Open source is not only the spirit of engineers, but also an important model for the future software industry.
Author | Hongyuan Han, Chief Architect of Alibaba Cloud New Finance & Internet Business Unit
In the programmer community, there is a joke that GitHub, the world's leading code hosting platform, is the world's largest male dating community. Joked, GitHub's annual report shows that developers from China rank second in terms of both the number of contributors and the amount of code contributions.
In 2020, Jia Yangqing, head of Alibaba's open source technology committee and father of Caffe, said in an open letter thanking open source software practitioners that "the community is the cradle of open source collaboration and innovation".
As it goes, as early as the 1980s and 1990s, when the PC began to become popular, a group of well-known software practitioners and programmers injected the "free spirit" of programmers into open source software.
Eric Raymond's Cathedral and Bazaar |willpatrick.co.uk
In May 1997, Eric S. Raymond published The Cathedral and bazaar, known as the "open source bible," and the open source movement has since had its own declaration of independence. After decades of development, more and more enterprise organizations have joined in open source, and the open source model of openness, equality, collaboration and sharing has become one of the leading forces of global software technology and industrial innovation.
In the current era of cloud computing, open source covers the global scenario of software development. Open source not only represents the free spirit of sharing and co-construction, but also has become the next development goal that enterprises cannot avoid. China's leading Internet companies, represented by Ali and Tencent, have already begun to lay out open source software and have achieved considerable success.
Han Hongyuan, Chief Architect of Alibaba Cloud's Intelligent New Finance & Internet Business Unit, wrote an article detailing the evolution of open source software, analyzing common open source misunderstandings, discussing why enterprises need open source software, and how to combine open source with business models and the cloud.
01 What is "open source"
Before the advent of Unix in the 1970s, it was common practice to deliver a project while delivering source code because software was not generic and software was only a software development project.
With the birth of Unix and its implementation primarily in C, an open, general-purpose operating system became possible. In the early days of Unix, due to the special attitude of its owner AT&T to avoid entering the software industry (due to the fact that the main telecommunications business was under severe antitrust pressure and was unwilling to add additional trouble), it was provided in source code form and did not provide follow-up technical support, allowing users to fix problems in their own environment and port to new hardware platforms.
This authorized university, government, and some commercial institutions laid the foundation for the subsequent development of Unix, and also sowed the seeds of later disputes and divisions.
In the 1980s, a large number of software companies emerged, such as Microsoft, SAP, Oracle, Adobe, and so on. The delivery of software has gradually changed to providing only running programs instead of providing source code, and in addition to selling software, it also provides paid technical support services. To this day, there has been no essential change in the way customers use the software.
In the server space, the Unix camp originated from early code distributed by AT&T, and SUN, HP, DEC, IBM, and others developed their own Unix systems based on different hardware architectures. The need for universality and compatibility led to subsequent uniform standards such as POSIX, but the ambiguity of Unix's authorization and legal provisions, as well as the attitudes and ambitions of subsequent holders, led to a number of problems.
Various systems derived from Unix have been developed separately by their own brands, and there is no unified coordination with the Unix backbone. This split gave WindowsNT a huge business opportunity and evolved into today's Windows Server family of operating systems.
Another important event in the 1980s was the establishment of the Free Software Foundation (FSF), in academic and scientific research institutions, the "hacker spirit" has always been the pursuit of many people, the pursuit of software freedom is based on the right to modify the source code.
Lifewire
It has to be said here that the GNU is Not Unix initiative initiated by Richard Stallman (whose various reputations do not affect the meaning and value of GNU and FSF) redeveloped most of the tool systems that implemented Unix, and distributed these software under the GPL, which mandated the continuous provision of source code for derivative software, and GNU implemented most of the common tool systems of Unix, but still could not get rid of the right Dependencies on the core of the Unix operating system.
The development of the Linux core until Linus Torvalds in 1991 filled the gap, and the Same GPL-licensed Linux core and peripheral tooling system together formed the Linux ecosystem.
After the mid-1990s, the Internet began to flourish, and various Unix derivatives and Windows NT also underpinned the process in its infancy. New Internet companies are not willing to spend valuable funds on expensive hardware equipment and rigid software licensing, Linux because of its non-mandatory fees and open follow-up source code modification advantages, many emerging Internet companies choose as a back-end service running platform.
Various open source systems on the operating system have also been widely used and continuously developed, and gradually formed the general status quo of today's Internet giants based on open source software and self-developed business software.
02 How "open source" makes money
Literally, open source refers to the source code of open software to users, but simply providing source code is not the standard definition of "open source software" at present, but software provides source code to users and grants the freedom to modify and continue to evolve, so the differences in regulations for the redistribution of modified software have formed different open source software licensing systems.
