BusinessComputingFoodPolitics

The future of open source is still very much in flux


When Xerox donated a new laser printer to the MIT Artificial Intelligence Lab in 1980, the company couldn’t have known that the machine would ignite a revolution. The printer jammed. And according to the 2002 book Free as in Freedom, Richard M. Stallman, then a 27-year-old programmer at MIT, tried to dig into the code to fix it. He expected to be able to: he’d done it with previous printers.

The early decades of software development generally ran on a culture of open access and free exchange, where engineers could dive into each other’s code across time zones and institutions to make it their own or squash a few bugs. But this new printer ran on inaccessible proprietary software. Stallman was locked out—and enraged that Xerox had violated the open code-sharing system he’d come to rely on. 

A few years later, in September 1983, Stallman released GNU, an operating system designed to be a free alternative to one of the dominant operating systems at the time: Unix. Stallman envisioned GNU as a means to fight back against the proprietary mechanisms, like copyright, that were beginning to flood the tech industry. The free-software movement was born from one frustrated engineer’s simple, rigid philosophy: for the good of the world, all code should be open, without restriction or commercial intervention. 

Forty years later, tech companies are making billions on proprietary software, and much of the technology around us—from ChatGPT to smart thermostats—is inscrutable to everyday consumers. In this environment, Stallman’s movement may look like a failed values experiment crushed under the weight of commercial reality. But in 2023, the free and open-source software movement is not only alive and well; it has become a keystone of the tech industry. 

Today, 96% of all code bases incorporate open-source software. GitHub, the biggest platform for the open-source community, is used by more than 100 million developers worldwide. The Biden administration’s Securing Open Source Software Act of 2022 publicly recognized open-source software as critical economic and security infrastructure. Even AWS, Amazon’s money-making cloud arm, supports the development and maintenance of open-source software; it committed its portfolio of patents to an open use community in December of last year. Over the last two years, while public trust in private technology companies has plummeted, organizations including Google, Spotify, the Ford Foundation, Bloomberg, and NASA have established new funding for open-source projects and their counterparts in open science efforts—an extension of the same values applied to scientific research.

The fact that open-source software is now so essential means that long-standing leadership and diversity issues in the movement have become everyone’s problems. Many open-source projects began with “benevolent dictator for life” (BDFL) models of governance, where original founders hang on to leadership for years—and not always responsibly. Stallman and some other BDFLs have been criticized by their own communities for misogynistic or even abusive behavior. Stallman stepped down as president of the Free Software Foundation in 2019 (although he returned to the board two years later). Overall, open-source participants are still overwhelmingly white, male, and located in the Global North. Projects can be overly influenced by corporate interests. Meanwhile, the people doing the hard work of keeping critical code healthy are not consistently funded. In fact, many major open-source projects still operate almost completely on volunteer steam.

Challenges notwithstanding, there’s plenty to celebrate in 2023, the year of GNU’s 40th birthday. The modern open-source movement persists as a collaborative haven for transparent ways of working within a highly fragmented and competitive industry. Selena Deckelmann, chief product and technology officer at the Wikimedia Foundation, says the power of open source lies in its “idea that people anywhere can collaborate together on software, but also on many [more] things.” She points out that tools to put this philosophy into action, like mailing lists, online chat, and open version control systems, were pioneered in open-source communities and have been adopted as standard practice by the wider tech industry. “We found a way for people from all over the world, regardless of background, to find a common cause to collaborate with each other,” says Kelsey Hightower, an early contributor to Kubernetes, an open-source system for automating app deployment and management, who recently retired from his role as a distinguished engineer at Google Cloud. “I think that is pretty unique to the world of open source.” 

The 2010s backlash against tech’s unfettered growth, and the recent AI boom, have focused a spotlight on the open-source movement’s ideas about who has the right to use other people’s information online and who benefits from technology. Clement Delangue, CEO of the open-source AI company Hugging Face, which was recently valued at $4 billion, testified before Congress in June of 2023 that “ethical openness” in AI development could help make organizations more compliant and transparent, while allowing researchers beyond a few large tech companies access to technology and progress. “We’re in a unique cultural moment,” says Danielle Robinson, executive director of Code for Science and Society, a nonprofit that provides funding and support for public-interest technology. “People are more aware than ever of how capitalism has been influencing what technologies get built, and whether you have a choice to interact with it.” Once again, free and open-source software have become a natural home for the debate about how technology should be.

Free as in freedom

The early days of the free-software movement were fraught with arguments about the meaning of “free.” Stallman and the Free Software Foundation (FSF), founded in 1985, held firm to the idea of four freedoms: people should be allowed to run a program for any purpose, study how it works from the source code and change it to meet their needs, redistribute copies, and distribute modified versions too. Stallman saw free software as an essential right: “Free as in free speech, not free beer,” as his apocryphal slogan goes. He created the GNU General Public License, what’s known as a “copyleft” license, to ensure that the four freedoms were protected in code built with GNU.

