 All right, so I'm sorry for the break today, everyone. Thank you and welcome to the afternoon talk on security function and the resource. So for our first talk in afternoon, we will be having a talk with the founder of Talk. It's an organization that is going to help all of us with their talk at the stock will be unlocking sustainability with AI by 3M. Thank you. Hello, everyone. My name is Sumit Gupta. I'm excited to be here to talk to you about a long sustainability with the power of AI, blockchain, and Google. I have, hello, everyone. My name is Sumit Gupta, and I'm excited to be here today to talk to you about unlocking sustainability with the power of AI, blockchain, and open source. I thought of opportunity to work with thought leaders as key amenities in the field of sustainability. And folks of my history show you how these technologies can help us at the most pressing environmental challenges we're facing today. By leveraging the power of AI, web key, and open source, we can not only reduce our carbon footprint, preserve national resources, but also create opportunity for innovation and sustainability as a protection. That affects all individuals, governments, to organizations. The world is facing a climate emergency, and we need to take action now to mitigate its impact. Technology can play a crucial role in this effort, and that's why I'm so passionate about spreading awareness for the same. To have a presentation, I will be sharing with you some real examples of how AI, blockchain, and open source products and technology are already used to unlock sustainability. We will explore their benefits, challenges, and better applications. I hope to inspire you to join the conversation and take the action towards a more sustainable future. Before we dive into the specific ways that technology can help unlock sustainability, let's first define what sustainability is and introduce United Sustainable Development Roads. Sustainability is the ability to meet the needs of the present without compromising the ability of future generations to meet their own needs. In other words, it involves finding ways to use our resources in a way that is environmentally, socially, and economically responsible. This requires a holistic approach that takes into account the interconnectedness of environmental, social, and economic factors. The United Nations Sustainable Development Boards, or SDGs, are a set of 17 boards that were adopted by all human member states in the year 2015 as a universal call to action to end poverty, protect the land, and ensure that all people enjoy peace and prosperity by the year 2030. The SDGs cover a wide range of issues, including poverty, hunger, health, aviation, gender equality, clean water and sanitation, life below water, life on land, peace, justice and strong institution, and partnership with these. Another acronym or word which cannot be ignored in the modern era of sustainability is ESG. ESG stands for Environmental, Social, and Governance. There's a set of standards used by investors and organizations to evaluate a company's sustainability performance. The ESG factors are becoming increasingly important for investors and stakeholders as they seek to align their investments with their value and promote sustainable and sustainable practices. Environmental factors effort to accomplish them including its carbon footprint, use of natural resources, waste management, and pollution. Social factors refer to a company's impact on society, including its legal practices, human rights, and community engagement. And governance factors refer to a company's internal policies and practices, including its board's composition, executive compensation, and transference. Sustainability, ESG, and the EU and SDGs focus on creating a sustainable future for all. ESG criteria are used to evaluate a company's performance in relation to sustainability goals, including those outlined in the SDGs. The SDGs provide a framework for sustainable development and help guide decision making at the global level. By incorporating ESG factors into their operations, companies can contribute to achieving the SDGs and promoting sustainability. There are several ESG frameworks that have been developed across the globe to help investors and companies assess and report on their sustainability and ethical practices. Some of the most well-known frameworks include the Global Reporting Initiative, GRI, the Sustainability Accounting Standards Board, SASB, and the Task Force on Climate-related Financial Standards, the PCFD. Each framework has its own objectives and focuses on different aspects of CSG. By taking the strategic approach to sustainability and ESG, businesses can generate multiple benefits, including financial returns, improved access to capital, and enhanced long-term valuation. In addition to promoting environmental and social responsibility, businesses can achieve their financial objectives and contribute to a more sustainable and justice work. Sustainability and ESG are becoming increasingly important for businesses, investors, and other stakeholders. There are several reasons why businesses should take sustainability and ESG reporting seriously. It can help enhance a company's reputation and brand knowledge which can improve customer loyalty, attract socially responsible investors, and enhance employee engagement. It can help businesses identify and manage risks related to environmental, social, and governance issues, such as climate change, supply chain disruptions, and reputation damage. It can help businesses reduce costs by improving resource efficiency, minimizing waste, and lowering regulation of land sources. Sustainability and ESG initiatives can generate financial returns and enhance long-term shareholder value. Studies have shown that companies with strong ESG performance are more likely to overcome their failures and generate higher returns on investments. By embracing on sustainability principles, organizations are already weeping the rewards. A global consumer goods company has made sustainability a key part of its initiative. The company has set ambitious targets for reducing its environmental footprint, such as becoming carbon neutral by the year 2039, and ensuring that 100% of its plastic packaging is reusable, recyclable, or compostable by 2025. Unipeliver sustainability efforts have not only enhanced its reputation and brand image, but have also led to cost savings and new market opportunities. While there are multiple benefits of achieving ESG compliance, there are several challenges with the business phase, adding to their existing workload, which acts as a deterrent to take action. ESG compliance requires robust data management systems that can capture and track a wide range of environmental, social, and governance metrics. ESG compliance also requires transparent reporting and disclosure of ESG performance data. ESG compliance requires active engagement with a range of stakeholders, including investors, employees, customers, and regulators. ESG sustainability uses the latest advanced technology to achieve sustainable development and preserve our planet. By leveraging technology solutions, businesses can overcome the challenges of ESG compliance and leave the benefits of enhanced sustainability performance, improve stakeholder engagement, and enhance long-term valuation. AI and machine learning technologies can help businesses analyze large volumes of ESG data more quickly and accurately by using these technologies, businesses, and identify ESG risks and opportunities more efficiently, enabling them to take proactive measures to address ESG issues and capitalize on ESG opportunities. Let me share some real-world examples to bring some more slide here on this. Google has developed an AI-powered system for managing its data centers, which accounts for a significant portion of the company's energy use. The system uses image-based algorithms to optimize energy use, predicting demand, and adjusting to meet another system accordingly. By reducing energy use, Google has been able to cut costs and reduce its environmental impact. Web-based blockchain technology can be a special critical role in driving sustainable development by promoting transparency, collaboration, and accountability, enabling more efficient and sustainable economic systems and creating a culture of sustainability. Let us look at some projects which are leveraging Web-3 tech to unlock sustainability. Plastic Bank is a show of the enterprise that aims to reduce plastic waste at the same time. The organization has created a blockchain-based platform that allows individuals in developing countries to collect and recycle plastic waste in exchange of digital tokens which can be used to purchase goods and services. Free and open-source software is playing an increasingly vital role in saving land. With a growing concern over climate change, it has become more important than ever to find ways to reduce our environmental impact. The values of FOSS and sustainability overlap in their commitment to collaboration, innovation, and access. FOSS promotes collaboration by allowing anyone to contribute to the development of software regardless of their background or resources. Similarly, sustainability requires collaboration and innovation to find solutions to complex environmental and social challenges. FOSS also promotes access by providing low cost of free software that can be customized to meet the unique needs of different communities. This is essential for sustainability as it allows more people to participate in the development of sustainable solutions and reduce waste. Ultimately, FOSS and sustainability share a common philosophy of empowering communities to work together towards a better future for all. Since I'm short on time, I'll just quickly speak about our open-source product, Envixi. Envixi is our open-source ESG performance management product. It is a powerful tool designed to help organizations achieve frictionless sustainability transformation. It's already been utilized by a wide range of organizations including large manufacturing companies, PSUs, and financial corporations. Our product offers unparalleled insights into ESG metrics, allowing organizations to track progress and identify areas for improvement. With a user-friendly dashboard and easy-to-use reporting tool, it's never been easier to stay on sustainability goals. Looking ahead, we are excited to announce that the future is focused on enhancing automation, supporting more frameworks, and making the solution even more comprehensive. We believe that this will help organizations achieve their sustainability objectives more efficiently and effectively. We invite developers from around the world to contribute to our project, making fresh ideas, and expertise to help us build a more comprehensive and powerful solution. Together, we can create a sustainable future for all. It is all of you to explore the potential of AI, blockchain, and boss within your own organizations and to consider how you can incorporate sustainable practices into your operations. By taking action towards sustainability, we can all play a role in creating a more sustainable future for our plan. Any questions? So you mean like using AI and blockchain that can contribute to pollution and defeat the purpose of having this in place? So I understand that that is an actual concern and a lot of these companies who are actually promoting their PMTI are already looking into it. As I mentioned that Google is optimizing its data centers to reduce and use clean energy. So there was a slide about green software. So this is an intersection of software design and environmental science where we study how we can use clean energy to power these resources. And for a matter of fact, an honest answer would be that the goal is to achieve net zero. It should be that the sum of everything that happens ends up being net zero. So even if you are consuming energy using AI and blockchain, you can offset that in some of the methods by supporting projects which are carbon negative. So here, carbon offsetting has come at a critical moment because it doesn't necessarily seem super effective. For example, a lot of Microsoft's carbon offsetting is the one thing around our shepherds. Right. So sure it's not super effective. I completely agree to the paranoia that is there around the standards that are there in the carbon offset projects. But I would also say that we'll have to be a little accommodating of that because they are also evolving. And it's not that there's nothing that is happening. Maybe like it's not 100% effective, but definitely like there is improvement. It's better than nothing actually. But you're correct that we still need to reach a state where this in that ecosystem of carbon credit offset becomes more mature. We do get that. Thank you. We have been talking about the way the game system of blockchain dependence on demand should make people isolate people for children. Right. So I think we can get a lot about this. This man that's working in blockchain and the five of us are different. It was a game changer for about two billion and back to people in the world. Let me change the mic. We'll talk about this. It's about building open substations that anyone can consider that you as an individual can build. We're talking about projects with huge hedge funds. We go over there. We want to do that. We take down the big hedge funds. If I'm going to join them, I'm going to be getting at it. And then we talk about, you know, it's going to be a very nice one. But it's not going to be a big deal. But I just agree with you. It's really nice that you have it. That's all. And it's about the financial, financial, right? So the longer I go, the better. And it's about knowledge. When we look at DeFi, the current state right now, just show of hand who here has interacted with any DeFi protocol. Wow, that's a great idea. It's a good idea. It's only a couple of people. It's not many people. Here, we're nowhere near the same where we are getting two billion people on board this platform. And here's what's beginning of it. When you try to join the system, you should be doing the best you can. This is the truth. What we're going to do is do that, do that, do that. And that will happen. We need to read a white paper that's not on the page. So if you want to measure this, you're very strong money. You go to the money chain, you get $10, you get $10. You walk out to the page or things. It's not so simple to join a lot of people. Maybe you should read this 70-page and write it down. And you're expected to do that. And if you're not, you're going to have seven days and you might do things that will happen. So it is really hard to process it. And really, you have to bring it to the spectrum. Show you how it looks like in your world right now. Right? So you are really through a bank. So you have to try to open a bank account. And what you need to do is you have to read through a bank financial statements and sign on a six-period risk disclosure document. Or you can even open a bank account. Instead of this, you have to just continue to say, oh, do you know