I just wanted to re-introduce myself to the community. I’m Lyla Fischer, and I was (at one very early point) the talking head on the default video in openEdX’s studio. I had a really tough time working at edX and needed to take a break, even though I strongly believe in what openedX is doing. EdX was my first job out of college, and there was very little mentorship available for new graduates. I was, in practice, there in order to transmit my knowledge working as a TA in the first prototype course to the expanded offerings, and while I was nominally in charge of some new feature development, in practice, I was just there to help the many many new-ish people understand what was going on at any point in time. Once it got to the point where I was less needed, and it was clear I wasn’t going to be allowed to contribute the way that I wanted to, I took a break and did some personal development.
But I’m back! I’ve got my own ideas worked out this time, and have big plans for my contributions, but I just wanted to start with a “hi” and “how are all y’all”? I see that Tutor is a thing, now, and I’ll look into that. Also, I think that I’ve been away long enough that I would be considered fresh eyes on documentation, if anybody needs proofreaders or beta-testers.
One potential project that I have been thinking about is putting together a Software Bill of Materials (SBOM) for openedX. It’s part of a cyber-security push by the White House, and CISA just published some guidance on the topic here (especially here). There’s also a vulnerability exchange that might end up getting more traction than the SBOM, if that is something that people might be interested in. I’m not sure that I’ll be able to swoop in with a finished product or anything like that, so any help or advice would be greatly appreciated.
There are a few projects that I’m involved in that you may also be interested in!
First, Tutor is definitely a thing! It’s more that that, in fact the latest Open edX version named Nutmeg runs completely on Tutor, which provides an easier way to deploy Open edX instances among other benefits. Many people still use the native installation but Tutor is the prescribed standard moving forwards. The project related to Tutor is about testing Nutmeg, which means going through the list of test cases and checking if they work. I’m the coordinator for Nutmeg testing so I’m the right person to speak to about it. You can learn more here. I will be announcing the start of testing sometime this week (maybe today) so it’s a good time to get involved if it’s in line with your interests. For the first time we will also be creating video tutorials to go alongside the written documentation, which is being headed up by the Marketing Working Group.
Really, I’m just one of several engineers who handles security triage – I just get a lot of visibility on the Security Announcements forum because some of the more interesting vulnerabilities have landed on my triage shift. For disclosure and similar, firstname.lastname@example.org is the go-to email address. (2U is currently handling disclosures for both Open edX in general and edx.org in particular, although it’s possible that could change in the future.)
I can’t speak much to what would be involved in SBOM or VEX – I’ve never been much involved in the Blue Team side of security beyond the triage and incident response work I do. I’d be curious to hear what benefits they would bring, along with a ballpark estimate of how much work that would be (both upfront and ongoing) if you have some sense of it – I’m certainly aware that it might not be possible to know without actually trying to implement it. I wonder if the right entity to do that implementation would actually be some vendor that sells Open edX as a service.
If there is anything I can do that would help get things started, I’m happy to look into it. I was thinking about trying to find all of the various dependency lists in Tutor and seeing which of those dependencies have already published something. I don’t know if that sounds at all interesting, though.
@Lyla-Fischer is underplaying her contributions here. Among other things, she oversaw the development of a number of the more interesting assessment types and was the product owner that brought you ORA2, the first version of which was ready in… what was it, six weeks? During which we added XBlock infrastructure (since it was the first XBlock to run in-platform) and the UX pattern lib?
It’s good to see you again. I don’t have any suggestions beyond what’s already in this thread. I just wanted to welcome you back.
It’s so good to see you. I look forward to future collaborations! I’m currently at tCRIL with Dave, Feanil, and Ed - a crew you may remember
@feanil is working on a Documentation overhaul right now and I’m going to bet he would welcome your help. Of course feel free to reach out to me if there’s anything I can help out with. I currently am the engineering manager for the tCRIL team, and spend a lot of time on community management & facilitation (mostly for the coding side of things, but I pay attention to functions across the board).
If you haven’t gone through it already checkout the new docs proposal. I think now that we’re back from the conference, we’re gonna be stepping up the work to figure out what docs we need and start getting people to start writing!
@feanil I’m pretty sure that all of my opinions and techniques have already been captured in the existing documentation, and while I am usually pretty good at figuring out what is confusing someone if I have an opportunity to interact with the target audience, I don’t have that opportunity right now. I’m happy to proof-read, but that’s about the extent that I think I’ll be useful in terms of improving the quality of existing documentation.
@Tim_McCormack If you happen to know of any edx-as-a-service venders that would be interested in hiring a contractor to help with SBOM stuff, I would be highly interested in helping out, especially if they were willing to support me through onboarding on the engineering side of things.
FYI - my “I’m back” was more “I have some free time on my hands, and I was hoping to use some of it doing edx-type things”, NOT “I’ve found a sponsor and I’m going to be doing all the things”. Thus the delay in response. Anyway - it’s good to hear from everyone! I’ll see you around (online, at least)!