Linus Torvalds, the Finnish engineer who in 1991 created the now ubiquitous Unix alternative Linux, didn’t buy into this dogma. Torvalds and others, including Microsoft’s Bill Gates, believed that the culture of open exchange among engineers could coexist with commerce, and that more-restrictive licenses could forge a path toward both financial sustainability and protections for software creators and users. It was during a 1998 strategic meeting of free-software advocates—which notably did not include Stallman—that this pragmatic approach became known as “open source.” (The term was coined and introduced to the group not by an engineer, but by the futurist and nano­technology scholar Christine Peterson.) 

Christine Peterson
Christine Peterson, a futurist and lecturer in the field of nanotechnology, coined the term “open source” in 1998.
PETER ADAMS

Karen Sandler, executive director of the Software Freedom Conservancy, a nonprofit that advocates for free and open-source software, saw firsthand how the culture shifted from orthodoxy to a big-tent approach with room for for-profit entities when she worked as general counsel at the Software Freedom Law Center in the early 2000s. “The people who were ideological—some of them stayed quite ideological. But many of them realized, oh, wait a minute, we can get jobs doing this. We can do well by doing good,” Sandler remembers. By leveraging the jobs and support that early tech companies were offering, open-source contributors could sustain their efforts and even make a living doing what they believed in. In that manner, companies using and contributing to free and open software could expand the community beyond volunteer enthusiasts and improve the work itself. “How could we ever make it better if it’s just a few radical people?” Sandler says. 

As the tech industry grew around private companies like Sun Microsystems, IBM, Microsoft, and Apple in the late ’90s and early ’00s, new open-source projects sprang up, and established ones grew roots. Apache emerged as an open-source web server in 1995. Red Hat, a company offering enterprise companies support for open-source software like Linux, went public in 1999. GitHub, a platform originally created to support version control for open-source projects, launched in 2008, the same year that Google released Android, the first open-source phone operating system. The more pragmatic definition of the concept came to dominate the field. Meanwhile, Stallman’s original philosophy persisted among dedicated groups of believers—where it still lives today through nonprofits like FSF, which only uses and advocates for software that protects the four freedoms. 

“If a company only ends up just sharing, and nothing more, I think that should be celebrated.”

Kelsey Hightower, early contributor to Kubernetes

As open-source software spread, a bifurcation of the tech stack became standard practice, with open-source code as the support structure for proprietary work. Free and open-source software often served in the underlying foundation or back-end architecture of a product, while companies vigorously pursued and defended copyrights on the user-facing layers. Some estimate that Amazon’s 1999 patent on its one-click buying process was worth $2.4 billion per year to the company until it expired. It relied on Java, an open-source programming language, and other open-source software and tooling to build and maintain it.

Today, corporations not only depend on open-source software but play an enormous role in funding and developing open-source projects: Kubernetes (initially launched and maintained at Google) and Meta’s React are both robust sets of software that began as internal solutions freely shared with the larger technology community. But some people, like the Software Freedom Conservancy’s Karen Sandler, identify an ongoing conflict between profit-­driven corporations and the public interest. “Companies have become so savvy and educated with respect to open-source software that they use a ton of it. That’s good,” says Sandler. At the same time, they profit from their proprietary work—which they sometimes attempt to pass off as open too, a practice the scholar and organizer Michelle Thorne dubbed “openwashing” in 2009. For Sandler, if companies don’t also make efforts to support user and creator rights, they’re not pushing forward the free and open-source ethos. And she says for the most part, that’s indeed not happening: “They’re not interested in giving the public any appreciable rights to their software.” 

Others, including Kelsey Hightower, are more sanguine about corporate involvement. “If a company only ends up just sharing, and nothing more, I think that should be celebrated,” he says. “Then if for the next two years you allow your paid employees to work on it, maintaining the bugs and issues, but then down the road it’s no longer a priority and you choose to step back, I think we should thank [the company] for those years of contributions.” 

In stark contrast, FSF, now in its 38th year, holds firm to its original ideals and opposes any product or company that does not support the ability for users to view, modify, and redistribute code. The group today runs public action campaigns like “End Software Patents,” publishing articles and submitting amicus briefs advocating the end of patents on software. The foundation’s executive director, Zoë Kooyman, hopes to continue pushing the conversation toward freedom rather than commercial concerns. “Every belief system or form of advocacy needs a far end,” she says. “That’s the only way to be able to drive the needle. [At FSF], we are that far end of the spectrum, and we take that role very seriously.” 