At present, the licensing system of open source software is mainly divided into two categories: one is mandatory to re-open source, representative of which is the GPL licensing system; the other is not mandatory to derive open source, for the relaxation of open source licenses, representative of BSD, MIT, Apache and other licensing systems. The GPL licensing system mandates that the source code be provided at the time of downstream "distribution", and does not change the compatibility of the GPL, restricting the transition from open source software to non-open source software (but the definition of "distribution" has room for exploitation).
The mandatory continuation of open source has led to different variants of licenses to service providers, especially cloud service providers, such as the AGPL. Because of the excessive limitations and complexity, the acceptance of the AGPL is limited.
The business model of open source software can be divided into the following categories:
1 Open source does not change the basic pattern of how software works
The quality of software depends on the continuous repair of exposed problems during design, implementation, testing and operation, open source software only changes the development stage and distribution pattern, and other software laws are still the same. It is not feasible to completely hand over technical support to users, and supporting the customer's business operation and ensuring the quality of service is still an important part of the software business.
2 Open source has become a model and promoter of distributed collaborative development models
There are also differences between closed and open governance of open source software projects, and there are two common ways to lead and manage open source projects. One is that the project belongs to a foundation organization, such as Apache, and the other is a management model that is led by the initiator or creator, such as MySQL and Linux cores. It's hard to tell in a simple way which way is necessarily the best, but relatively speaking, being run by a reputable nonprofit with a mature institutional model is more likely to be trusted and attract a wider range of participants.
3 Open source does not equal free
The name Free Software chosen by free software is often misunderstood as "free", in fact, here free means "free", and open source is the embodiment of the spirit of software freedom. Today, even for software that promises to be fully open source, such as Linux, the main form of commercialization is still the provision of quality-assured distributions and technical support services, and charging licensing fees is not a recognized form of business. MySQL is a special case because it offers different software licenses at the same time, and the commercial and community versions of the software are essentially two products, the fundamental reason is that all intellectual property related to MySQL belongs to a single commercial entity.
4 Delivering software as a distribution and providing services on the cloud remains the mainstream business model
At present, most users of software are not developers of the software itself. Relying on users to solve problems and evolve continuously is neither necessary nor realistic. The overall validation testing and optimization efforts, guaranteeing quality and compatibility, are essentially no different from the release of proprietary software that is not open source.
03 Challenges of using open source software
Most businesses exist as industry open sourcers and industry users, and the challenges they face are different.
1 The Challenge of IT Architecture Governance – The CIO's Perspective
Different enterprises use open source software differently because of their different stages of IT construction. Either way, ultimately, unified governance of the IT architecture needs to be considered.
First, the entire business of the new enterprise is built with open source software from the start. It is common in Internet companies and enterprises founded after the open source has reached a relatively mature stage. These companies have IT capabilities as their core competency, and the platform technology team is fully capable of adopting open source and customized open source derivatives. However, with the development of customized systems, code changes and software upgrades face great challenges, and they are forced to choose to continue to increase technical investment, or move towards a conservative state of avoiding changes and fall into a backward situation.
Second, traditional enterprises partially replace commercial software with open source software. Commonly founded in large and medium-sized enterprises for a long time, long-term use of commercial software to enjoy software technology services. New technologies and new development methods also make it impossible for new business developments to reject software that is already open source.
Third, specific industries choose commercial software at a certain stage of development, and after crossing the development steps, they re-embrace open source software and increase their own research and development investment, typically such as Alibaba.
In view of the characteristics of open source software itself, the different version routes, and the complexity of different application open source combinations, different enterprises have the right to choose different enterprise-level technical architecture routes.
2 Autonomous and controllable challenges
There are roughly two understandings of the meaning of "autonomous". One refers to the use of software within the scope of sovereignty that the manufacturer has complete intellectual property control, not limited by the supply of foreign products and services, so the "main" here refers to the national subject; the other "main" refers to the enterprise itself, which can freely modify and use the software according to its own needs and ideas according to its own needs and ideas.
"Controllable" corresponds to "card neck", whether it is open source community or commercially licensed software. Some companies want to stop sourcing commercial distributions and commercial services of open source software from now on. It is true that there are successful examples of concentrating on their own research and development, controlling themselves, giving up external commercial dependence in specific scenarios, starting another stove, and making a completely independent set of products. This approach also requires a large number of good software engineers and a lot of experience.
For most enterprises, in order to be autonomous and controllable, it is best to carefully study the code, architecture, and testing of open source software. The trick here is to collaborate with the mainstream community of software products. The more likely you are to face risks, the more you should extensively establish a connection with the open source business ecosystem, unless it is really cut off by external objective irresistible reasons.
3 Cost controllable challenges
The cost of most open source software is hidden, from the cost of ongoing quality control, upgrades, and operational services. Although the quality and reliability of widely used open source software are high, it is very difficult to support the continuous operation of a large number of source code products by relying on the technical strength within a single enterprise.
There is still a need to avoid a cognitive misunderstanding: the licensing cost of a single piece of software is not the whole investment, and the subsequent support investment is the highlight. Companies must move beyond simple bottom-line cost models or ROI calculation logic to see overall costs from a business perspective.
