Tech
                    
                
                
    
        
            
    
        
        
        
            
            Using semantic-release to publish an npm package with provenance, via a GitHub workflow... Almost too easy! A decidedly non-epic journey that began with accessibility improvements to our applause button.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            FINOS Common Cloud Controls (CCC) is an open standard by FINOS, to describe consistent controls for compliant public cloud deployments in the financial services sector. The project is supported by Scott Logic, aligning with its mission to promote and support open-source initiatives. This is an effort to introduce FINOS CCC and its goals.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            It seems barely a month goes by without a new supply chain attack making the headlines, and malicious code in dependency packages from package managers such as NPM is a common method. My usual sentiments include “oh another one, what a surprise”, before thoughts eventually turn to - someone *really* ought to be doing something about this. Fortunately, it turns out that quite a few things are indeed being done - there's progress, activity, and promising ideas for the future. The outlook is brighter than what we might have assumed.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            As I was reading this year's State of Open Source in Finance report, I reflected on my time working in financial services and the ongoing struggle they had adopting and contributing to open source. In this blog I look at the report's findings, how things have (and have not) changed in FS and how larger organisations can foster an open source culture. 
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            I'm excited to share that we are imminently reaching our next milestone as we release our set of test suites against FDC3 2.0. In this post,  I explain what the FDC3 Conformance Framework is and how it works, and share our experiences from our contribution journey.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
        
            
    
        
        
        
            
            After the recent acquisition of Twitter by Elon Musk, you may have heard someone mentioning Mastodon. Alongside other open source and decentralised social platforms, it is built on the top of ActivityPub specification. In this post I give an overview of ActivityPub, explain the idea of fediverse and share my personal experience as a participant.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
                
                
                    
                        Tech
                    
                
                
    
        
            
    
        
        
        
            
            EDGY is a new graphical design language for visualising enterprises. This new open source design language shows great promise as a tool to bridge across siloed teams. This post explores the preview edition at a high level.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            My experience contributing to open source as a first-timer - along with some thoughts for those that are looking to take part but are unsure of what to expect.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            As someone with virtually no previous experience in open source contribution, I had a go at finding contribution opportunities using "good first issues" websites. Here I present my experience along with some hopefully helpful thoughts for both contributors and maintainers.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            In lights of various incidents where third-party software caused numerous failures, we'll review the considerations we take when selecting third-party software.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            The recent Log4j vulnerability has once again sparked a lot of debate around our reliance on open source projects and their sustainability challenges. I argue that money cannot fix this issue, nor can hiding behind security scans, audits and other defenses. The solution is to genuinely understand the open source community, acknowledge the shared responsibility we have in our commons and through the well-understood tool of Corporate Social Responsibility, look to fill the ethical and philanthropic gaps.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            We recently worked on a research project, exploring open source issues and challenges within financial services organisations. We found that consumption is “acceptable” rather than “encouraged”, with security concerns representing the biggest obstacle. On the flip-side, open source maintainers don’t wish to invest further in security. Financial services organisations, whose contribution policies lag behind, need to bridge this gap in order to fully capitalise on the value open source presents.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            Earlier this month, I was a speaker at the Linux Foundation Open Source Strategy Forum (OSSF) in London. I moderated a panel on women’s career progression within Fintech. In this post I detail my thoughts on the key takeaways from the panel
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
     ·
    Video
    
        
        
        
            
            Modern software is increasingly complex, made up of hundreds or thousands of open source components, hidden away in deeply nested dependency trees. Just how much do we know about these components that are an integral part of our products? What are the risks associated with their usage, and our exposure?
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            Admittedly not three concepts you would usually hear together. However, there are some interesting parallels in models of ownership that might challenge the way we manage projects.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
     ·
    Video
    
        
        
        
            
            In this online event, we brought together an expert panel from Ofgem, Northern Powergrid and NatWest Group to explore the challenges and opportunities ahead for the energy industry, and the practical lessons that can be gained from a global corporate that has been on the same journey and is now leading the way into the retail banking world of tomorrow.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
     ·
    Video
    
        
        
        
            
            I talk in this session about the real use cases for Open APIs, and how organisations are starting to move from a compliance mindset to seeing the opportunities that opening up data can deliver – from compliance-driven APIs within the banking sector, to future opportunities that OpenFinance may offer to consumers, to the adoption of Open APIs in other industry sectors.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            A talk I gave at the virtual Open Source Strategy Forum conference in 2020, where I compared some of the challenges facing open source (complexity, fragility, sustainability) to those which triggered the financial crisis of 2008.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            Data for development and test systems is essential for testing, feature design and development. This post explores the options and presents the Data Helix tool, that provides an effective means of producing data.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            In partnership with FINOS, we held the first event of the Edinburgh Open Source Fintech Meetup on 4 December, with great talks by Colin Eberhardt, Calum Miller and Reg Wilkinson – you can watch videos of the talks here. 
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            Here's why I spend so much of my time—including evenings and weekends—on GitHub, as an active member of the open source community.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            A few weeks ago the new Bristol Pound mobile app was launched, allowing users of this local currency to find vendors, view transactions and make payments on both iOS and Android. This post describes our experience of writing this application using React Native.
            
        
        
    
        
            
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
    
        
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
        
            
                
                
                    
                        Open Source
                    
                
                
    
    
        
        
        
            
            A few months ago we contributed a project, ContainerJS, to the Symphony Software Foundation, an organization that fosters open source and collaboration within financial services.
            
        
        
     
  
          
 
  
          
 
  
            
 
  
            
 
  
            
 
  
            
 
  
            
 
  
            
 
  
            
 
  
            
 
  
            
 
  
            
.jpg) 
  
            
.jpg) 
  
            
 
  
            
