, and what people are talking about, plus listen to some interesting talks. This is my journey into the cloud native landscape. I do cloud native for work, and conferences, and KubeCon is what is important in the cloud native world right now, so I wanted to participate.
Katherine Druckman: That makes sense.
Edoardo Dusi: Yes.
Getting Involved in Open Source
Katherine Druckman: We talked a little bit before we hit the record button about getting involved in open source. Do you have advice for people who are new to this open source world? Once you've been in it a long time, that's all you know, or at least that's how I feel. Do you have a different perspective?
Edoardo Dusi: Yes. Drupal was my entry point into the open source world. I don't know if it was the same for you.
Katherine Druckman: Yes.
Edoardo Dusi: Today things are different from when I started. I started in the early 2000s. I was in the university, and my first contact with the open source world was a Linux user group there.
Katherine Druckman: That sounds familiar.
Edoardo Dusi: I had no knowledge of the open source world. I showed up with my laptop with Windows installed, and a bunch of people from the Linux user group at the university called for every newcomer and told us, "Well, usually it's Linux because Linux is blah, blah, blah." I started installing Linux with their help. Soon I began working with Linux and started chatting with people. I immediately began helping other people because what I accomplished the day before could help someone else.
Helping others was amazing for me. This is the spirit of the open source world. It's not just about writing code. Right? Soon, I started writing in newsgroups or forums because it was popular in the early 2000s. When I encountered an issue, I started looking for that issue in newsgroups and forums. If someone solved the issue, I commented, "You helped me. Thanks. This worked." That was my way of contributing.
This was a normal practice for me. I started working, freelancing, and using Drupal because I was looking at the source code, and the source code was good. I enjoyed the source code and the community around Drupal. Then I said, "Okay, I want to work with this." Then I started working with Drupal. Open source was obvious to me because it involved doing something for a customer. Customers want personalization. As soon as I finished a customization, I committed upstream to a module, a patch, or other tasks.
Katherine Druckman: That's great.
Edoardo Dusi: Yes, because it felt natural.
Katherine Druckman: It feels good.
Challenges in Modern Open Source
Edoardo Dusi: Yes, it felt good, but also obvious because I used something produced by others, and giving back was natural to me. I struggle today when I read posts by other peers that younger developers are not leaving the open source code the same way as I left it. Open source for newcomers today seems more about recognition. It's more about numbers, stars, and badges, and it's not the way it should be. It's not the same for all, but for many people, it's about these things, about having commits, and their GitHub grid is all green. Github is a problem because, for example, Drupal is not on GitHub. As a result, Drupal is not an okay resource project to start contributing to because it doesn't give you numbers on GitHub.
Katherine Druckman: Yes, it has a bit of a siloed ecosystem for that reason.
Edoardo Dusi: Exactly.
Katherine Druckman: Yes and no. I have contributed to Drupal in ways that got me some green GitHub boxes, but there's more to life than green boxes. Right?
Edoardo Dusi: Yes, then I started working with the foundations like OpenSSF, and this is a way of contributing. And it's wonderful being able to contribute, translate things, and participate in discussions.
Katherine Druckman: Yes, there are a lot of them.
Edoardo Dusi: There are a lot of things you can do.
Katherine Druckman: Underrated ways to contribute as well.
Edoardo Dusi: You can educate others.
Joining OpenSSF
Katherine Druckman: Absolutely. I should mention quickly, we've mentioned OpenSSF a couple of times. I want to make sure people know that stands for Open Source Security Foundation. We both participate and know each other through the DevRel community at the OpenSSF. There's some important work going on there. It’s a fitting example of the open source spirit where if people see a problem, they fix a problem. Many groups of people, companies big and small, have come together to address the issue of security and open source software. Open source is ubiquitous these days. I like to say that effectively all software is open source software. And people ask, "What are you talking about?" I say, "No, it's true. Seriously."
Edoardo Dusi: If you look at the numbers and charts, more than 98% of software contains at least one open source library.
Katherine Druckman: Exactly. It's important stuff. How did you get involved in the OpenSSF?
