Life at Eclipse

Musings on the Eclipse Foundation, the community and the ecosystem

Security Leadership at the Eclipse Foundation

As everyone who is involved in the software industry is well aware, security is a significant topic these days. In particular, open source supply chain security is top of mind across the entire ICT industry. The Eclipse Foundation, its community, its projects, and its working groups all have a strong motivation to be leaders in advocating and implementing security best practices. Our members, adopters, users, and stakeholders all desire that their security risks be mitigated to the degree possible. 

One thing that is clear, however, is that simply putting the burden of added security work on the shoulders of our committers and project leaders is not an option. This topic needs to be addressed by services provided by the Eclipse Foundation to our project community or it will fail. Without strong support in terms of release and build engineering, tooling, and education, developers simply do not have the time, interest, or skills necessary to be responsible for implementing security best practices. It is equally true that security, and particularly supply chain security, requires a programmatic approach. Security is not an attribute that you simply add to existing software.

So we need to provide services to our projects to implement our Open Source Software Supply Chain Best Practices. We envisage this as a collection of services provided to our projects by staff to protect our code repositories, secure third party artifacts, provide security audits, secure build pipelines, and protect build outputs. 

The Eclipse Foundation has long had a security policy, and is a CVE numbering authority. We have a long track record of taking security seriously. However, we are not going to be able to accomplish more without leadership. So, to that end, I am very pleased to announce that we have recently promoted Mikaël Barbero as our new Head of Security. Mikaël is well known to our community as having led our Common Build Infrastructure for many years, as well as having authored the best practices document referenced above. Mikaël will be providing leadership to our security initiatives, and will be working closely with our projects and our IT staff to steadily improve security across the Eclipse community. Some of this work will complement or leverage related efforts to improve our IP processes and provide software bill of materials (SBOMs) for all of our projects. We expect to make a number of program announcements over the coming months, so stay tuned. Please join me in welcoming Mikaël in his new role.

Written by Mike Milinkovich

May 12, 2022 at 7:41 am

The Eclipse IDE Working Group Celebrates Its First Anniversary

Today we celebrate the one year anniversary of the Eclipse IDE Working Group. A year ago, the Eclipse Foundation launched this Working Group focused on the Eclipse IDE and the Eclipse Simultaneous Release (SimRel). We would like to share some of our successes since the launch of the Working Group in April 2021. 

Highlights

  • 20 Years of the Eclipse IDE: 2021 was a momentous year for the Eclipse IDE, as we celebrated its 20 year anniversary!
  • Welcome Ed! Ed Merks joined us as a SimRel Architect and Release Engineer. Ed’s first set of tasks included preparing PGP signing support for the 2022-06 release and mapping out the project dependencies.
  • Productive collaboration Our collaboration with the Planning Council has been very effective. We have identified the top issues as outlined by the Planning Council and have a plan to address them.

PGP: A Community Success Story

A great community success story for the Eclipse IDE Working Group is the delivery of a fully-functional, secure PGP implementation for Eclipse 4.23 (SimRel 2022-03). This enhancement augments Eclipse’s existing security support which is based on jar signing. Jar signing has the significant drawback that artifacts originating from external dependencies must be modified in order to sign them, i.e., jar signatures are intrinsic to the artifact. In contrast, PGP signatures are extrinsic to the artifact and have long been used in Maven repositories to provide certification of origin. Eclipse’s PGP support facilitates significantly streamlined consumption of Maven-based artifacts by Eclipse projects, making it easier for our community to exploit and deliver the latest and greatest libraries with each quarterly simultaneous release.

The initial proof-of-concept PGP implementation was contributed by Mickael Istria. In combination with Mickael’s on-going participation, along with Christoph Läubrich’s technical insights, the working group has helped to harden the PGP implementation to industrial-strength quality for the SimRel 2022-03 delivery. Even the existing support for jar signing has been improved, as users can now easily save trusted X.509 certificates to avoid repeated trust prompts as is typical with self-signed certificates. Issue 11 provides a detailed track record of all the activities around PGP signing during the 2022-03 release cycle as well as additional background information.

With this groundwork in place, our community as a whole can exploit PGP signing for broader adoption in the Eclipse 4.24 (SimRel 2022-06) delivery this coming June.

Planning Council’s Top 3 Items

The Planning Council plays an important role in the Eclipse IDE WG. The Planning Council can be seen as the “technical” arm of the WG. At the beginning of the first year, under the leadership of Mélanie Bats, the Planning Council was tasked by the Steering Committee to identify the top issues affecting the successful release and adoption of the Eclipse IDE as a platform and a product.