that your money chain in the bank is not signed on? It's called deposit. So that for the bank to you, it doesn't necessarily mean that you have the money in bank. This is the amount of money you're going to do. I know our services are very low. Documentary and so on and so forth. You get a fund. It's annoying. We don't do that often. Let me do this. You're trying to get it right. We have to see if we can get a little out of this. Annually, you've got like $600 bills on credit. But instead of having that, you're not just keeping it in the direction you have this. So I'm thinking, hey, do you know that your credit price is going up by two or six percent? And look at this metric. So we should be having a lot of what-off for 30 days and you know, there's a flow in there. This is how you manage it. Imagine by running an Excel support in front of the store, right? And then like, hey, this is a random function there. And then like, I'm going to say gm, gm, gm. And here's the thing. A lot of companies do not really call it that. This thing is so weak, right? So this is a journey, this is a region for us. Maybe guess this. This is our company's dashboard. Hey, guess what? Hey, guess what? Right. The answer is basically we sectionalize production products, specifically fixing the products that were previously available for only accredited investors. Right, that means you have access to fixing the products, and you don't have to put in a little sum of $30,000. Where is that? On the screen, right? Here it's covered. Covered. So this is where we seek inspiration from other protocols, because now they raise a lot of money, right? So I think there's a lot of people in the community who love them, right? And we actually expect everyone to be accredited at all. That's actually untrue. We're going to see who our user is, right? We just assume that everyone is our user, and everyone who is interested in this wants to know, hey, how does this contract work? How does it work? Hey, what's the risk over here? Who is holding on to the business? Who is doing all of those things? And supply all the services to them in the name of transparency. Actually, that's the thing about governments or something, right? We want to be transparent, we want to be auditable, we want to be accountable, right? I'm going to try to do all of that in detail, and to just open up users with extraordinary information right? And this is a short journey of how we learn from our business. So there's three tools that you said, this is really out of the blue for any business software designer. Anyway, it's never going through understanding the user logic, right? How do they make physicians, let's say, financials you start with like, first of all there's something that you access, right? And then you go on to like understanding what this part is and then very quickly you have a switch inside your head, that's where you are transparent, and then you go, once I say yes, then I'm talking about how to get on board. How to get on board or something like that. Any of you who work in a big company and some big tech, are you looking at a different type of voice, you know the pain of that, right? That's the way it is, right? Managing this software isn't thinking that it's not even actually trying to fight the pain or doesn't try to mitigate, right? And understanding this user logic, actually we breaking down what we make sure the user first, because the first time they get on Gino website, that's your company has already paid for the first time. The first time your user get on to the website, confused, they're going to drop. In that case, you have to research these days, right? What are users looking at? What catches your attention? I don't know, but I'll relay the information the way that your user can question you. So, this is kind of an operation, you see, you're not going to get a terminal test, right? If your name is chosen to try to present as much information as you do, but what is it? Right? So, being able to make this kind of stuff, actually helps you engineer the way that your users can assume, right? And we don't mean to do it in a way with high information, but make it accessible at this age of the user's consideration. And, at this time, it helps if you really get in touch with the user, get, you know, in front of them, right? So, we have a web where you can see us on a different platform, this is like, kind of a proposition that we have, right? We've got users the entire journey in, right? And sometimes you do something like, hey, I'm going to do this thing, and read the song, and, you know, I'll just, like, execute certain things, right? And something that you think is going to do is just something that you want to develop that you may have done, right? And, so what we were connected to is to actually imagine this experience for our users, so that they can update them on the application. And that's really all software experience. So we want a real part of reporting, right? So here you can see this how right? So we would be very specific about who our users and more importantly than that, you also need to be concerned about who are not the customers, right? So in our research, we see that there are three, four, I mean, many different segments of it. I guess, there's no, you know, customers who appears to be very curious, right? These are the ones that are more interesting, I guess. And I'm looking for some sort of presentations and stuff like that, so they can like, un-reportable, they go to like, to the Xbox and so it's not the right to move who you also want to attract. Obviously, not for people who are also very lovers of this space. In the same sense, they are looking for something else, that's actually the conversations and the central role in the five years, right? And the other five roles will be generally called alpha groups. So in our case, alpha groups who has worked three, five years, have some investment development, have had the experience with investment. They know the trouble of trying to manage and they know the trouble of getting a possible market company, I guess. They know the pain of something of the domain of the policy, right? And you can tell them that, hey, you can simplify this experience for you, you can get into some products that you couldn't put as much as you can. It's kind of like open source information for us. This is all about organization information. And I kind of just this enough, right? This is how you just make the decisions, right? They're not going to come and say that, hey, they might try to see how I can, I just want to try to see how I can apply these. Okay, so really for certain products, those companies you just need to have awareness. So you want to give that information inside the products solutions, right? Then you add a few hooks inside, you don't want to take, this is what is special, perhaps, right? You want to get inside the products from that. And all of this requires this level of information and different types of information all together, right? You don't want to overload them with everything that starts. So how can you get that, right? This is the option here. Generally we all see out there, right, shock and thunder right now, but when you get to this journey and try to realize what what kind of experience the software is giving to the user, the earlier you get to the message where you accept that there is something to be inputed and then you can act and integrate the solution to actually input that to the user. So how do you get to the first stage now, remember what we are trying to do? Just put them in category, and give them the right to that experience. Okay, I have to watch you today. Before you leave, make sure that you actually get this point, right? And who has you and how much you need? How much you need? The software has constant. And then, if you want to start collecting and the decision of both of that, then you pretty much the rest is quite easy. So usually the first part is the hardest. So just today, right, we are doing a lot of this experiment. We are trying to understand how do you experience in a very technical product. We are trying to understand how each behavior is across the world. And if you are interested in the slightly softest software, which is use experience and how do you use the experience itself, you can join us for some of our research. I'd be happy to include you. There's a lot of options for it. If you provide information, you might be interested. I'd be happy to share with you some of our learning steps we have. So there is some for you and thank you. So how do you deal with the investments of people who are not qualified investors? You have a great group together, right? The regular cashier based on the people out of the market and you have a great company. So the questions are on the front. So how do you do this? Basically it's a regulatory arbitrage on the end. So we have a simple enterprise that allows you to be the first investor to face the things that we have. We have things that are easy to deal with. So we have the names as the provider. So they provide the kind of financial models. So they give out loans to the company. So recently we talked about the neighborhood support for the business and so on. So that's how the products are structured. So from there we actually use an entity that is regulated as a brand. So we use it. And now I understood that there's really a decent price in the general P5 solution. That's what I'm trying to do, uniquely doing. So it's really one of the optimizations. So if you work very early on I don't introduce myself as a CEO of a default startup. I would say crypto startup I'd say indexed out. But the optimizations are key financial solutions for masters. So it's not necessary that you have default or change responses. Pretty much the best of the worst is still off chain. And one five ways just to come into the debate. Thank you very much. So for our we have Dukai who is the founder of the solution called creating a token that generates AIR to NFTs. Over to you. Thank you. So my name is Dukai. I'm talking about how we can use a token that generates an entity that AIR can use. Using saved a period within an open source AIR model. I have one in just like a long time. So what's the matter? About me, you can I have my one. I've been doing I've been doing nice industry for five years. Define this 3K for a year. And I'm not doing that stuff. But I'm also doing D5. This is my my in 2021. But it's still so amazing. This is my first AIR. I just had my AI and this came out. It was amazing. But that's what got me into that art. So it's a new phase. The last one. I think we can do the screen background I suppose. I had this debate with RCTO about whether this is a copyrighted document. We do not have any other outcome from that. This got me into AIR. I did some other stuff like this one. RCTO has been over there actually. It was his birthday and I made an FT with AIR as the image to give away to people as verdicts. So that was a true utility for AI because for someone I mean, drawing and thinking from scratch isn't possible. So this is another one. For another friend she looks exactly like this and I made an art for her. She's not me. So you see a lot of prompt engineering has been going on. This is not just some you feed in and then you have to... I made at least 100 copies. She looks exactly like this with black t-shirts, blue jeans, her eyes are this big. She goes to the camera in front of this whatever background it is. So that was when I got into AIRs early. Very, very chaotic. No one knows what's going on. But yeah, so I got some good outcomes from it. So in stable diffusion stability AI trained this thing with the fusion tube, right? But it's open source. So anyway, I can just take the model and fine tune it into any style they want. So this path of next model is just someone taking the model and just making everything look like I made. This is those that's why I prefer stable diffusion over returning or doubting. So this interpretation will accept the first one. Anything else will be stable diffusion in what it's... And then I was thinking hey, what if I don't fit in any box? And this was something that happened. No prompt, no time for nothing. Just using the path of next model. And I got this girl. I like to know her, but I haven't gotten yet. So this is where I got the idea of using all these amazing tools to generate NFTs. So I started this NFT series on how it grows on Tom. So Tom is a blockchain developed by Telegram and they have NFTs on it. And it's a new blockchain. It's amazing on Telegram. So I was using it to do stuff. So this is the concept art for this NFT series. I started it in January this year. So in January, I started using AI to make calendars. So this is the January calendar. This is the Chinese New Year. This is the year of the Chinese calendar. So everything is funny. Now, because the telegram from the next part is a yellow dot. So after the yellow dot is in the big thing. So it goes along because it's yellow, right? And we're doing yellow stuff. So yeah, you got the idea. So it's Chinese New Year things in NFTs. And these are the prompts. I'm using anything for a whole hybrid model. An anime style. But not more like handsome anime. And I'll just keep going through these. This is another one. Oh, this is amazing, you see. The sleeves and the first figure. This is also another quote thing about AR. It doesn't make sense. But it makes sense. It makes sense in a different way than how humans make sense out of things. Oh my god, this is that? Okay. So another one, you can see a lot of dots and bunnies. The Chinese characters are not real Chinese characters because AR cannot, at that time, AR cannot write. Not even English. But now the journey can do it. And single division, the new version can do it. Okay, that's fine. So the one. I like this one. I like this one. Same thing. Same thing, but better. This one is my mom's favorite. Okay, favorite. So you can see some improvements in the art already. See the hands. Not everyone can do hands like this. Okay. The hands are the most difficult in AR art. Just so you guys know. Okay. Sometimes in a classroom you get the idea. You get the idea. So you can start by drawing the hands on the dot, on the tickles. It doesn't make sense, but it makes sense. It doesn't make sense. Doesn't make any sense. It looks as it makes sense at the first glance, but you look into the detail. But it doesn't make sense at all. For example, what is this thing? I don't know. Okay. Look at the fingers. Oh my god. Amazing. Just look at them. You can get back into the after-mix model. This is Sakura. Just showing you guys, Sakura. Very long legs. Nice duck of the end here. Nice after. OK. This duck is an enormous Easter, right? So that's NS. We've got to burn these in. Nice duck. OK, I'll just go through these, because they're the same thing. But you can see the evolution of the function. It gets simpler. OK, that's not a more complex. That's a special expression. I like this one. OK, now, this is a hack, what I call a hack. If you put in this string into the prompt, you don't use any English word, but