Free as in puppy

Forty years on from the release of GNU, there is no singular open-source community, “any more than there is an ‘urban community,’” as researcher and engineer Nadia Asparouhova (formerly Eghbal) writes in her 2020 book Working in Public: The Making and Maintenance of Open Source Software. There’s no singular definition, either. The Open Source Initiative (OSI) was founded in 1998 to steward the meaning of the phrase, but not all modern open-source projects adhere to the 10 specific criteria OSI laid out, and other definitions appear across communities. Scale, technology, social norms, and funding also range widely from project to project and community to community. For example, Kubernetes has a robust, organized community of tens of thousands of contributors and years of Google investment. Salmon is a niche open-source bioinformatics research tool with fewer than 50 contributors, supported by grants. OpenSSL, which encrypts an estimated 66% of the web, is currently maintained by 18 engineers compensated through donations and elective corporate contracts.

The major discussions now are more about people than technology: What does healthy and diverse collaboration look like? How can those who support the code get what they need to continue the work? “How do you include a voice for all the people affected by the technology you build?” asks James Vasile, an open-source consultant and strategist who sits on the board of the Electronic Frontier Foundation. “These are big questions. We’ve never grappled with them before. No one was working on this 20 years ago, because that just wasn’t part of the scene. Now it is, and we [in the open-source community] have the chance to consider these questions.”

“We need designers, ethnographers, social and cultural experts. We need everyone to be playing a role in open source.”

Michael Brennan, senior program officer, Ford Foundation

“Free as in puppy,” a phrase that can be traced back to 2006, has emerged as a valuable definition of “free” for modern open-source projects—one that speaks to the responsibilities of creators and users to each other and the software, in addition to their rights. Puppies need food and care to survive; open-source code needs funding and “maintainers,” individuals who consistently respond to requests and feedback from a community, fix bugs, and manage the growth and scope of a project. Many open-source projects have become too big, complicated, or important to be governed by one person or even a small group of like-minded individuals. And open-source contributors have their own needs and concerns, too. A person who’s good at building may not be good at maintaining; someone who creates a project may not want to or be able to run it indefinitely. In 2018, for instance, Guido van Rossum, the creator of the open-source programming language Python, stepped down from leadership after almost 30 years, exhausted from the demands of the mostly uncompensated role. “I’m tired,” he wrote in his resignation message to the community,  “and need a very long break.” 

Supporting the people who create, maintain, and use free and open-source software requires new roles and perspectives. Whereas the movement in its early days was populated almost exclusively by engineers communicating across message boards and through code, today’s open-source projects invite participation from new disciplines to handle logistical work like growth and advocacy, as well as efforts toward greater inclusion and belonging. “We’ve shifted from open source being about just the technical stuff to the broader set of expertise and perspectives that are required to make effective open-source projects,” says Michael Brennan, senior program officer with the Technology and Society program at the Ford Foundation, which funds research into open internet issues. “We need designers, ethnographers, social and cultural experts. We need everyone to be playing a role in open source if it’s going to be effective and meet the needs of the people around the world.” 

One powerful source of support arrived in 2008 with the launch of GitHub. While it began as a version control tool, it has grown into a suite of services, standards, and systems that is now the “highway system” for most open-source development, as Asparouhova puts it in Working in Public. GitHub helped lower the barrier to entry, drawing wider contribution and spreading best practices such as community codes of conduct. But its success has also given a single platform vast influence over communities dedicated to decentralized collaboration. 

Demetris Cheatham, until recently GitHub’s senior director for diversity and inclusion strategy, took that responsibility very seriously. To find out where things stood, the company partnered with the Linux Foundation in 2021 on a survey and resulting report on diversity and inclusion within open source. The data showed that despite a pervasive ethos of collaboration and openness (more than 80% of the respondents reported feeling welcome), communities are dominated by contributors who are straight, white, male, and from the Global North. In response, Cheatham, who is now the company’s chief of staff, focused on ways to broaden access and promote a sense of belonging. GitHub launched All In for Students, a mentorship and education program with 30 students drawn primarily from historically Black colleges and universities. In its second year, the program expanded to more than 400 students. 

Representation has not been the only stumbling block to a more equitable open-source ecosystem. The Linux Foundation report showed that only 14% of open-source contributors surveyed were getting paid for their work. While this volunteer spirit aligns with the original vision of free software as a commerce-free exchange of ideas, free labor presents a major access issue. Additionally, 30% of respondents in the survey did not trust that codes of conduct would be enforced—suggesting they did not feel they could count on a respectful working environment. “We’re at another inflection point now where codes of conduct are great, but they’re only a tool,” says Code for Science and Society’s Danielle Robinson. “I’m starting to see larger cultural shifts toward rethinking extractive processes that have been a part of open source for a long time.” Getting maintainers paid and connecting contributors with support are now key to opening up open source to a more diverse group of participants.