After much brainstorming and debate the Planning Council recommended the “top three” items to the Steering Committee to focus on:

  • The “Bus Factor“, particularly of the release engineering processes of the Simultaneous Release (SimRel).
  • Identifying individual project risks, for example identifying which projects contributing to the SimRel are under-resourced and understanding which downstream projects are affected.
  • Updating the graphical layer Eclipse where it is lagging behind operating system changes, for example improving dark mode, better operating system and web browser integration.

The Steering Committee took these items and translated them to action points that are now being carried out and has allocated a substantial portion of the IDE WG’s budget to improving these common parts of the Eclipse IDE. The highlights of this work include:

  • Hiring Ed Merks as the SimRel release engineer.
  • Ed has also found time to start mapping out the incredibly complicated dependency graphs between the dozens of different projects contributing to the SimRel to better understand the impact of any particular project discontinuing participation and to fully understand the dependency chain of each bundle in the SimRel repository.
  • The Eclipse Foundation has created new guidelines for funding work such as the graphical layer improvements. This is the most recent action point and already some bugs are being fixed under this program.

One year into the Eclipse IDE WG and Jonah Graham is now the chair of  the Planning Council. The Planning Council is pleased to see some concrete actions taking place under the new Working Group. The structures and processes in the Working Group have progressed well and additional funding of the IDE WG will see direct improvements in the quality, stability and adoption of the Eclipse IDE.

Engage in the Working Group

We still have much to do! If you are interested in joining us and supporting the development of the Eclipse IDE technology stack, improving the user experience of the platform, and making it more attractive for organisations, let us know. We welcome the opportunity to speak with everyone who wants to help shape the future of the Eclipse IDE.

The resources funded by the IDE Working Group members are really paying dividends for our community, both for the producers and for the consumers. If you’re a consumer, please consider investing in our community’s ongoing success by supporting the Eclipse IDE with funding, contributions, new ideas, new points of view, and by getting directly involved in development efforts. Better funding enables us to achieve more, and more hands make the work lighter.

If you are interested in becoming a Working Group member, you can get in touch with us by completing the membership form or by sending an email to the Membership Coordination Team. If you are interested in becoming a sponsor, let us know.

Stay In Touch

We love exchanging ideas, so if you have any questions or would like to know more about what we do here, connect with us!  You can also join our meetings to find out more about what we’re up to. They are open to the community and take place every 2 weeks from 2:30pm to 3:30pm (CET) on Tuesdays. Or you can contact a member of the steering committee, we’re always happy to talk to you.

Written by Mike Milinkovich

April 26, 2022 at 8:01 am

Posted in Foundation

Tagged with ,

Eclipse Theia is the next generation of Eclipse!

For over 20 years the Eclipse IDE platform, along with the Eclipse Rich Client Platform (RCP), have provided core technologies for building richly featured language IDEs, products, and applications that are portable across Windows, Mac, and Linux desktops. However, time moves on and the next generation of desktop products and applications are now being built with web technologies. In many scenarios there is a need to support both desktop and web deployments with the same functionality, and obviously those who have this requirement would ideally like to support it using a single platform. 

With this shift towards web and cloud development, many Eclipse platform adopters are now evaluating how to best migrate their existing tools, IDEs and applications. One technology to consider is Eclipse Theia. Theia is a platform that can be used for building both web and desktop IDEs and tools, based on modern, state-of-the-art web technologies (TypeScript, CSS, HTML). This often leads to the question: Is Eclipse Theia the next generation of Eclipse?

EclipseSource, a member of the Eclipse Cloud DevTools Working Group,  recently published a blog post asking this question. The article discusses requirements for a tool platform and how both Eclipse desktop and Eclipse Theia address these requirements. Ultimately, they come to the conclusion that Eclipse Theia can indeed be considered the next generation platform for building portable applications. And I agree. Eclipse Theia is indeed the next generation tooling and applications platform from the Eclipse Foundation!

Just to be clear, this is not an announcement of the deprecation of the Eclipse IDE, the Eclipse Tool Platform or Eclipse RCP. These projects are stable, widely used, well maintained, and will continue to be so for a long time. The timeframe of course depends on the health and activity of the ecosystem and the community, which is now the focus of the Eclipse IDE Working Group created last year to ensure the long-term sustainability of the Eclipse IDE and Platform. I highly recommend any company building products or critical business applications on the Eclipse platform to join that group. At the same time, we are clearly seeing a shift of developer tools and IDEs towards web-based technology, and ultimately the cloud. As a result, many projects currently based on Eclipse desktop technologies are asking what comes next.