you just use this string into this model or some other model. It will usually generate a girl with open-out looking surprise. So why does this prompt generate a girl that looks surprised? I don't know, no one knows. It's a hack. OK, some other examples. This one's not surprise. This is the same prompt, but I can see it. She looks as if she didn't paint. OK, two girls looking at each other about the open. I don't know what this is, but this reminds me of a bread of mine. The same prompt. All the same prompts, just a different seed. It's very, I don't know what she's doing, but she's looking back into her life and thinking about the mistakes she's made. OK, this one has very, very years. I don't know how to define it, but again, open up. OK, now, back to Python next, another model. What's the same prompt? You'll see even weirder facial expressions. Weirder facial expressions with this light ring. This is the issue of which I know. This is the widest. They usually have long, standard X, if you use this prompt. Even weirder expression transforms or something like that. This thing here looks like a ghost. And her face is almost gone. OK, a different experiment. I just put my eyes into the eye, into the inner prompt, and then it generates an even weirder expression, but I don't have time for that, but it's weird. I like the color of this one. You can see the sunlight on her face and how her eyes are so even in the light. Yeah, the very cool stuff. OK, now I can push some other stuff. So these are also some experimental images. So this is the prompt. It's called pink village. And it generates four people. And I like this one because this is a girl. OK, silent village. Very amazing art. I like them. Yellow village. It's always nighttime. I don't know. OK, oh, now. So I made this thing into a telegram button. It's like a mid-journey. You can click to reimagine the invariant upscale. And it does exactly what the mid-journey does. But it's in telegram. And I have time to go through it. Oh, you get the idea. So this is all generated from the telegram one app. I'm in the telegram box. So the type of horror, oh, by the way, I'm now using GPT to generate the prompt. And it's in the backhand. So you just type in the horror keyword. And then it will generate the prompt. I don't even know the prompt. I've got a caption from now on. That's that. And GPT will write a caption for the image for you. So often these are so nightfall, shadow, scroll, longer. Horrors with it. Amazing. OK, this is all entropy. Just look at it. The art is out of time. OK, this one's called swamp. It's green. This one's called wah. That's the type of wah. And it carries this. I don't know why, because it's GPT. OK, tarot, her face, her seal. Look at her face. And what are these red things under her dress? I'm selecting that. It's called monster. There's a monster behind her. They are in her monster. They're called storm. And you can see the entire image is more scroll-y because there's a scroll in the prompt. It's called postmodernism. It's very postmodernistic. Now, I'm actually choosing the original scale that we're going to use in each one. So it's not even more hearty. It's not a path over enemy style. It's just red and art style. That's how they should. Yesterday, there's a stone. You can see a hill. Another hill. What's going on? This one's called storm. I like to try to do the same promise again and again. It's a tiger, I think. It looks like a pink haker. A pink haker generates girl in hats. It blows up the flowers. A turquoise village. This one's called the fewer demon dog. It's called scion. Very colorful stuff. This one's called chubos. This is from my friend, a robot. It's art. It's a creature. This looks like some HRG-ger art. This one's called magic. Because it's the continent that determines what the enemy is doing with the robot. Fragile. Amazing art. This one's my favorite. This is a Gustav Klimt style, but with an enemy face. It reminds me of famous jazz painting. I forgot the original painter. But this is another style. A lot of people like this one. I don't know why. This one's very interesting. This one's pretty good. I don't know if I'm just saying the details of that. But I remember the process of everything going on. Amazing. This is a cat-free leg. And it looks like a muscle. Mechanical angel. Amazing art. Space juggler. Amazing. Alien art. It's that. It's symmetrical from the center. It's slightly tilted. I like it. Kind of nice. This is some Harry Matisse-like art style. Oh, yeah. So Elon Musk did yesterday that turning AI design fashion into real clothing would be great. And that's what we're doing right now. So we're not just doing it on telegram now. We're actually building a web service. We're doing all this art on t-shirts. Okay. So it is design design fashion real clothing service. So no time for that. But this is another prototype of our website. We're going to launch it within around a week. So we're looking for more simplistic art to bring on teachers and co-teachers. This goes back in amazing. I want our art to be on this thing. But it's good already. But we also have our presentation. So simplistic. And these can be removed. They don't need to be removed. Because I might know, like, square images. All right. Mom does. Just grab the pump. Go to the moon. So simplistic art from now on. This one, a lot of people like this one. It's very similar to this one. Think about it. Okay. Okay. Neon jelly fish. A non-non-jelly fish. And there are a lot of people like this one. Swimmer. Demon dog again. All generations. I don't do anything from this one. Rainbow dog. This is the last one I made two days ago. Okay. Okay. This one. Any questions? Any questions? What are you building the exact one? The exact one? The exact one. The tag behind it, it's able to do you. It's an open source air model. No, no. It's easy. It's a Shopify store. It's a Shopify store. It's connected to the future. React to the future. Yes, it's connected to the future. It's connected to the future. That's Shopify. It's a restaurant. It's part of Shopify. Yeah, that's easy to apply. That's easy to apply. Yeah, that's easy to apply. It's a Shopify store. Okay. Any other questions? The code is the second one. Is that available on your GitHub plan? I have a question, but I can't answer it. Okay. So on the event announcement, there's your GitHub. That's the key of GitHub for most of anyone. Yeah, I'll put it in. Yeah, I'll put it in. I'll put it in. Okay. What's that on your desk? Oh, yeah. That's the key. Okay. Any other questions? If not, we'll have this. So to... Thank you. APPLAUSE Welcome to our next session. So we have here the trees. Sorry. Yeah. Next one. Who is an engineering manager at Lagerita? As well as a board member of Innersource Commons Foundation, he is going to be giving a talk on the topic of today's veil with the source collaboration. Over to you. Thank you. Thank you, Shari. So let's start. Hope you are in a great mood. And we can... Next to me, the 25 minutes of pleasure and so on. Let me... Let me introduce myself. I'm a manager in Great Alchemy and also a board member of Innersource Commons Foundation. I'm the engineer of practitioners of Innersource. Our goal is to make the source as an industry standard way of development in the corporate world. And before I start my story, I'd like to share you a question for the stage in Innersource collaboration. And imagine, you have two teams. First team needs some feature from another. And what they can do next is to provide the code itself rather than to ask the feature and wait for the delivery. And after some time, the first team returns the code itself and provides them with the code. The question is the same team from the three green button Innersource request and success. That's how this is explained in the books. That's how it's usually occurs in open source or in open source components. We should be familiar with that. But the most typical case in the Innersource world, in the companies, is when the buff teams are struggling and have a good amount of questions why it's not happening, why they should care about the other sport, why how to run, and a good amount of questions. And in the end, we can emphasize that your Innersource is not working. And you're going to talk how to fail your Innersource collaboration. Know that ways you can avoid them when you move that friction. So let's start. And the third is about the culture. Usually, if the company develops software as it was usual years ago, we call it stories, and so on. And not that matters, not that the teams do a collaboration. And then you can play some problems or issues when you start to talk about let's collaborate, let's live together and build a common software. Of course, that can be a problem. And the same for the cultural difference side. So if you are not familiar about the differences in different cultures, for example, I work in the multi-national company and sometimes I have no idea why my colleagues doing something. And knowing that helps me to understand it better and to remove that friction. What we can do here? First, we can ensure that the company moves the collaboration. And maybe we should start to think about and improve the culture before we are starting to develop inner-source. Because that can be a good offer to you. And secondly, we should know more about cultural differences. You can read the books, for example, the culture map is a good starting point for that. Or you can learn from your colleagues why they should do that, why they are doing something in an after-all and that can be not a problem anymore for you because you know why they are doing it in some way. Let's go into the second one. The second way to fail is collaboration. And that's about the matrix. That's about the question why they should do the collaboration. So the inner-source have the same roots from open-source and open-source is voluntary through deep driving and motivation about why they should collaborate games from the personal feelings as I should do that and must do that. And here is the saying and both driving development because both said that you should collaborate will not work. And the answer here lies on the two sides. First, the side of the team or side of the company and companies should understand what benefits they achieve with the adoption of inner-source principles and they are listed on the left. And on the right side we are not created we are not imagining this list of advantages that engineers receive after the inner-source job. They came from the latest research about the state of inner-source asking practitioners what engineers feel about inner-source after some time of practicing they feel that they achieve these benefits and only when they understand and truly believe that they will achieve those benefits the inner-source collaboration can appear. On the other side if you are both saying that you must collaborate that will not work. Let's go next. The next point about documentation. So you are open-source masters and you know that almost impossible to have a successful open-source project and still be successful but for the corporate world it's a little bit different thing especially when HR says that working product is much more important than implementation you can't think of new projects without any need without any information about how to start to develop how to contribute there so here is to look on open-source it's for example you can open it and scan the items that you should have inside your project if you want to have a successful open-source open-source project plus some additional corporate stuff and I call it like everything that's called so apart from the general documentation you also should have and will create if you will be with a mirror from the board documentation so explaining what in the business starts doing some parts of your system great if you have in the order of the business most explaining how your software is working and then you can render nice pictures from the code itself the same part of the architecture so since you are integrating another internal systems inside your environment so great if you will have that picture you can have and what external systems your systems integrate with and the same for the integration part since you are alone in corporate world you definitely will be integrated with someone else will be great to have contracts and this contract will allow you to generate some work will allow you to build a device and after explaining the business starts consumers how your software is working and the same for the infrastructure you have come up but your deployments are separately and great to have examples how to deploy this code and that can dramatically integrate with the speed of onboarding from new open source customers since you are explaining how to create everything needed for this particular software and in the end you have a set of open source documentation set of corporate level documentation and then you can have success on the documentation for business starts going next are you ready and next about talking and speaking between the teams and sometimes people are familiar with open source principles trying to explain I will spend a good amount of time processing the code and the contributions and then these contributions are easily used why is it happening because it costs many reasons because it is a support for the function because it is a texture and correct or because anything and the answer here lies on the both sides on the first side will be great to be able to explain what is your next plan for the next second once and so on mentor the guests mentor the contribution that want to have something from your system the same for the second team great to know those know the function that the system supports and so on and discuss your needs before and that is the way to go and that is the key answer on the question how to not waste a good amount of time while doing anything going next going to the technical part and technically your system can be monstrous monolith without any opportunity to visually adapt to slightly different needs let's say just my example of a modular architecture that supports the inner source operation what I mean, again, your system will be integrated into another and then you should integrate different different system that means that you should have a special layer called adapter and easily replace adapter to another for the different environment and the same for frontend your needs can be a mobile application and some day needs a web application you can have different design systems and then your system should support a different way of working just frontend and the same for backend you can have different business requirements and it will be great if your system will be easily replaceable by parts and some parts can co-come some parts can be custom and that's the architecture of the project can help you to build inner source operation then your system can help as much as possible customers inside your company very next and next item and next way to fail is about the most practices and optimization and so on so imagine, you are a team