4 Security challenges
The massive increase in the open source community over the past few years, as well as media coverage of some recent data breaches, has led to an increased focus on open source security. Statistically, 84% of open source code repositories contain at least one vulnerability, and 60% of audited codebases contain high-risk vulnerabilities. In December 2021, the latest log4j2 remote code execution vulnerability is a typical event, which has a huge impact and can cause serious harm if exploited by an attacker.
5 Compliance challenges
The Opinions on Regulating the Application and Development of Open Source Technologies in the Financial Industry clearly states that financial institutions should comply with the relevant laws and licensing requirements of open source technologies, use open source technologies in compliance, and clarify the scope of use and use rights and obligations of open source technologies.
In order to proactively discover problems, the initial stage can consider the use of centralized scanning, and the source code open source compliance scan is carried out in batches before the release of the software version used. But once a problem is discovered, the time left for the developer to fix the problem is too short. How to efficiently count the licensing and use of open source products in the enterprise, quickly correct the use of non-compliance, and form a list of enterprise open source software compliance is one of the major challenges faced by enterprises in using open source software compliance.
04 The Challenge of Enterprise "Open Source"
1 The challenge of building an ecosystem
The early operation of the open source community did not reflect the actual application of open source technology in various industries and enterprises. At present, the operation of open source communities and foundations pays more attention to industrial communication and user sharing, and the cloud-based usage statistics of software products may form a new ecological operation mechanism.
2 Business model challenges
The business model of open source products basically incorporates the following four models: Open-Core, which also provides differentiated business products; Professional Services; Hosting; and Market place, which provides app stores, app marketplaces, and plugins.
For successful open source companies, the most common model is open core products, with hosting, services as a second and third source of revenue. However, as market competition and customers continue to change, none of these models may apply.
Image: 7wData
05 Open source in the "cloud era"
Widely used open source software licenses were formulated earlier, when cloud computing had not yet appeared or had no major impact, and the license terms were mainly aimed at the situation where the software was mainly distributed. Cloud services, especially the software contained in the packaged PaaS service, circumvent the obligation of mandatory re-open source such as the GPL, and the cloud services derived from open source have to a certain extent connived at cloud vendors to reduce their contribution to open source.
The continuous development of public clouds has proved that closed-source infrastructure and supporting platform software no longer have a universal future.
Mainstream open source software and mainstream cloud vendors are the future development direction, and large cloud vendors invest manpower and funds to help open source projects continue to develop. Open source software running on the cloud to varying degrees, providing technical capabilities, will be the primary choice for enterprise IT in the future. Software, especially technology platform software, requires a lot of test verification and optimization adjustment to achieve the best stability and cost performance, and the public cloud operating environment and the massive and differentiated customer scenarios it supports provide the best environment for the maturity of the software.
For users, it is not realistic for applications to switch between different cloud platforms without changing a single line of code, but it should be a realistic and feasible approach to pursue the ability of Yunte not to invade the application code but only to play a role at the control level.
Overall, the innate nature of the cloud and its ability to evolve since its inception have provided a natural ability to address the challenges posed by the sustainable use of open source software by enterprises.
The cloud platform can better focus on solving security and compliance issues, and scan, vulnerability scanning, upgrades, etc. for different open source software compliance. Cloud vendors themselves are the biggest users of open source and best practices, which can help enterprises block the risk of trial and error.
The cloud platform is naturally a collaborative platform that allows open source contributors and open source users to communicate with each other on the cloud to drive development.
06 Why "open source" cannot be avoided
The application breadth and depth of open source basic software have been improved
Early open source software was concentrated on the application side, but important basic software, such as operating systems, databases, etc., still adopted a closed and proprietary development model.
Today, 97% of software developers and 99% of enterprises use open source software. The "Open Source Ecology White Paper (2020)" of the Chinese Academy of Information and Communications Technology pointed out that in recent years, domestic enterprises have gradually focused on the layout of open source projects in the field of basic software, and a number of open source projects have emerged in the fields of operating systems, databases, middleware, etc., including many top open source projects of international foundations.
The value created by open source software is highlighted
Open source has become a powerful technological innovation model for global digital technology, and has moved from the initial software industry to hardware, chips, video, IoT, AI and other fields. New products are open source, new architectures are open source, new platforms are also open source, and even top research results are released in open source form.
The state has never paid more attention to open source software
In 2021, the 14th Five-Year Plan clearly states that it is necessary to "support the development of innovative consortiums such as digital technology open source communities, improve the open source intellectual property and legal system, and encourage enterprises to open software source code, hardware design and application services". There is no doubt that open source is supported by the national strategic level and will embark on the fast track of leapfrog development.
Read the full article and click "Read the original article" in the lower left corner
This article is the original article of Geek Park, please contact Geek Jun WeChat geekparkGO for reprint