Open Source’s Big Challenges Today: Cloud, IoT and Closed Distributions
Open source has become the way to build software. But that does not mean open source has overcome all challenges. New ones are arising as the cloud and embedded computing (including in the Internet of Things) expand.
Open source has become the “default” way to build software. But that does not mean open source has overcome all challenges. New ones are arising as the cloud and embedded computing (including in the Internet of Things) expand.
The software world has come very far since Richard Stallman launched the free software movement by founding GNU in 1984. It drives billion-dollar businesses like Red Hat. It powers a majority of smartphones in the form of Android (which is only kind of open source, but still). It delivers scalable, low-cost ways to build clouds through platforms like OpenStack and ownCloud.
Plus, even companies like Microsoft are now proclaiming their love for Linux and other open source projects.
Open Source’s New Challenges: The Cloud and Embedded Computing
Yet for all the markets that open source (and, you know, free software) has conquered in the past three decades, and all the erstwhile enemies it has turned into (nominal) friends, the open source community cannot sit back and rest on its laurels.
Instead, open source developers and supporters need to adapt to meet an ever-changing set of new challenges, which present novel problems for people who believe software works best when source code is freely and publicly shared. Here are the three biggest challenges to open source today.
Several leading public cloud platforms, like Amazon AWS and Rackspace, are built largely on open source software. But the cloud can also be a bad thing for software freedom because, in a way, it places even more restrictions on the way people can use a program than closed-source software running locally does. With cloud software, users have very little control over how a program operates, or the data they feed into it — even if the program running in the cloud is comprised of open source code.
Complicating matters is the fact that free and open source licenses were written long before the advent of the cloud. Since providing access to software through the cloud is different from distributing it to users to run locally, licenses that were designed only with local computing in mind may not apply in cases where the code owners can say that they are not distributing programs publicly because they run only in the cloud.
That’s part of the reason why Stallman has called the cloud “worse than stupidity.” That’s an overstatement; the cloud is not inherently dangerous for software users’ freedom. But it can provide a way to skirt the protections of source code that free and open source software licenses are supposed to provide. The GNU Affero license offers a partial solution, but a complete answer for protecting open source in the cloud age remains elusive.
Like the cloud, devices that use embedded software, such as smart appliances and IoT sensors, present something of a paradox. On the one hand, the need for software customization and minimal resource overhead on these hardware platforms makes them an obvious place to deploy Linux and other software that programmers can easily modify and trim. Yet at the same time, the lack of practical ways for users to control the software on these devices means that they offer little software freedom, even if the code running on them is completely free and open source.
For example, your smart thermostat may run Linux. (The popular Nest thermostats do, among others.) But unlike a traditional computer powered by free and open source software, a thermostat doesn’t come with much in the way of input or peripheral devices, which you need if you want to modify how the software on the devices run easily.
Plus, even if you can access the device, there’s a good chance that much of the hardware inside is undocumented, which makes it hard to work with. In a way, this is the continuation of the “binary blob” saga into the IoT age. Binary blogs have plagued the open source community for decades. It’s not uncommon for, say, wireless cards inside a GNU/Linux PC to require closed-source firmware in order to work. But at least then only a small part of the hardware is undocumented, and accessing the device in order to reverse-engineer firmware is more feasible because you have a traditional computing environment to work from.
Of course, hackers will hack, and some have already figured out ways around these restrictions for smart devices. But as IoT continues to take off, and devices in this market become dumber (which will happen in many cases as vendors build, for instance, IoT sensors with very minimal hardware capabilities), people who want to keep this ecosystem open are likely to find themselves fighting an ongoing battle with device manufacturers who might use open code internally, but do little to offer truly open collaboration.
The Closed Distribution Phenomenon
A third challenge is the tendency of the newer big open source projects to work well only when they are redistributed in value-added form by third-party vendors. This is the case with the Hadoop big data platform, for example. If you want to run Hadoop in a production environment, you probably don’t grab it from Apache directly. You adopt a Hadoop distribution from a vendor like Talend, Hortonworks or Cloudera.
The same is true in the case of OpenStack. And it will probably happen with container platforms like Docker once they have fully evolved. You’re not going to run these things by downloading and building the source code yourself. You’ll use a platform that comes with them already built and integrated.
This is not very different from what has been happening since the early 1990s with GNU/Linux distributions, of course. But what has changed is that the interoperability and openness of the distributions of platforms like Hadoop and OpenStack vary widely. Although the code at the base of them is always open, some distributions integrate easily with third-party software, while others are designed only to plug into a particular vendor’s software stack. In the latter case you end up with code that is nominally open, but in practice does not give users much freedom.
There is no good answer to this challenge yet. If one develops, it will probably be because market pressure forces distributors to be more open. But it remains to be seen how this will play out.
None of the above is to say that the cloud and and embedded computing are beyond the reach of fully open source solutions. If there is one thing that is clear from the four-decade history of free and open source software, it’s the remarkable ability of programmers and legal minds in this space to overcome imposing challenges.
For now, however, completely open solutions on these new frontiers are rare. In order to keep innovating, the open source ecosystem will need to develop technical and licensing strategies that can overcome all of the challenges of the cloud and IoT.