Edoardo Dusi: My company, SparkFabrik, is a member of the Linux Foundation in the CNCF. Also, my CTO, Paolo Mainardi, is a board member of the Linux Foundation Europe. They started talking about OpenSSF, got involved, and we are now a member of OpenSSF. They said, "OpenSSF is a great place to go and help." Annalisa, one of my colleagues, joined the marketing committee and said, "You should have a look." I looked at the Slack channel and DevRel community channel and saw that there were planned weekly meetings. I said, "Okay, I would like to join." I joined the first one and got involved. It was good to create something during the preliminary stages of the creation of the DevRel community.
Katherine Druckman: Very much so.
Edoardo Dusi: Seeing the foundations from the beginning genuinely felt good. I remember I started writing down the meeting notes on the GitHub repo, and it was good.
Katherine Druckman: Yes, it is a brand new effort. We started, and it didn't get going until the middle of last year.
Edoardo Dusi: It was like October or September.
Katherine Druckman: This is the part where we should plug the OpenSSF blogs and encourage our listeners to participate in submitting blog posts about security.
Edoardo Dusi: Exactly.
Katherine Druckman: Because Edoardo and I might review them.
Edoardo Dusi: For sure. I am also on the editorial review panel.
Katherine Druckman: Yes.
Edoardo Dusi: I review blog posts. It's also a way to educate myself. I'm not a security expert but reading blog posts makes me realize how important security is and the technical specifications of some parts of the security. You can submit a blog post and get involved in many ways. You can go to our Slack channel and see our many channels on Slack. There are many working groups. You can get involved with the DevRel community.
Katherine Druckman: You can attend any working group. They're all open. There's a calendar, there's a link on the site to get involved and it shows the public calendar. There are so many areas.
Edoardo Dusi: Remember that this is a way to contribute. It's not a commit, but it's contributing. You can do that today, and it's great.
Importance of Security in Open Source
Katherine Druckman: I was attracted to security because of my background, and my technical background in Drupal. I was a release manager of a piece of software, and I always had insecurity about it, because there's responsibility on your shoulders when you're releasing software that other people are using. When there are vulnerabilities disclosed in your dependencies, you need to be on top of your updates.
I never felt like I was adequate security-wise. It is personal baggage, but I always needed to learn, and my focus became increasingly on security because of the sense of responsibility. If something goes wrong with a web application, I don't want it to be my fault. Right?
Edoardo Dusi: Exactly. Do you remember the Drupalgeddon?
Katherine Druckman: I remember Drupalgeddon. I was at Linux Journal at that time, and everything digital with us was Drupal. I had to work on several different applications.
Edoardo Dusi: That was when I realized security must be the first priority for every project.
Katherine Druckman: Security first.
Edoardo Dusi: You should start thinking about security before even starting to write code. Today there's this buzzword, shift left. It's not just about the shift left. It's that you are writing something that should be secure by design. By design, it's your first priority. If you write something functional, it should be secure.
Katherine Druckman: If it's not secure, bad things happen. It's not good.
Edoardo Dusi: Yes.
Katherine Druckman: You'll ruin people's days.
European Perspectives on Security
Edoardo Dusi: In Europe, there are a lot of discussions about security, and they're remarkably interesting, even if they usually come from institutions and non-technical people. Listening to their perspective is educational because you are responsible for what you are writing. If you remember in the beginning, they said, "Well, you are an open source maintainer. You could write something that ends up in millions of servers or laptops around the world. It's your responsibility to make this secure to fix the CVEs and to distribute patches. And if something goes wrong, if your software is bugged, you should remove it from the market." That was the first thought I had.
From their non-technical perspective, it's not a bad thing. Then they listened to technical people and foundations. There was a campaign from the Linux Foundation Europe that fixed the CRA. They listened to them because they said, "What you're saying is right, but it should not be the responsibility of a small company, of a single maintainer. You should look at the big companies, big tech," like we are doing here at the KubeCon. Big tech has the power to fix big problems, not small independent contractors.
They listened to the Linux Foundation, and then to the OpenSSF, and other foundations like the FSF, the Open Source Initiative, Debian Foundation, Eclipse, and many others. They listened. It is amazing they changed the text and took into consideration what the community and technical community said to them. This is also another example of how you can contribute and get involved. Participate in discussions because your voice matters, and they listen to you.
