Why Modern Open Source Projects Fail

Open source is experiencing a renaissance period, due to the appearance of modern platforms and workflows for developing and maintaining public code. As a result, developers are creating open source software at speeds never seen before. Consequently, these projects are also facing unprecedented mortality rates. To better understand the reasons for the failure of modern open source projects, this paper describes the results of a survey with the maintainers of 104 popular GitHub systems that have been deprecated. We provide a set of nine reasons for the failure of these open source projects. We also show that some maintenance practices -- specifically the adoption of contributing guidelines and continuous integration -- have an important association with a project failure or success. Finally, we discuss and reveal the principal strategies developers have tried to overcome the failure of the studied projects.Comment: Paper accepted at 25th International Symposium on the Foundations of Software Engineering (FSE), pages 1-11, 201

A survey of peer-to-peer content distribution technologies

Distributed computer architectures labeled “peer-to-peer ” are designed for the sharing of computer resources (content, storage, CPU cycles) by direct exchange, rather than requiring the intermediation or support of a centralized server or authority. Peer-to-peer architectures are characterized by their ability to adapt to failures and accommodate transient populations of nodes while maintaining acceptable connectivity and performance. Content distribution is an important peer-to-peer application on the Internet that has received considerable research attention. Content distribution applications typically allow personal computers to function in a coordinated manner as a distributed storage medium by contributing, searching, and obtaining digital content. In this survey, we propose a framework for analyzing peer-to-peer content distribution technologies. Our approach focuses on nonfunctional characteristics such as security, scalability, performance, fairness, and resource management potential, and examines the way in which these characteristics are reflected in—and affected by—the architectural design decisions adopted by current peer-to-peer systems. We study current peer-to-peer systems and infrastructure technologies in terms of their distributed object location and routing mechanisms, their approach to content replication, caching and migration, their support for encryption, access control, authentication and identity, anonymity, deniability, accountability and reputation, and their use of resource trading and management schemes

Managing the risk of peer-to-peer transactions

It is being progressively recognised that information systems and applications supporting collaborative tasks, including online transaction processing systems that currently follow centralized client-server models, can also be based on the maturing wave of peer-to-peer architectures. In order to manage and reduce the risk inherent in peer-to-peer transactions and their decentralised and uncontrolled environment, a variety of approaches have been proposed in the literature and implemented in both research and industrial settings, with reputation and trust management systems being the most prominent. These aim to provide peers with estimates of the risk involved in their transactions, based on the observed past behaviour of their counterparties. Though reputation management systems offer a lot in this direction, it is argued that the information they provide about past behaviour may not be enough to accurately assess the risk involved in a transaction, and various issues remain open especially in purely distributed implementations. In our research we attempt to address the above issues by proposing new, alternative original approaches to reducing the risk of peer-to-peer transactions. More specifically, we propose, design, implement and evaluate two independent, original risk management systems. The first is ``MoR-Trust'', a distributed reputation management system based on the concept of expressing and manipulating trust in terms of monetary units. Based on this concept we describe and implement specific algorithms for the transaction evaluation, decision making, and reputation propagation processes. Central to this approach is the notion of ``ratcheting'' trust estimates, i.e. allowing the build-up of trust as a result of repeated successful transactions, potentially beyond the actual transaction value. The second system is ``Ptrim'', a different approach based on the financial principles governing credit markets for managing, transferring or reducing credit and transaction risk. Ptrim builds a transaction default market layer on top of a main transaction processing system, within which peers offer to underwrite the transaction risk for a slight increase in the transaction cost. The insurance cost, determined through market-based mechanisms, is a way of identifying untrustworthy peers and perilous transactions. The risk of the transactions is contained, and at the same time members of the peer-topeer network capitalise on their market knowledge by profiting as transaction insurers. We describe a robust evaluation methodology for the above systems. The main contributions and results of this work include a comprehensive review and survey of the emerging field of peer-to-peer technologies and architectures; the definition of an evaluation methodology for our original system designs; and the implementation and deployment of Ptrim, a fully-functional, distributed peer-to-peer risk management system, as well as the simulation implementation of the MoR-Trust system. The evaluation of these two systems validated and verified the efficiency of our proposed concepts.Σταδιακά διαπιστώνεται από την ερευνητική κοινότητα ότι τα υπολογιστικά συστήματα και οι εφαρμογές που υποστηρίζουν διαδικασίες συνεργασίας μεταξύ πολλών χρηστών, συμπεριλαμβανομένων και των συστημάτων επεξεργασίας και υποστήριξης συναλλαγών, τα οποία αυτή τη στιγμή βασίζονται κυρίως σε κεντροποιημένες αρχιτεκτονικές πελάτη/εξυπηρετητή, μπορούν επίσης να βασιστούν στο νέο, εξελισσόμενο κύμα των αρχιτεκτονικών ομότιμων δικτύων υπολογιστών (peer-to-peer networks). Για να επιτευχθεί η διαχείριση και μείωση των κινδύνων που είναι έμφυτοι σε τέτοιου είδους απευθείας συναλλαγές και στο αποκεντροποιημένο και ενεξέλγκτο αυτό περιβάλλον, διάφορες λύσεις έχουν προταθεί στη βιβλιογραφία και έχουν εφαρμοστεί σε ερευνητικό και επιχειρησιακό επίπεδο. Τα συστήματα διαχείρισης φήμης και εμπιστοσύνης (reputation / trust management systems) αποτελούν τις πλέον προεξέχουσες λύσεις. Παρότι τα συστήματα αυτά προσφέρουν πολλά προς την κατεύθυνση της μείωσης των κινδύνων, οι συναλλαγές αυτές εξακολουθούν να ενέχουν σημαντικό κίνδυνο, παρά τη χρήση των συστημάτων αυτών. Στην ερευνητική μας δουλειά προσπαθούμε να αντιμετωπίσουμε το παραπάνω πρόβλημα προτείνοντας νέες, εναλλακτικές και προτότυπες προσεγγίσεις στο θέμα της μείωσης του κινδύνου των συναλλαγών σε ομότιμα δίκτυα υπολογιστών. Πιο συγκεκριμένα προτείνουμε, σχεδιάζουμε, υλοποιούμε και αξιολογούμε δυο διαφορετικά, πρωτότυπα κατανεμημένα συστήματα διαχείρισης κινδύνου. Το πρώτο, το οποίο ονομάζουμε ``MoR-Trust'', είναι ένα κατανεμημένο σύστημα διαχείρισης φήμης που βασίζεται στην έννοια της έκφρασης και διαχείρισης της φήμης με οικονομικές/χρηματικές μονάδες. Βάσει αυτής της προσέγγισης περιγράφουμε και υλοποιούμε αλγορίθμους για τον υπολογισμό του κινδύνου συναλλαγών, την λήψη ανάλογων αποφάσεων, και την διάδοση της φήμης στο δίκτυο. Το δεύτερο σύστημα ονομάζεται ``Ptrim'', και αποτελεί μια διαφορετική προσέγγιση που βασίζεται στις αρχές των οικονομικών που διέπουν τις χρηματοοικονομικές αγορές και χρησιμοποιούνται για τη διαχείριση και μείωση του κινδύνου των συναλλαγών. Πιο συγκεκριμένα, το Ptrim δημιουργεί ένα μια αγορά για το ενδεχόμενο αποτυχίας συναλλαγών (transaction default market), σαν ένα ``στρώμα'' πάνω από το κυρίως σύστημα διαχείρισης συναλλαγών. Μέσα στην αγορά αυτή τα μέλη μπορούν να ασφαλίσουν τις συναλλαγές άλλων χρηστών για την περίπτωση αποτυχίας, με ώφελος ένα ποσοστό της αξίας της συναλλαγής. Το κόστος της ασφάλισης προσδιορίζεται μέσω των μηχανισμών της αγοράς, και αποτελεί μια ένδειξη του κινδύν που ενέχουν η κάθε συναλλαγή. Με τον τρόπο αυτό περιορίζεται ο κίνδυνος της συναλλαγής, και παράλληλα μέλη του δικτύου επωφελούνται του ρόλου τους ως ασφαλιστές συναλλαγών. Περιγράφουμε μια ολοκληρωμένη μεθοδολογία αξιολόγισης των παραπάνω συστημάτων. Η βασική συμβολή και τα κυριότερα αποτελέσματα της ερευνητικής μας δουλειάς συμπεριλαμβάνουν μια ολοκληρωμένη επισκόπηση και ανάλυση του κλάδου των δικτύων και αρχιτεκτονικών ομότιμων υπολογιστών, τον ορισμό της μεθοδολογίας αξιολόγησης των συστημάτων που αναπτύξαμε, την υλοποίηση και θέση σε λειτουργία του πρωτότυπου κατανεμημένου συστήματος Ptrim, καθώς και την υλοποίηση ως συστήματος προσομοίωσης του MoR-Trust. Η αξιολογήσεις των συστημάτων αυτών επαλήθευσαν τις προβλέψεις μας και επιβεβαίωσαν την αποδοτικότητά των πρωτότυπων προσεγγίσεών μας