this team and you are receiving a bunch of contribution from external teams and you should review them you should ensure that your system is not broken after this contribution and so on and it's great to make a release especially if you have a special team for responsible or for a lot especially when you have a good amount of things mainly to do in terms of release and that's the painful collaboration will be with you the answer is here is to bring more practices more optimization and just a little example about that and the point on this one here this slide is look on here is an example of but you can explore that it's not connected on your team you can go to your project explore is your practices and approach to apply in your project are good in terms of delivery in terms of understanding in terms of how they support this way of collaboration an example, give flow on the left give flow or any other flow but smoother than give flow on the right and you guess what is more powerful in terms of update so for attacking with external contributions I think on the right and after making decisions and scanning the processes that you use inside your project you can answer yourself that is your practices and tools and processes are good in terms of the external contributions and you have you can apply a bunch of processes and practices that help you to be in that kind of way of working for example, in each class you can bring it to your project and ignore as soon as possible the function especially where the function is still not tested but you are able to do that because you are emerging it and bringing the action into more and then when you are ready you are turning it on and you are dealing with as fast as possible so, since you have external contributors they will be happy to test it when you need to ensure that this whole system will be proccated after contribution you can open up the separate deployment for every teacher and then you will be safer to use yourself to your project that is the quality of the project you will be at the same level than it was before contribution and the point here is that it will be great if you will ensure that your infrastructure is smart enough here is the set of open source tools but it is just one of the examples it is my personal choice you can choose your own personal set of tools the point here is to ensure that your infrastructure is smart enough your delivery pipeline is feasible enough in order to have open source collaboration and if yes then you will be successful in that kind of collaboration if no, maybe you should think about bringing new technologies bringing practices inside the project number 9 and number 9 all the tests eventually you are handling incoming contributions and each time you should do a bunch of other stuff in terms of checking that is your system still or is your system in the good quality and great is if the tools check will be automatically because no customer wants to wait for a long time while you will save them please change the tasks to spaces and this will be a transfer of the one week of waiting and that is not so good in terms of speed of working and the same for linters checkers quality data in terms of being merged into production and that whole stuff help you to boost the speed to make the collaborators happier so that's what this of inner source servers the ways to fulfill the search operation the idea here is to look on them and think are you doing something or can we remove production by doing the search for collaboration and only the last point left is the way to fill and this is the 10 way fill so the idea is so before the inner source collaboration what can we do here in order to make successful collaboration first after the conference you will go to the work and maybe you already working in the project that's creating the inner source maybe you can define the project especially who can take the advantage of the source and you can bring the inner source second you can process the tools that are used in this project and then somehow to avoid them and remove that kitchen and try to bring more engineering practices that help to get this inner source advantages and benefits so in the end inner source contribution will be like that clicking on the big green button and then that's it thank you for watching five more questions everything is clear my question what is inner source what kind of figure out then I have a question to you all are you practicing inner source in your work for you one, two the interesting point here that's much more practicing inner source support but not only like inner source and the fact is if you're working with that work you can bring the company into the practices you can find web fans that can bring the company and you can go to inner source and you can check the materials that help you to bring the engineering practices inside the company again, thank you all for getting me everything thank you we can wait a bit relationship it starts at three five we have a relationship we have a relationship now speed art this is cool so everyone our screen is going to stop so we're just waiting for America our remote viewers what are you doing we're making stream art streaming streaming so what's up are we good we're good so I can introduce you give me a thumbs up we're streaming excellent so today we have Rich Bowen Principal Evangelist open source at AWS Rich has been involved in open sources before we started calling it that he's a member of the Apache software foundation where he currently serves as a board member and VVF conference Rich is an open source evangelist at AWS now also I just wanted to add that the member Amazon has for the last few years been having quite a rocky relationship with the open source communities so Rich is there in the trenches helping to change the way they do things so he has some very interesting stories to tell about talking with management about inner source over to you Rich thank you all so like I said I've been doing open source for a while and one thing that I've learned over the years is that when you talk to your management about open source they know that you're passionate about it but they don't know what you're talking about because your priorities are very different from theirs so I have been working with the Apache software foundation since some year that started in 19 and I started out that way extremely passionate about open source and then you go and you talk to your manager about it and they say how many of you all work with open source at work so you want to keep doing that that's why you want to learn these things you want to persuade your manager that this is a worthwhile thing for you to spend your time on so let's start with a question why do you do open source somebody tell me why you're interested in open source speak up scratch implementing a feature that you want what else have we got okay you make a lot of friends that's something that's not important to your manager and in fact some of the things that we hear scratching your own edge it's fun socialization altruism giving back making the world a better place building your resume some of the top reasons that people give for participating in open source and your manager doesn't care about most of these things and you know what what we love about past Asia is that we get to sit around a campfire with the people that share our interests and we get to talk about these things that excite us to talk about the technology that we're interested in we all have funny stories about our management we just doesn't get it and we like to laugh about it behind their backs but next week you have to go back to work and you have to tell them that your time here was worthwhile and all of those reasons that people give for participating in open source that is not why your company cares about open source your company cares about making a profit they care about serving their customers and making their customers happy they care about making a profit they care about retaining employees and they care about making a profit and so see just most of the things that you want to persuade your manager about now of course I'm not talking about your manager your manager let you come here and so obviously they're awesome my manager is the president of the Apache Software Foundation so when I talk to him about open source he gets it he understands it but his manager is a brilliant person who knows a lot about product marketing not a lot about open source so when we talk with her we need to make sure that we are communicating communicating now as I was writing this talk it started coming across as how do you lie about what you do in order to persuade your manager that really you're working for them that's not what I'm talking about at all because open source is primarily about pragmatism it's not solving problems in ways that work it's collaborating with people in ways that work but the way that we talk about it tends not to communicate that we talk about how fun it is and how we like hanging out with our friends which is true but again not what they care about now the other thing that I want to mention is that different open source projects are different they're weird they each have their own unique culture and some of them have unpleasant people as maintainers so maybe the things that you try to do in open source won't be successful so don't think that the things that I'm saying here are in promise it's just sort of that you need to speak the language of management this is about translation translating the things that you're passionate about into things that your management will actually care about and like I said before it's important that these are things that are true we're not trying to pull the wool over management's eyes so that we can go and play with our friends so remember that open source is above all practical it's objectively a better way to build software and this is supported by study after study open source software has various advantages we just need to talk about it in ways that convince our management of that and in order to do that you need to think about what's good for the company what's good for your customers and so I work at AWS one of our catchphrases is that we are aggressively customer focused everything that we do is about doing what is good for the customer and so you need to know who your customer is when you're giving a conference presentation you need to know who your audience is when you're building a product you need to know who your customer is so you can't just go and hide in your office the right code you have to understand who your customer is you have to understand what you're delivering to them and that's part of what's in it for the company another thing that's in it for the company is the cost what does it cost to develop software does open source help that maybe it does it depends upon what particular part of the industry you're in another thing that open source gives to your company is reputation and so that's one of the other things we'll talk about now rule number one when you're talking to your manager about open source is don't get bogged down in philosophy they don't care about the distinction between free software and open source software and you and I could talk about that for two hours and just scratch the surface of it your manager does not care and if you start talking about that their eyes will glaze over and they will cut your budget so don't be mad another thing that they don't care about is license they don't care whether your software is a patchy or MIT or AGPL 2, 3 or 4 it doesn't matter what they care about is whether it serves the needs of the customer the other thing to remember is that you have a minute you don't have two hours you don't have the opportunity to say what you really need to do is go read Eric Brayman's Cathedral in the Bazaar and then get back to you you have a minute you have the time between two floors right in the elevator and if you cannot communicate during that time then you have missed your opportunity I remember one of the earliest open source conferences I went to Richard Stallman and Miguel de Acasa were discussing the relative benefits of open source versus free software it was just eye glazing it was there was no point that came out of it except when Miguel said if we have this conversation in front of our management they're going to fire us what we need to focus on is the solutions the problems that we're solving so what are you going to talk to them about some of you all said some of the people in the survey said that they're interested in giving back to the community your company is not a charity they are not interested in giving back to the community management sees open source typically as a renewable resource it's this free thing out there we go at harvest and then we build our product with the harvest and your attitude that open source contribution is a moral obligation or for the greater good or something like that comes across as complete nonsense if you don't tie it to a business benefit so giving back the way that you should instead talk about this is the supply chain your manager read a book last week about the supply chain and software bills of material and they're anxious to talk about that because that's actually relevant to their business now if you are building a product on top of an open source project that is in your business's best interest that that project is healthy and sustainable so if that project is hosted at the Apache Software Foundation maybe you should consider sponsoring the Apache Software Foundation if that project is at the CNCF maybe you should consider having one of your engineers working full time on that upstream project and there are ways that you can sustain the project so that your business is around next to you it's not just about downloading the version that was released yesterday it's about ensuring that there will be a version released next to you and so talking about getting back to the community it sounds very philosophical talking about sustaining the supply chain so that that little red paper doesn't break next week there's just more interest to your management obligatory XJCD that you've seen three times already this week if you are working on this project here and it fails and your business is a thing up on top you might be out of luck support these arguments with data if your product is based on open source then you can say 73% of our profit is directly related to the success of this project that you haven't heard of until last week but if we don't contribute our fixes back upstream then that portion of our profit is at risk so this is a quote here from it's actually not a quote it's a made up press release but if you can say something like this Apache Commons is a critical component of our product earned a system of profit last year and if that project fails our company fails data is your friend sustainable open source is a project that's around next year you have to think long term so things that you need to think about in sustainable open sources are we building this project are we building our product on