Katherine Druckman: Right. And tech policy is increasingly relevant to everyone. Taking the expertise of people who've been doing this for a while into consideration is important. I’m really curious to know what your experience was when you first contributed back to Drupal modules. Could tell us more about your experience in the community in particular with Drupal?
Edoardo Dusi: When I first started, I was a newbie. I asked, “What should I do?” Then I discovered a local Drupal community in Italy, and asked them to help me submit a patch, and how to do things with Drupal. The year was 2006, through '07. The Drupal website existed way before GitHub, and it had a central repository, issue management system, ticketing systems, and components you now find in GitHub.
Katherine Druckman: Are we talking about the pre-Git days back when it was still CVS?
Edoardo Dusi: Yes, SVN, or something like that. They had a system. You could go to a module page, open the repository, and open an issue, for example, work on an issue, and then submit a patch. When you submitted a patch, a pipeline began. You had the CI. It was not called CI, but it was this automatic test that ran, and you get a red flag or green flag that tells you if your code is fine or not fine. It was automated way before GitHub. I enjoyed learning how to do that from the Italian community because when I submitted a patch, I was enthusiastic looking at the green flags. I said “Wow!” when my patch was green and got committed upstream. Also, it solved one of my problems because the module had flaws when I used it, and the issues surrounding my particular scenario were a bit different. I had to make some changes and wanted to commit the changes back. So, I started writing a patch.
You had to submit the patch to attach the patch to the issue, and then your patch got reviewed, and this was the process. It was not like you have in GitHub today where you fork, where you do a PR, not like that, but it was still a straightforward way to contribute. Even for non-technical people, you could simply write something on a file and create a patch. There were instructions on Drupal. You write a patch and then attach the patch. I enjoyed doing that. It was easy. Seeing comments from other people saying, "You did a great job," or "If you want, I can help you." It was amazing. I felt like I was part of a community.
Navigating the Contribution Process
Katherine Druckman: Were you nervous when you submitted the first few patches? I was incredibly nervous. I was a user and a Drupal developer for almost 10 years before I ever contributed. I made one line of CSS here and there, but I didn't make any kind of significant contribution. I participated in the issue queues but didn't contribute code. I did not upload any code for a long time.
Edoardo Dusi: I was nervous when I opened an issue about a bug in Views. Views is a core module of Drupal. At the time, it was a concept module, but Views is the main way you see data on your database. I remember there was a bug with the asynchronous Views. I submitted the bug and proposed the change, but high-level people started complaining about my suggestion and I was worried—
Katherine Druckman: Yes, you asked, “What have I done?”
Edoardo Dusi: It was the only time I felt embarrassed for my tiny little badge. But in general, no. In general, I felt welcomed. But also, it was coming from my background at university, you remember the Linux user group. It was natural. It was normal to propose something and to discuss your code with peers. This is missing today. I see many people in companies, even my colleagues, which skip the universities, but you miss a part of your career where you can have discussions with peers, exchange ideas, and see each other's code. Then it becomes—
Katherine Druckman: In an informal way. Yes.
Edoardo Dusi: It becomes natural. When you start coding in a company and the first time your boss or your colleague sees your code, it's a bit scary for you because it's not your experience.
Katherine Druckman: I understand what you mean. You lack the freedom of an academic environment, which is different.
Edoardo Dusi: Starting in a university like me, you find user groups.
Katherine Druckman: Exactly. You find the same thing in user groups.
Edoardo Dusi: You can find the same thing. Exactly.
Katherine Druckman: Yes.
Edoardo Dusi: Get involved with other people through Meetups and user groups and start looking at code together, show your code to others, and discuss your code. This makes the entire thing normal. It becomes something normal for you.
Advice for New Open Source Contributors
Katherine Druckman: You and I started quite a while ago with Drupal and open source software, but if you were starting over today, where would you point people? If you're talking to a young developer or even a new developer, somebody who's making a career change and who wants to dive into the world of open source, where would you start now? The landscape is a little bit different than it used to be. There are more resources now.