The Eclipse ecosystem has always combined sustainability, innovation, and vendor neutral collaboration. For the last 20 years, the Eclipse desktop ecosystem has been an exemplar of this, and it will continue to be a focus of the Foundation. At the same time, we continue to innovate, e.g. with Eclipse Theia and other related technologies such as Eclipse Che, Eclipse GLSP, and EMF.cloud. This is the beauty of an industry-driven open source ecosystem like Eclipse. It addresses the requirements of adopters to have a stable platform, while also providing paths to move forward and innovate.

Despite not sharing a single line of code, in many ways Theia is an evolution of the Eclipse Tools Platform. Theia builds on wisdom distilled from two decades of engineering at Eclipse, in order to inspire the next generation. Besides the obvious benefit of simply offering a web-based technology stack, Theia is slimmer, and able to lean more heavily on aspects of the web technology stack. It does not, for example, provide its own UI technology (as Eclipse needed to do with SWT). It also doesn’t provide a new module system (as Eclipse did with OSGi). Instead, it is based on available technologies such as HTML/TypeScript, Node, VS Code extensions, and the Monaco Code Editor. This is great for the sustainability of the project. By maintaining less code and reusing more standard technologies, development resources can be focused more on the core capabilities of the platform.

Theia also has a very healthy community of active contributors, adopters and funding organizations. It is seeing widespread and mainstream adoption, serving as the platform for notable commercial technologies, including the Arduino IDE, Arm’s mbed studio, and the Google Cloud Shell Editor. There is also a wealth of extensions freely available for Theia at the Open VSX Registry

Theia on openHub

I should also point out that along with Theia, there are several additional technologies that help create a solid ecosystem for the next generation tool platform at the Eclipse Foundation. To mention just a few, Eclipse Che offers online workspace management; Eclipse GLSP provides support for building diagram editors in the browser; Eclipse CDT.cloud for building customizable web-based C/C++ tools and EMF.cloud moves the Eclipse modeling ecosystem to the web.

We are very happy to see Theia flourishing and the robustness of its community.  Theia certainly is the central building block of the new generation of tools that want to benefit from web-based technologies and cloud deployments. And so, yes, in this context, Theia and its ecosystem can be considered the next generation of Eclipse Platform.

2022-04-19: Edited to update the contributors logo graphic

Written by Mike Milinkovich

April 19, 2022 at 7:57 am

Posted in Open Source

Tagged with ,

Take the 2022 Jakarta EE Developer Survey

In less than six minutes of your time, you can let the entire cloud native Java industry know what you need to support modern enterprise applications. The Jakarta EE Developer Survey is one of the largest developer surveys in the Java landscape, and the number of responses it generates clearly shows the Java ecosystem believes the results are important.

Since we first released the annual Jakarta EE Developer Survey in 2018, thousands of software developers, architects, and decision-makers from around the world have completed the survey.  They see their participation as an opportunity to:

  • Build awareness around their development focus area 
  • Share their perceptions of the cloud native Java industry with the broader ecosystem 
  • Identify their preferences and priorities for cloud native Java architectures, technologies, and tools

Tell the World What You Need in the Cloud Era

This year, we’re asking survey respondents to look ahead and share their future plans for building modern enterprise applications in the new cloud era. It’s a great way to let Java platform vendors, enterprises, and developers know where you see cloud native Java going and the types of technologies and tools you’ll need to help it get there. With this insight, everyone in the Java ecosystem — you included — will have updated information about how cloud native Java is unfolding and what it means for their strategies and businesses.

The survey is also an excellent opportunity to help the Jakarta EE Working Group understand how it can best evolve Jakarta EE to meet your cloud development requirements and goals. Working Group members are always listening carefully to Java ecosystem requirements so they can ensure Jakarta EE continues to evolve in alignment with the top industry focus areas and priorities. They want to hear from you, and completing the survey is one of the easiest and most effective ways to give them your input.