top of a project that is developed by our competitor is that a problem maybe we should go be participating more in that project so that it's not a single vendor project are we building our product on top of a project that is maintained by one engineer who lives in the Czech Republic and is unemployed right now maybe we should hire that guy and then also maybe we should devote an engineer to that project so that it's not just that one person but it's two or three people that are supporting this so that maybe that engineer can take a vacation and not burn out and quit next month if we participate in this project then we are by proxy making our customers heard in the roadmap for that project that sounds important these are all aspects of sustainable open source projects to make sure that your stakeholders are heard when they are discussing what's going to go into the next version rather than just waiting around and hoping that maybe that next version will fix this bug that we care about because it won't if you don't participate alright another reason that people give for participating in open source is earning merit and reputation and I'm probably the only person in this room old enough to have seen that movie so maybe that's not a good screen there but it's from a movie called The Breakfast Club in the 80s where these two individuals were vying for reputation in school but your manager doesn't really care about your reputation in open source so instead talk about earning trust and influence in the project so for example if you are building a cloud based solution based on top of Kubernetes and there's a bug that's affecting your customers and you go and complain on the mailing list you're going to get ignored if they have no reason to listen to you so if you participate in that open source project and you're an engineer in your company that is contributing actively to that project then your company will by osmosis gain a reputation within that project and they'll be more likely to listen to you when you complain about a particular product so this is a way to convince your manager that participating in that project is actually worth their time and their money to invest in that you should be careful when you participate when you try to participate in open source that you actually understand open source culture it can be dangerous to talk about how your project how your product is built on top of an open source project and then the people in that project say this is not somebody that participates this is not somebody that contributes they're just benefiting from our work and you know this is a problem with many big companies not naming any in particular that build their product on top of open source software and then go out and talk about how they're an expert in this field and then the community comes back and says no they're really not so you need to be careful that you one of the phrases that I use at work is be don't seem which means don't pretend that you're great in a particular open source field actually be that way go do the work put in the time become an expert contribute and earn that reputation be don't seem talk about adoption slide on my own just a little bit talk about how the adoption of an open source project benefits your company that's based on top of that open source project if you have expertise so what we found at AWS is that people don't choose AWS what they do is they choose a technology and then they go and they look to see who's the best at running that technology Google Cloud as an Azure as an AWS I want to run Kafka what's the best place to run Kafka is it Confluent, is it AWS let's look and see what the reviews say but first I've chosen Kafka and so you need to talk about how participating in open source builds that reputation which then drives adoption alright here's a fun one we love to talk about collaboration I work at Amazon if I work on this project I'm going to be collaborating with Google and management says why on earth would we want to benefit our competitor so what your manager hears is that you're going to lose control of your product by ceding that control over to a competitor instead talk about focusing on what your company excel at so again I work for AWS what we excel at is infrastructure and scale you know we have some people that are working on Kafka and they're good at it but that's not what we sell what we sell is the managed host and so making commoditizing the software allows customers to build and test on the software that they can download and use for free what we're selling is not the software what we're selling is the service so this notion of loss of control is a bit of a sidetrack because it's not about controlling the software it's about influencing where it goes based on your customers but everybody's customers have similar issues that they're trying to solve and that's not what we're continuing on alright some of you all said that you do open source because it's fun open source is an endless party where I've been hanging out with my best friends and I've been doing that for 20 years and it's awesome and I'm very careful not to say that to my manager instead talk about recruitment talk about how participating in open source makes your office a great place to work and that makes it easier to acquire the best employees your company doesn't mind you having fun but it's not really what they're there for now the flip side of this is make sure that if you hire someone with the promise that they will get to work on open source that they get to work on open source because if you hire someone and then retake hire someone and say you're going to get to work on a patch of airflow all day every day and then when they get there you say well you know actually what I need you to do is spend the next 6 weeks solving this javascript problem over here they're going to tell all their friends and it's going to be harder to recruit people so make sure that you make good on your promises note that open source people whatever that means can be very opinionated they tend to lean towards being anarchic and libertarian it can be difficult to manage they want to go and do their own thing so make sure you understand what you're getting into when you hire open source people but they're also very creative look around you with the brilliant people in this room it's really a great opportunity if you let people work on open source it feeds that creativity it gets the best of the world's engineers to work on your product you know one cool thing about open source is that no matter what company you work for the smartest people in the world work somewhere else and if you can get them to collaborate on your product then you're winning and they're winning another thing that people often say open source is good for is building your resume your manager is particularly not interested instead talk about continuing education I can go work with some of the best engineers in the world on a piece of software I can learn from them and someone else is paying them this is really a win-win situation one of the other things that your manager might think is that open source is free and I like to say it's free as in free puppies when somebody gives your kid a free puppy that is not free be very cautious about talking about open source as free or cheap or reducing costs you know it might but those costs go somewhere else the software is free you start to hire people to maintain it and to build it so instead talk about open source builds better software software is easy people are hard and you want to ensure that you are investing your people in the right kind of development and I am almost out of time but you want to you want to avoid letting your management think that they can just go grab a piece of free software bring it internal make the changes that they want and then sit on it forever because that means that they have to maintain it forever so make sure that your management understands the right way to interact with open source and that's basically my day job is helping management understand the right way to interact with open source let's see yeah I'm out of time does anybody have any questions I can talk about this literally for hours but does anyone have any questions in my last one minute yes how do I have the conversation about getting them to open source something that I created for internal use so the question is how do you get your management to agree to open source something you built internally and it's really hard you have to be able to demonstrate so first of all you need to know why you're open sourcing it and you need to have an answer to that question and that's going to be different for every project and there are many reasons to open source something the other thing you need to be able to convince your management of is that you're not giving away the secret sauce and in order to do that you need to understand what your business is so this is what I was talking about earlier AWS doesn't sell open source software, we sell the services on top of that and so you need to be able to clearly communicate that the software is not the value and that the collaboration is only going to enhance that but yeah it's a hard conversation and everyone's different but you need to make sure you know your own reasons first someone over here yes that is now for open source software but I mean I just try to get a few of them because now you know why you want to open all of them and that's cool easy to sell that is a very large question but yeah and you know again it's always going to be very very dependent on the specific type of project that you're working on but maybe take that after this because we're out of time but the small one any suggestions for the managers so what I would suggest for the managers is that they attend this conference I mean that very seriously that they attend this conference or if they're in Europe that they attend FOSDA or if they're in North America that they attend the open source the Lennox Foundation's open source summit and the reason for that is that open source is 75% culture and 25% software and understanding the culture and the collaboration behind this understanding that when you get into a room with people like this you hear weird presentations like the one you gave that open your eyes to something that you haven't really thought about before that's really that's not something that I would have studied on my own but attending your talk my eyes were open to something that I've experienced and so attending events like this I think is the answer thank you so much if you want coffee that's fine are you welcome to help me start your stickers we have stickers so if you want to protect your laptop against crack, wear and proprietary software take some stickers just one sticker is enough for like 30 days so the hour keeps watch for where you're at that's right level of software level of software development analysis this saves your it's not fair for months simple act of sticking it on true for a lot for many years everything has accurate as chatGPD can generate going yes because you know it's all different those generated by state of the conclusion you can do that it's normal okay no this one, yeah so maybe you have to I can find the instructions because maybe someone just can where I just start and it's just okay this is lit so it should be working sharing is still working right now I guess okay it's kind of like the production that's larger than the noise how to kiss so you can make your organization software development process much better to give you better outcomes for customers also you have to look at data visualization tools in more labs we can help you track progress identify years for improvement and help to build very install community within your organization so without further ado let's welcome Mishari thank you for your introduction so Mishari Mopil today I am going to talk about breaking around your silos using metrics so a bit about me I have been in tech for over 25 years now I am currently partnering up with and their senior for East Asia I am also the active vice president of the Global Tech Association of Thailand we are trying to promote the open source culture in society and because I love open source so much I decided to also this is actually applying open source culture to really currently a tech talk and this lovely opening which was nothing like real being um return here again 50 years of expertise very smart folks there they go under the code chaos project in 2017 which is about using metrics for software development and communities we will talk a little bit about that later it contains the open source pre-war lab metrics tools and it is the official metric part of open-infra and non-focus foundations there is a suite of services from from the analytics part as well as doing customizations consultants etc etc around all this and so a lot of companies have trusted detergent with our with our output so silos silos are an amazing place to store your brain and your code right most organizations are silos what does this mean is that when you work in your company you work within your own silos within a large operation like let's say over 100 over half so you would understand that reaching out to someone across your organization is extremely difficult basically for the most part you have very little interaction with them if you are working inside of your only interface with the rest of your organization is your boss right and it is up to your boss to coordinate and communicate no matter what you need if it's anything that's outside your team talk to your boss so this is a feature none of us has been developed in the pre-internet base and it's often a very easy way of managing people and teams use your boss as an interface we write modular code with a loose coupling this is a loosely coupled organization sort of let's say you work in your silo and you have developed a tool let's say that the tool is a hammer and a spanner you build or acquire or buy a hammer and a spanner for use within your department another silo a continental way maybe also uses a hammer and a silo but you guys don't talk you guys don't know that you have built your hammers and spanners so they start building the hammer and a spanner from scratch a third only happens to be the hammer so they build their own hammer so in the end you have your silos each with variations of hammers which you may take by themselves so and they are there because they are there to solve a problem right but you have to go back really go back and ask yourself do your customers pay you for your hammers because you have been spending a lot of time and effort and resources making hammers so unless you are a hammer company unless you are a hardware company making hammers making you pay your hammers they are a tool that you need in order to get your work done but they are not paying you for your hammers they are however paying you for the end product of what your hammer is so if we if we were really physical hammers this is justified every silo needs its own hammers but we are talking about digital artifacts both the hammers are