Security applications of peer-to-peer networks

Open networks are often insecure and provide an opportunity for viruses and DDOS activities to spread. To make such networks more resilient against these kind of threats, we propose the use of a peer-to-peer architecture whereby each peer is responsible for: (a) detecting whether a virus or worm is uncontrollably propagating through the network resulting in an epidemic; (b) automatically dispatching warnings and information to other peers of a security-focused group; and (c) taking specific precautions for protecting their host by automatically hardening their security measures during the epidemic. This can lead to auto-adaptive secure operating systems that automatically change the trust level of the services they provide. We demonstrate our approach through a prototype application based on the JXTA XTA peer-to-peer infrastructure

The MoR-Trust distributed trust management system: Design and simulation results. Page 314

MoR-Trust is a purely decentralized peer-to-peer trust management system, targeted towards networks and applications supporting transactions or collaborations of a quantitative nature. MoR-Trust is based on the notion of expressing trust in terms of monetary units, thus directly coupling the trust estimates circulated in the network with the values of the transactions taking place and their outcomes. We have validated our design decisions and algorithms through simulation. The results indicate that our system converges towards a small error in the trust estimates distributed throughout the network

Performing peer-to-peer e-business transactions: A requirements analysis and preliminary design proposal

On-line business transaction processing systems have so far been based on centralized or client-server architectures. It is our firm belief–and it has also been recognized by the research and industrial community–that such systems may also be based on the constantly evolving decentralized peer-to-peer architectures. The first step in this direction, which constitutes the core of our paper, is a detailed requirements definition and analysis. We discuss requirements preceding the actual collaborations, such as support for discovery of services, merchandise or trading parties, authentication and access control, and negotiating collaboration parameters; requirements referring to the actual collaboration and transaction phases, such as support for workflow and collaboration orchestration, logging and non-repudiation; requirements following the collaboration, such as user ranking and reputation management; and generic non-functional requirements including security, availability and anonymity. A preliminary design proposal is presented, based on our proposed set of requirements, and on implementation solutions from the recent literature. We conclude that current peerto-peer technology has evolved to the extent that it is able to fulfill many of these requirements to a large extent