Survey Results Provide Essential Insights

Over the years, the Jakarta EE Developer Survey has provided many valuable insights into the state of the cloud native Java ecosystem, and the 2021 survey was no exception. Completed by more than 950 individuals, last year’s survey revealed some very interesting trends, including the:

  • Fast-growing adoption of Jakarta EE, making it the second-place cloud native framework for the second straight year
  • Increased interest in cloud native Java overall
  • Increased use of microservices architectures and the decline of monolithic approaches in favor of hybrid architectures
  • Need for flexible platforms that can be used to build traditional and cloud native business applications
  • Expected growth rates for Java apps in the cloud

To understand the full value of the survey results, read the 2021 Jakarta EE Developer Survey report.

Complete the Jakarta EE Developer Survey Today

We encourage all developers, architects, and decision-makers in the Java ecosystem to add their voice to the survey and help the industry gain the broadest possible view of the state of enterprise cloud native Java.

Participate in the survey here.

Written by Mike Milinkovich

March 9, 2022 at 9:14 am

Posted in Jakarta EE

Eclipse Software Defined Vehicle: Building the Future of Automotive

Today the Eclipse Foundation is announcing a new working group dedicated to developing a new and innovative software platform for the world’s automotive industry. The Eclipse Software Defined Vehicle (SDV) initiative has the support of leading companies across the automotive, IT, cloud, and services industries, all of which are necessary to create the platform and ecosystem that will drive innovation for the next generation of mobility solutions. 

The automotive industry today is undergoing a radical transformation. Electrification, autonomous vehicles, advanced driver assistance systems, and ever-increasing consumer expectations about their in-car digital experience, are all happening at once. These trends are dramatically transforming the system architectures embedded in vehicles. Automotive architectures are moving from networks of special purpose devices to something that more closely resembles servers on wheels, where more powerful general purpose computers are responsible for implementing and coordinating the various systems in the automobile, including the ones which keep us and our families safe on the road. And these systems architectures are rapidly changing how automotive software needs to be built.

The vision of SDV is to radically transform the automotive industry by collaboratively developing a common software platform that all participants in the automotive industry can use in an openly licensed, royalty-free manner. From an IT  technology perspective this is not particularly radical. After all, open source platforms and “software defined everything” (e.g. storage, networking, data center, radio, etc.) are two of the defining trends in the IT industry over the past decade (or more). In the case of open source platforms the trend has been driven by eliminating the cost of non-differentiating software, decreasing the time to market in delivering complex systems, and reducing risk by relying on proven software platforms and components. “Software defined everything” has largely been driven by Moore’s Law and the resulting cost savings of replacing special purpose devices with general purpose computers running special purpose software. 

But from an industry perspective, the technical implications of an openly licensed SDV software platform for the automotive industry are very radical. It will dramatically reshape the automotive industry similar to how software-defined networking reshaped the telecommunications industry. Free software platforms which provide a software stack for the core non-differentiating technologies will quickly lead to disruptive technical and business innovations across the value chain in any industry. 

The Eclipse SDV initiative is primarily radical because it is among the first truly open industry collaborations in automotive. Historically, automotive industry groups have delivered standards or specifications available only to members of their respective consortia. Often these innovations were encumbered with FRAND-style licensing arrangements which hindered wide adoption. Eclipse SDV is going to provide a radical departure from this “business as usual” approach in automotive by focusing on open source software stacks, liberally licensed software specifications, and a community-based, collaborative approach to innovation rather than the top-down, architecture-driven, consensus-based models of the past. The mantra of Eclipse SDV is “code first”, and that is definitely a radical idea in automotive. We are humbled by the trust that Accenture, Arm, AVL, Bosch, Capgemini, Continental Automotive, DMI, ETAS, Futurewei Technologies, Karakun, Microsoft, Red Hat, Reycom, SUSE, and ZF are placing in the Eclipse Foundation to act as the steward for this exciting initiative. 

I want to sincerely thank everyone who helped get this initiative off the ground and raise awareness about its value to organizations across the automotive industry.

I also want to encourage automotive industry stakeholders of all sizes and with any goals to consider joining the working group. The breadth and depth of in-vehicle software creates opportunities across every area of automotive development — from deployment, configuration, and communications to monitoring, safety, and security. If you or your organization are interested in learning more joining Eclipse SDV, please contact us

With the Eclipse Foundation’s commitment to transparency, vendor neutrality, and a shared voice, all participants have an equal opportunity to shape the future of the SDV Working Group and play a vital role in the future evolution of the automotive industry.  

To learn more about getting involved in the Software-Defined Vehicle Working Group, visit sdv.eclipse.org or email us at membership@eclipse.org

Written by Mike Milinkovich

March 8, 2022 at 8:56 am