only metaphors so in order to remove waste in order to remove waste here let's break down these silos we put all of your tools in a central place because it's in the sky conveniently there are clouds so we put them in the clouds alright the difference when you are sharing physical hammers physical items such as hammers is that you start a zero sum game you give someone a hammer you don't have a hammer however when you are evaluating code both of you end up retaining the code so the tool becomes it benefits everyone who participates in the sharing and because it's been improved together it's been tested people the tools get better because it has been tested under diverse conditions and improved under conditions so rather than each silo maintaining the entire tool chain from the beginning all the tooling from the beginning everyone shares it so you can have your silos one can do butt fixes another one support vacation security so on and so forth so the resources available to improve your hammers is multi pocket at the same time the resources required to maintain it it becomes a fraction of its original resource so which is why breaking down your silos increases efficiencies right and with intersource free resources to pursue more challenging things that your customers value so now that we have goals let's talk about metrics what are metrics? metrics are tools that help us measure how well something is doing they give us information to evaluate purpose and make smart decisions however it is only useful if you know what you are going to do with the metrics so in intersource good metrics are easy to understand they are representative to the question or expected outcomes and they are useful if they are most useful if they are actionable and if not they should be informative it doesn't have to be too precise but it should be informative enough and so because remember we are managing a product we are not scientists so ultimately the position doesn't matter that much so we have here and these are pretty good goals enhancement but fixed support etc etc now when you have your metrics it is good to be be strategic so there are a couple of techniques that we can use but first there is a story so a police officer stumbles across a drunk man coming around on their street light the policeman asks what are you doing the drunk man says I am looking for my keys the policeman says where did you leave them the drunk man says over there in the valley the policeman says why are you looking over here this is where the light is so this story illustrates the danger of many types of scientific and data project because if you measure productivity for example you can't stick an MRI machine on the heads of all your employees to see how motivated they are you have to measure secondary information and sometimes it's just the best that you have you can only derive information by looking at the street light and try to figure it out from there so we have gold question metrics that is why it is important to start with what you are looking for not what you are looking at so with this strategy it was developed by Victor Vasili in the 1980s I believe we can have more meaningful conversations about what we are going to measure so we start with the gold what we are trying to achieve then we go on to the questions that support those gold and then ultimately we come up with the metrics that support the questions so for example the question is how often do customers encounter issues with our software a metric that you can use is customer reported issues the number of customer reported issues the question can then be how can be how easy is our software to use the metric usability rate so you see gold question metrics so all the questions and metrics support the gold however if you have with a metric customer reported issues you might have difficulty figuring out why you are doing this it is much much more productive to start with your goals another strategy to use is the can do a check act cycle so you can start with a plan for example identify a high rate of customer reported bugs and set a goal to reduce the number of bugs by 15% do implement a new testing process and collect data on bug rates you check you analyze the data and you find that the number of bugs has decreased by 40% then you act so which means that you make adjustments to a testing process and continue monitoring the bug rates because you are most likely not going to get the metrics right to begin with you need to be open to the idea of iterating this through and constantly reevaluating whether you are on the right path or not and improving you may never finally find those keys but you would have gathered enough information to know which part of the dark gallery is in which may be enough so here's a lovely example idea Watson these slides are from the top are just given by Jeffrey Bore and he talks about their transformation to inner source so here so you see that in this part we have the the contribution where you contribute to the inner source part and then you have the adoption phase which makes it very clear the roles about who is doing what in this ecosystem the metrics are interesting because in maps you have the contribution numbers 50 contributors these are part of the contributors and then we also have numbers regarding adoption so you see that over here there are 15 products from our teams in the first 18 months and with 75% less time to gather delivery and 10 million dollars saved through reuse alone which is which are significant numbers and very very good metrics this is probably the kind of things that your managers would love to hear so let's look at one such approach for our silo breaking effort we want to see which contribution which units which business units contribute to each other the most so we use the network analysis metrics let me break it down so we have we have we start with a project this can be code documentation anything really the project has a contribution in this case we'll say it's a developer we draw a line to show that the developer has contributed to the project or has committed to the project and we can keep drawing those lines to show each structure and ultimately these are the vehicle browser we can come up with to show the layout of the patterns of interactions within your organization so then you can start seeing where the silos are you can see these guys are working in the by themselves on the periphery you can see two major projects over here three major projects and there are there is some cross interaction but then you can see that these are all continents so not so much silos but they are there are continents so with visualization like this with metrics like this then you can start having an idea on how to make changes and to assess the health of the of collaboration within your organization so this is all generated by the free open source free portal so these are continents communities versus architecture this is one project developer versus many many many project developers you can see that they are contributing to many projects this is you can see collaboration you can see the lines in collaboration while these are isolated projects on the periphery non-lens silos and intelligent communities so you can see that there is a clear dividing line so there is a line dividing that part and that part and up and down so this is a tool it's open source at the Linux foundation it collects and displays data it supports 30 plus collaboration platforms and there's a whole bunch of metrics that are included and with the inner source community there is a pattern so if you choose to take this approach and you start to implement metrics in your organization please don't do it alone we have a community the inner source community come and talk to us about the metrics that you choose to implement and let's share your knowledge because that way it is more likely as I said the more street lights out there the more likely we'll find our keys together so here also metrics in the inner source this is an example so you can see that these are patterns for contribution and collaboration darker numbers means more more contributions and then you can see here for example the number of top PRs open and commit so you can see that these are probably some good candidates to come and be your trustee committers it's sort of like a maintainer so you can invite them to come and be a maintainer or a trustee committer for your internal projects right policy metrics measure their application of sorry so let me start that again so the goal in here is to increase coding collaboration right when you are making that metric you want to increase the collaboration so one of the things that you can do is to use a root cause analysis to see the factors that use this collaboration so after a root cause collaboration root cause analysis you might come to the conclusion that the commits are too big and they are they are difficult to review at fixed they are difficult to review at fixed and it's just ignored and the person making the contribution is then quite sad in one sense so so one way to fix it is to start reducing the size of the commits for example so another thing is to continue with the analysis so we have questions how far are we applying our policy so we have policy metrics see the evolution of lines per commit we can track the lines of commit and see whether they are going down or not then we can see if the policy is succeeding so we can see the median review time then are we being misled by circumstances are we causing unwanted side effects we can track the other metrics for the context so the number of PRs issued per time frame as expressed metrics for example so with metrics great power bears great responsibility right they are as because you are looking only where the lights are it's a slippery slope with a lot of issues so we just want to stress again seek help from the community share what you are trying to do and let us build up a database of metrics together so we are standing on this shoulder of giants here there has been a lot of work done both by the inner source commons as well as the chaos community and we can see we can get this move so this is the chaos community website c-h-a-o-s-s dot community you can go in there and you can look through the metrics that they have so let us look through for example the contribution metrics so you can see we have metrics types of contribution activity dates and time time to first response versus us so let's see time to first response for example we have descriptions, the first response activity that can sometimes be the most important response, we have objectives time to first response is important is an important consideration for new and long-time contributors to a project along with overall project help we have implementation guidelines which is visualization a lot of information about metrics is available so please look through the website these work for open source projects as well as inner source projects so please look through it and see what you can find helpful and subsequently if you find that you can contribute an improvement please open a full request and so back to our slides in summary suggest that you implement your metrics you implement them early on so if you are a startup you suggest that you do it early on in your in your journey please don't roll your own metrics a bit like crypto don't roll your own because you are very very likely going to make mistakes please seek help from the community while doing this and so before I go I just want to acknowledge these entities for the their contributions to these slides and I am done thank you very much ok so I think that it's difficult it's difficult I believe that those are combinations so we can extract data from github as well as other platforms I am on the operational side so I am coming about I think it is to do the integration with with incident tickets yes yes yes so it integrates with 30 platforms and it has a plug-in architecture so it can support even more but most of the popular platforms are supported by dream models thank you any other questions ok well thank you very much I I apologize I was thinking of those words for our next session we have the open source the the the the the the is the over to you thank you I am really great I made an I I was I just want to show you how I started out in the middle of the division, and now I'm also an open source in the context of my dance, and from me, I'm a football colleague, and I used to work for a credit card as a principal for that image. From my experience, I've worked with a lot of companies, and as the open source becomes more and more popular, more and more companies set up open source software for the office. To the management of organizations, the usage of open source software, and the other part is the engagement of the open source community. One of the things is to provide a certain kind of combination of open source software activity, how management, ego, and compliance risks associated with the open source software. To improve the organization's stability to contribute to the development of the open source, and enhance the organization limitations within the open source community. There are some changes, but also, that's not how it's seen. First is the language and cultural barriers. I know for a lot of people, besides the fact that there are some other challenges, such as ego and compliance, challenging competitions, and limited resources. To address these issues, we need to build a range between the big companies and the open source community. I engage with the global open source community and the community into the open source projects. The big companies can benefit from the engagement and collaborations that open source software has in aid of hope to the favorite part, the cultural difference. I just want to introduce a book from a famous social logist, Pei Xiaotong. He wrote this book called The Long Sword in 1934. He talked about Chinese society, different from Western society. This book was written in China, in the translation for Chinese radio. It explains the difference between the two societies, like moral and ethnic values of the people living in those societies. In this society, it's like part of the bio moves in the field. There are several groups that are under detectors, and they're under a pack. Each piece of wood could be found in the same funder, and there's a cleaner circle, and it's well-divided, and no chaotic. Just like the code of combat, if we want to join commenting, and the people are, not know each other. But for the Chinese society, it's like a rip-off. When a stone is thrown into the water surface, it's just a push-out like a circle. Each person in certain circles is pushed out by his social inputs, and the connection just happens into this rip-off together. Just like if we want to build some connections, we have to meet them. In China, there are a lot of people still attached to the blood, and identify the region. So the relatives just can help each other, but for the strangers, that's cool. Just like the circle. If you want to work with others, you need to meet them. So put