Edoardo Dusi: It is different. I wrote a blog post on the OpenSource.net blog, and my first advice in it was don't look for first issues. The whole point is not to create, not to write a commit. You should not start with the idea that you have to commit something. No, you should start with the idea that we are creating something that benefits the world and humanity. I know it sounds visionary, but in reality, it's not. We are here working on the web in a cloud native world. If you go to the W3C website in the vision, the first words you say are “Web is for all humanity.” It's not a vision. It's not something visionary. It's the real thing.
When you write something for the web, you benefit all humanity. Your first goal should be to help others. Start helping with what you already know. You are working on something at your company, your job, your school, or for a personal project. What you know can help other people, so start from what you understand. Go to the projects that you're using, the project’s Slack, GitHub, Forum, GitLab, wherever your project is, and start joining issues, and discussing with people. Comment issues, get involved, and commits will follow.
But the first thing is to talk to people. You should be part of a community and help others. Get involved in something you already know. Also, you can help set up a meetup in your city. If you are interested in Linux or Drupal, ask your peers, and colleagues if you could start a meetup in your city. It's a great way to get involved in a community and contribute. It's exhausting but fun. You will not have a star in GitHub, but it's okay.
The Human Side of Software Development
Katherine Druckman: Yes. We keep mentioning GitHub.
Edoardo Dusi: I have nothing against GitHub.
Katherine Druckman: It’s a weird thing—a developer identity that becomes your GitHub profile, right? It's an interesting phenomenon, but also a struggle. I went to a session at DEF CON it was a little mini workshop all about how to fake a GitHub profile. It's a security thing, right? Because you can fake a reputation pretty easily. Not easy, but it is not that difficult either.
Edoardo Dusi: No.
Katherine Druckman: I thought that was interesting,
Edoardo Dusi: I also saw posts on Reddit with people complaining about PR-bombing a project.
Katherine Druckman: There's a way to game any system, right? It happens in Drupal, too. In the Drupal community, there were a lot of people gaming the credit system so that their company could achieve a higher status when the stats came out.
Edoardo Dusi: Just think if I have many comments on GitHub, they will hire me, but it's not the goal.
Katherine Druckman: No, that's not the spirit of what we're doing. For sure.
Edoardo Dusi: What GitHub is also using gamification. It's funny and also enjoyable to have badges.
Katherine Druckman: I feel bad when my GitHub profile is less green, and it's ridiculous. They've got a wonderful thing going.
Edoardo Dusi: Yes.
Katherine Druckman: We are human beings. That is the most important thing to remember. If we can summarize our whole conversation, it is all about people. The software is about people. We think it's about code, but it's not. It's a very human thing. It's about human interaction. Code review is a very human thing. It's about diplomacy. It's about getting your patches or PRs merged, and there's so much humanity that people can't forget because if we forget it, it all falls apart.
Edoardo Dusi: I agree.
Katherine Druckman: Thank you so much for joining me and sharing all your experience and inspiring people to get out there and write blogs, read, and make bug reports. Right?
Edoardo Dusi: Make some noise.
Katherine Druckman: Make some noise. I love it. Thank you so much.
Edoardo Dusi: Thank you so much, Katherine, for having me.
Katherine Druckman: You've been listening to Open at Intel. Be sure to check out more from the Open at Intel podcast at Open.intel.com/podcast and @OpenAtIntel on Twitter. We hope you join us again next time to geek out about open source.
About the Guest
Edoardo Dusi is a Developer Relations Engineer at SparkFabrik, a company that helps organizations build digital products with open source technologies. He has a strong software developer and team leader background, working on various projects and platforms. He is passionate about creating and sharing content that educates and inspires other developers, such as tech talks, videos, podcasts, conferences, and more. He enjoys connecting with the developer community and promoting the benefits of open source software.
About the Author
Katherine Druckman, an Intel open source evangelist, hosts the podcasts Open at Intel, Reality 2.0, and FLOSS Weekly. A security and privacy advocate, software engineer, and former Digital Director of Linux Journal, she's a long-time champion of open-source and open standards. She is a software engineer and content creator with over a decade of experience in engineering, content strategy, product management, user experience, and technology evangelism.