With that in mind, this year GitHub established resources specifically for maintainers, including workshops and a hub of DEI tools. And in May, the platform launched a new project to connect large, well-resourced open-source communities with smaller ones that need help. Cheatham says it’s crucial to the success of any of these programs that they be shared for free with the broader community. “We’re not inventing anything new at all. We’re just applying open-source principles to diversity, equity, and inclusion,” she says. 

GitHub’s influence over open source may be large, but it is not the only group working to get maintainers paid and expand open-source participation. The Software Freedom Conservancy’s Outreachy diversity initiative offers paid internships; as of 2019, 92% of past Outreachy interns have identified as women and 64% as people of color. Open-source fundraising platforms like Open Collective and Tidelift have also emerged to help maintainers tap into resources. 

The philanthropic world is stepping up too. The Ford Foundation, the Sloan Foundation, Omidyar Network, and the Chan Zuckerberg Initiative, as well as smaller organizations like Code for Science and Society, have all recently begun or expanded their efforts to support open-source research, contributors, and projects—including specific efforts promoting inclusion and diversity. Govind Shivkumar from Omidyar Network told MIT Technology Review that philanthropy is well positioned to establish funding architecture that could help prove out open-source projects, making them less risky prospects for future governmental funding. In fact, research supported by the Ford Foundation’s Digital Infrastructure Fund contributed to Germany’s recent creation of a national fund for open digital infrastructure. Momentum has also been building in the US. In 2016 the White House began requiring at least 20% of government-­developed software to be open source. Last year’s Securing Open Source Software Act passed with bipartisan support, establishing a framework for attention and investment at the federal level toward making open-source software stronger and more secure.

The fast-approaching future

Open source contributes valuable practices and tools, but it may also offer a competitive advantage over proprietary efforts. A document leaked in May from Google argued that open-source communities had pushed, tested, integrated, and expanded the capabilities of large language models more thoroughly than private efforts could’ve accomplished on their own: “Many of the new ideas [in AI development] are from ordinary people. The barrier to entry for training and experimentation has dropped from the total output of a major research organization to one person, an evening, and a beefy laptop.” The recently articulated concept of Time till Open Source Alternative (TTOSA)—the time between the release of a proprietary product and an open-source equivalent—also speaks to this advantage. One researcher estimated the average TTOSA to be seven years but noted that the process has been speeding up thanks to easy-to-use services like GitHub. 

At the same time, much of our modern world now relies on underfunded and rapidly expanding digital infrastructure. There has long been an assumption within open source that bugs can be identified and solved quickly by the “many eyes” of a wide community—and indeed this can be true. But when open-source software affects millions of users and its maintenance is handled by handfuls of underpaid individuals, the weight can be too much for the system to bear. In 2021, a security vulnerability in a popular open-source Apache library exposed an estimated hundreds of millions of devices to hacking attacks. Major players across the industry were affected, and large parts of the internet went down. The vulnerability’s lasting impact is hard to quantify even now.

Other risks emerge from open-source development without the support of ethical guardrails. Proprietary efforts like Google’s Bard and OpenAI’s ChatGPT have demonstrated that AI can perpetuate existing biases and may even cause harm—while also not providing the transparency that could help a larger community audit the technology, improve it, and learn from its mistakes. But allowing anyone to use, modify, and distribute AI models and technology could accelerate their misuse. One week after Meta began granting access to its AI model LLaMA, the package leaked onto 4chan, a platform known for spreading misinformation. LLaMA 2, a new model released in July, is fully open to the public, but the company has not disclosed its training data as is typical in open-source projects—putting it somewhere in between open and closed by some definitions, but decidedly not open by OSI’s. (OpenAI is reportedly working on an open-source model as well but has not made a formal announcement.)

“There are always trade-offs in the decisions you make in technology,” says Margaret Mitchell, chief ethics scientist at Hugging Face. “I can’t just be wholeheartedly supportive of open source in all cases without any nuances or caveats.” Mitchell and her team have been working on open-source tools to help communities safeguard their work, such as gating mechanisms to allow collaboration only at the project owner’s discretion, and “model cards” that detail a model’s potential biases and social impacts—information researchers and the public can take into consideration when choosing which models to work with. 

Open-source software has come a long way since its rebellious roots. But carrying it forward and making it into a movement that fully reflects the values of openness, reciprocity, and access will require careful consideration, financial and community investment, and the movement’s characteristic process of self-improvement through collaboration. As the modern world becomes more dispersed and diverse, the skill sets required to work asynchronously with different groups of people and technologies toward a common goal are only growing more essential. At this rate, 40 years from now technology might look more open than ever—and the world may be better for it. 

Rebecca Ackermann is a writer, designer, and artist based in San Francisco.



Source link