them into the center of the circle. When I talk to the local developer, and most of them use open source software, and most of the countries, only a few of them have to communicate with the community. It's very friendly due to the cultural differences. Open source community doesn't speak a great language, maybe English. Somehow, I reach out to the invisible affiliate developers. So the email, the non-talial, doesn't make any sense. Just like I said, the traditional Chinese culture is different model associated. If we share the same identity, it will be easier for us to build collaborations and connections. It makes social, it makes local friendship. And the project meet-up is crucial to bring people on board. Back to the Open Source Foundation, it's a virtual, nice organization made up of volunteers around the world. As a mission is to provide the software for the public good. That's the developer focus on coding, where the foundation provides relative service. Such as infrastructure, legal entities, and actually trademark protection, legal protection framework. And it also provides guidance for the Open Source project. And I think this provides a commonplace for the type of companies developed together. As an incubator, it's an official point for the project to use as an initiative to help those companies to build the active way, aka, the mutual code, practice the community of code. As strongly emphasized, this project is successful and can continue to survive over a long term. We learn each other by learning how to do it and helping each other as a community. So this provides a very good place to make friends. As a local mentor, I think we can go far from here and instead of providing an internship, we can build up the national trust. National trust is a great opportunity for our actual community, our actual commuters and the individual coding projects to communicate with us as officers. And so I organized the two weeks of being in Shanghai and I got the opportunity to be in the market, which is a great growth and adjusting the two weeks to China in 2018 and 2019. This meetup is extremely successful and we've changed a lot of the specifics of some community buildings and this meetup made friends to a project directly. One good piece of evidence is that the Shenzhen APS-6, from the middle-aged mentor, immediately after the meetup. In the end of 2019, I heard about our local community, from the community. I suddenly realized it's a great opportunity, I can do more. As more coding projects join together to hold the co-located meetup in Beijing, I was trained by an idea of building a local community in Beijing to spread it to the brownies of our local community and host the various events for the open source in Shenzhen to share the information of our local community and most important for our people and together. So this is the first two meetings. If you take a look at the time, that's the pandemic. We were all down as we had this kind of meeting to discuss what we can do to spread awareness of the project. I was quite excited about sharing this with the local community and we hope these public meetings are running for three years. In August, we held the first personal meetup to show the archived success story within the local community and we inspired more developer and talent college students to join the open source development. Besides holding the events, we are also publishing articles and making podcasts and we are also doing some translation work to build the content, spirit and awareness of the archived project and the archived people. We market the bridge of Beijing project to share the open source journey podcast in Chinese and to promote activities and open source culture in China. Along with the community, we also do what I cannot make with the company's support for the sponsors, but yes, we successfully hosted this virtual conference in Beijing and made a big step to boost the local awareness of the Archive Social Foundation. I cannot describe how I thought and to see everything start from scratch and how grateful I am for generous help from the communities. Besides the LCC Beijing, we also started LCC Xinzhen and the time to start LCC Xi'an and I just work as a mentor. I'm passionate about championing those important projects and how things will go through the participating projects. As an individual mentor, I work on the registration of the Xinzhen community of voice and music. And running the local community, we're going to actually project the developer together. It's for the web. It's providing solutions with big tech companies that will contribute to the upstream and Archive projects can work. It's a new brand to tackle the common technical program. It's really a great experience for me to see more and more Archive developers and work together to build a virtual ecosystem. So, I'll let it sum up. We can use the circle of Thailand to the local community to establish a connection to the people quickly. It doesn't make a divided connection. And makes the champion to be capitalistic for our own people, we call it Xinzhen. And the mentorship is quite... It's one of the best projects of the agent. And we can develop that. It's only credit in public. And you can open it by opening it up in public. Okay. So, you can get in touch with by sort of the email and this is Twitter. This is a WeChat public account about elevating the view. You can subscribe it. That's the story I want to share. Okay. Thank you very much. Okay. So, we are going to be now having Roland Suu, the CEO of Tentist, as well as Asadya Sharman, the CEO of Security. Okay. And they are going to be working on open source algorithms all the way. Overview. Thank you. Open source algorithms with models. This is something that obviously came in mind way back when our energy was the first of public development with large number of models. I think that it was one of the open source that it was. So, Asadya and I we've both had a background in open source security specifically. And one of the future processes that we had once this started with the foundation of people and once a lot of open source a lot of more start coming about with what are the applications, when relevant source kind of keeps base with what is happening from commercial standpoint when we create a new model and just in the time between when we propose this to now and bring this everything a change, right? People thought you would not be able to run models locally or you're not be running them on MacBooks and it does never end. But what you're going to talk about is kind of a specific part. We're looking at large language models for code. Again, when people started there were separated models for code. Even openly I had codecs and now it's not over there. It seems that there may be just general purpose a lot of language models. But then the list goes on, right? All the way from code bird which was kind of the pioneer in some sense to alpha code, code JNG and then this codex kind of coder for those who don't know is always code generating LLM. For pilot is a version of co-pilot which kind of created two days ago. This morning, Amazon made public code vizper so everybody can use it and it's free for individual developers. So code generation for that model is great. I don't know about your experience but my experience with using JGPD but in any code was similar to how I used Stack Overflow how I remember it looking back at that time where you were like great I just need to ask it and then fix it for me. I need to think about how to fix it. So there's this meme, I really liked it I know people are writing about it with the amputee pack of AI and they go with their jobs but I think that was definitely happy like less body code to provide less unit testing, less fixing of stuff. So that's great. No more readability, no more comments. So it's a lot of people for code existing and there's open-source that's going to show up with models. I think it's a long run open-source model to make as we have seen it also. Open-source models will be kind of redefining with Korean but there are certain things beyond what open-source generally does for software. There are certain principles that we all are aware of but when it comes to specifically line-up with models and AI there are a few additional advantages that we see. One is data security privacy like the ability to create models on your own data securely without having to give it to a third party that seems like a major way. Alignment and security seems to be another way from a decentralization standpoint. You know, like if you believe that the collective wisdom is what will have thus defined alignment for AI then obviously building an open-source model will be the best better outcome. There's also the boss advantages as it stands right now line-up with models will always be computationally and as a result commercially expensive. So open-source models should win out in the long run for that. Training data. If you are using an open-source model and we were to just do a very simplistic extension of the open-source code licensing models out there you would theoretically train on a lot more data because you're open-sourcing your outputs or as a result you could theoretically train on GPL GPL data or any kind of popular data as well as long as you are able to reciprocate the license and so on. So it opens up much larger data sets for you. So we think open-source models should win out and when we look at coding though there is obviously a gap now that's the long run in the short run the coding models aren't that good right or any open-source model isn't yet that good beginning then but there is a big difference. So when you look at code generation which is your left to right code generation writing new code point of date code asking you to write certain amount of code for a given problem statement the commercial models do a very good job. But then as we are talking one thing that we realise is a lot of code writing is actually not doing left to right code generation from scratch it is actually editing code it's about fixing code, it's about maintaining code, it's about extending and modifying code. So when we look at something called fill in the middle which is kind of on the right side these are aspects where you're basically saying that there's a visiting code and a script code and then you ask a lot and then model to generate code to fill in the middle and based on the research that was available it became very clear that while for code generation your open-source model like code generation and sandbox model had a very low pass at one rate pass at one, I think this is just to simplify basically molecular model by 100 is the percentage rate of success at the first attempt that you ask the LLM or the AI to do something like so you would have very varying differences between emotional models and open-source model but when you fill in the middle of a code generation the difference was a lot smaller and in fact you have open-source models being a little bit better why is that? There are a lot of speculations in terms of why that is, one is that it needs to smaller model, the other is that it's primarily on code so it's not necessarily required to be constrained by all the limitations of natural language but effectively we saw this one opportunity because we were going to find a use case that open-source models could use as a first victory against commercial models and within our understanding of the space and another thing that we saw and this goes back to our experience with open-source security and so on is that there was kind of this report by Stanford in December which talked about how the generated code was going to be insecure and we had had that experience Secure of the Veracode I would say that stand is through some of the cyber security stuff and folks on application security and we had the experience where any users and clients really struggled to fix one of the reasons that code so those two things combined gave us kind of an interesting idea which was like since the middle was basically editing code and there was a concern about insecure code even with generated code and otherwise can we find a way to use open-source pipeline with models to fix one of the issues can we do it in a way that's potentially better than what's out there from a commercial model and that's kind of the thesis of what we tried to do and to be honest, not me most of the looks in western Japan are not as as smart as he is but this was kind of the idea that we were looking at and I think as some people have not talked about all the exploration that we did since then Thanks Rohan so when we looked at this problem back in late early December there were very few models for source code which would actually go fill in the middle of bug fixing and one of the models that came in December last year was this thing called Santa Coda there are some attractive properties about how they built and trained this it's actually from big code which is this large scientific open collaboration it's backed by Hugging Face and Service Now and the key difference compared to what OpenAI did or what others did is that they trained it on a dataset where they respected the people's licenses right so it's trained on this dataset called the STAT it contains 6 terabytes of permissive data they scan data they analyze all the millions of repos but they extracted the licensing from the positives right and what you see is the eventual dataset which came in after near re-replication actually consists only of these set of licenses right so one of the benefits is if you're using Santa Coda is that the power code that it spews out is actually permissive the license compared to say OpenAI so that's one of the benefit and the second thing is they actually have a knocked out so even if you're a open source developer and so they have this dataset available you can just submit your repository onto it and the next time when they train the model for the next iteration your code is removed from it right and they I think they've done it quite once a month or so so quite frequently so if you really want your code not to be included there are the mechanisms to do it right and I don't know anyone else even including commercial companies which provide this right so there are a lot of different properties of this dataset and the model it still is very diverse so if you look at the terms of programming languages so the checkpoints that they released in December are for three languages Java, JavaScript and Python were probably the three most common languages but it has many different languages the dataset itself has in it and now everyone has achieved a lot of changes since December right so this is still a GPT 2 style model which is at the time it was released it was competitive with what was available but probably today with GPT 4 or whatever it's no longer that competitive right for code generation so this is the base model which we started and very quickly I'll just show you a little bit of how it works so let me go back here and hopefully so so actually I wanted to show you the demo that they have but for some reason it's erroring out right but the good thing is about open sources that I could just I was sitting back there I could just and this was the issue and then I could just run it here right so even if I don't have a GPG grants it takes a while to run but one of the things to have about this model is that it is another like a dialogue model so people who are very familiar with charge agree now not expected to you know say give me this or write this answer you have to use it like code completion so you start out writing either some box strings or you write comments of what you want to do and then the model will actually generate it so in this case let me just copy this over here and what you can see is right so I gave it a prompt and then I generate this piece of Python for the code numbers and then I think this started on its own right the good thing about this model compared to some of the other model which is open source which does infilling is imported by Facebook you can actually do infilling so you can actually define a token here so which will so instead of actually just doing completion you can actually say okay you know I think there is some bug here or there is something missing right and then let's just say for a few seconds hopefully it will fill up so you see it generated the actual code so this is part where you can actually go ahead and do this infilling right and that's important for the use case you want to use model for so let me go back to my slides right so when we look at it we want to apply this model for a particular downstream task and the task that we had in mind was vulnerability fixing right the most common way to do it is using supervised fine unit so typically a GPT style model is trained using causal language modeling so you have some context on the left hand side and then you have a place where you want to predict the mask and then that's the goes from left to right this is in contrast to something called mask language modeling where you actually in the text itself have places where it opens the mask as masks and then you predict what the token is so an example of a mask language modeling is a word which is a mask language model right so then how I just showed you an example of how you could do infilling with Santa for the right so how does the model which is a you can do style you can actually do the same with the causal language modeling so there is a technique which came last year where people what they did is they realized that you can actually convert this infill kind of problem to a causal language modeling problem and what you do is you just take this token right you add some new weapons to say ok prefix and then add some code and then add some suffix and then this is the middle so what you do is you transform this by generating a token and then this is the problem that you give to the model so you take some code here but it actually gives you the backup from way right so you move the you use special tokens to mark in the code what is the beginning and end of the text on the code and then you get the backup right so we use this with the idea to do to prepare a data set for bug fixing so what we do is like we have some code and then there is a buggy line so this work we focused on single line fixes because it is just simple and easy to do but similar idea could be extended to multiple lines within the same bindings right so what we do is then we have to create some problem for the model to consider while fixing so then we say ok there is a bug this is the CWA so these are all already we format the actual bug and then we put in our you know fixed version for the fixed line right and then we insert these special tokens so then we say ok this is the prefix there is something in the middle and then there is a suffix and then there is an extra so all the data set we can actually consist looks like this so right to give you a more concrete example so this is an actual bug we are going to put it in our program so this is from our real CVE so we transform it so this is the actual line of code which was there right and we add this bug and then on the fixed line and then we insert the actual fix so this whole thing is actually the import for training so our end data set consist of examples like this right and then you can train it in a standard way because it is a GPT2 style model so you can use the you know there is a special bindings script which the code has provided all you could use the usual again face transform script just need to be careful because you need to add these special tokens in otherwise the model may not know what these stand for so make sure you have special token in you can run it you can run it on single GPU very easy right so this is just a test from which I have from Gola right so we took a CVE fixes data set which is published last year and from which we extracted these single line fixes so that's the data set on which we trained our point in our model the data set is available we call the standard fixer right so this is the model which has been fined here and forth fixing now once we had this we realized that this is now again quite popular with the whole chaining and you know giving language model tools but what we could do is you could combine a static analyzer with the last language model to automatically detect and fix one release right so the way it works is that you have some input you scan it with your static analyzer it finds some vulnerability then you use the handle model to prompt it and then in real fix right then you take a fix and then scan it again with the same analyzer and you do this until you find that it's been fixed right and then you're on to the fix so in our work we created a tool which is also open source and I'll show you in a minute how it works called open source which is open source static analyzer and for the large way it's not used under fixer but basically you could use any combination you could use a commercial static analyzer or you could use another model to do the generation you could even use an open API to actually you want to generate code right but the idea is that you use the slow do to generate different options and then keep scanning continuously with your analyzer until you finally fix the problem right so let me give you a quick look at how it works so the tool is open source where you can generate some instructions on how to use it I'm not just showing this here and while I talk about it hopefully by the time I go to fixation right so here's an example I'm going to show you the Java one so this is an actual one so there is actually a vulnerability here there is a parameter which comes in and then you're directly creating a file from it and then this could be an issue so if you write it creates an intermediate you know the prompt file so first it will take the vulnerability and then we generate this kind of prompt so it says okay this is the vulnerability you are restricting the path name to directory this was the line which is commented and then it prompts the model to actually in fill of fix the bug user in fill here and eventually once it's finished it would have something like this like so now we're going to generate until the code here so instead of going to the image it puts it in one attribute and so on and here is an example from this which might be more so here we have we're using mv5 hash so when we scan it we would see that somewhere we use a program of the schedule so to say this is mv5 you should use it in every prompt to take a fill and then when you see how it is eventually fixed we have the fix here so it actually says we use a chart so this is running so this is running so it's actually quite nice to watch this is an example I recorded from earlier so you can see that we modernize various combinations and we keep on iterating until I find something where the site analysis is not like a model okay so running it will come back okay so you can see actually trying out different combinations this is the example that I just gave in right so something the issue here is that this is coming from request parameters are written and then it's being passed in the response strategy and you can see it's finding out various combinations I don't think it worked this time okay so let me go back alright so we built this and then we wanted to see how good or how well it would work in practice so we we tried to test it on our data set for 1000 projects from Vita we just scanned using the sender and this data set is also something we have published so on that what we see is typically in the way you would have seen the results I reported I was like pass at 1 and pass at 10 but what it means is that pass at 1 and then you just take one generation output and so it's able to do 25% with just one pass or one output but if you do typically 10 like the one which I showed you before like what we do then it can actually takes half of the thing then this is for various languages I didn't have the capacity of the GPU to drive pass at 100 which is also something that people typically report yeah that's that's pretty much it so the model as well as the tool it's open source it's available we just published it this week so I will invite you guys to try it out and that's our poll, happy to pick any questions yeah so I'm guessing we mentioned to who is it it's Ivan locally he's more on smaller a lot of it and so what seems to be designing what's your ideas for making more portables that way response time so fast run time so fast yeah so I think one thing is I mean I don't have a GPU so it runs fairly so this is running on my CPU so what have you said so it's already this particular model it's not too bad because like I showed you it's still a gpu2 style model so it has like less than close to 1 billion parameters but there are things which just today I think in the latest release of having-based transformers there is a gpu2pig which is a fast instruments based transformer which actually is being contributed by Santa Boat actually speeded up quite a bit there is some other work people have done which we have not right with the see how it can actually compress some of the weight so I would be if you can take a model like this which is fine tuned on very specific problems like one already fix it and reduce it to say you know less than 50md or something so then I can put it in my visual studio board as a plugin right so I think it's possible but we haven't like spent too much time on that but what you saw today is this CPU it's actually fairly fast yeah so just to put it to which actually we were talking about a gpu2 style model are you training from scratch as in you know the base models which I think so it was that I think it was scratch or what you said so the big core collaboration trained this kind of older model from scratch and the stack which is the 60th data center we find it from there particular downstream but the original model is and that is the only one which I know has been like it's you can't get code which is not that's not going on where do you see human AI collaboration going as far as programming language evolution so we have any ideas we thought about it can you repeat the question so when you see human AI collaboration and I think as it stands right now you can't let these tools run unsupervised even for example the pass of 10 that you're doing here it only makes sure that the study analyzer no longer says it's one but you might have broken the entire code so who knows so there's still a lot of supervision even if you are running AI you don't write a single one of course and I think I personally don't see that going away anytime soon especially for code maintenance writing new boilerplate code yes pretty largely unsupervised but that is never the problem in large organizations projects I think the maintenance somebody has some ideas on this as well you need models that are trained on that and even then they would be in this position so I think people are really freaked out about this every day there is some new set of tools and chains and people talking about auto GPD and you can just tell them how to work through what keeps running I think they're getting a lot ahead of themselves so all those cases that you see they're actually very very simple I believe when I see a lot of I will model to install I don't know NVIDIA driver on a new get back I mean it puts hours for me to so those who are actually familiar to make this work so I don't believe it if it can install the NVIDIA get back on now embedded the device from static so there's still a lot of room there is I think for simple tasks which I believe maybe 80% of the block met is like that take something from a database display on a UI and then maybe that's where it's hanging in but there's a lot of scope there's still a lot of room and there are ways in which we could improve so one of the things we wanted to do was like we don't really learn from the failure of the like it doesn't have a fixed like we don't explain it so one of the things we could do is to see like ask the model to explain why it's failing but in all this talk like yeah I mean this is a running joke like I would believe like it could install NVIDIA driver on a machine because that's insane if you ever do it because like at security I've worked with a lot of different systems recently and you need a specific version of Python with a specific version of the people who are laughing right with a jetpack with a specific one it takes two days for me to take the actual device commercially from Lego set it up and then build it to a point where I can run my code on it right so I think yeah I think there's still a lot of room so we it's a very similar category to what we said like stack also at this point so I use it yes I use it but I use it yes similar to how I would like to look for some information get something out and then do so the other problem is it's hard to actually get the model to what you really want if it goes on this path of like at least telling you the wrong thing right so I teach at SMU at this finish the course on competition of thinking and some of the problems there I mean like a problem so we teach about this heuristics and so on right so you're going to ask it and then try to change something in a way that you want right like you would do another human and put an act on it but if you try some of this model you just keep going at this track what they call like hallucination in the world but it doesn't backtrack so once it starts on a path and every time you say it and say I apologize this is not correct but it will just spit out something which is again garbage so yeah I would encourage you to try it out but how can you realize for normal problems for problems which probably does not need to end on or you're trying to ask a particular question it's hard to get into what you want right David in today so I think yeah despite all this progress please try some of these on GPD 3.5 GPD 4 as well just to obviously there's no API actually yet I'm waiting for that though like I put an open AI e-mail request with the Singapore PSLA questions and answers and finally GPD 4 does worse than GPD 3 just give it