New Technology

Opening source code is the main trend

Author/Li Huichao      [Issue Date: 2015/8/5]

Preface

Just a few years ago, it was open to debate if open source would be the future. what particularly impressive the public is that Microsoft's former CEO, Steve Ballmer, described opening source as cancer, and what’s more Microsoft's founder, Bill Gates, criticized that Linux liked students playing a game, and meanwhile for the commercial market was not mature, he believed that Linux could not be used in any situation were power was needed.

In recent years, as the mainstream development platforms gradually embraced open source, Linux took over the supercomputer market. Among the world's top 500 supercomputers, in 2014, the number of supercomputers running the Linux operating system had grown to 485 (in 2000 it was 54, only about 10%). In fact, as early as 2007, the Linux operating system had already significantly penetrated Wall Street and was being used for its open source benefits to help them deal with huge money and stock exchange markets. What is more, natural user interface elements have been entering the digital world in particular as input tools and in form of touch, sound, gesture, emotion signals and so on. New output methods have arrived and include three-dimensional printing, augmented reality and programmable material. Open-source projects are using these new methods and are no longer confined to traditional means such as audio & video and text. The rise of Android (a Linux-based operating system) will further bring an increase of open-source projects in the industrial field. We see open-source among smart phone, tablet PCs, home desktop computers, intelligent televisions, office notebook computers, servers in the machine room, unmanned aircraft, unmanned vehicles, 3D printing, robots, clouds, smart cities, the internet of things and so on. Open source can be said to be flourishing everywhere and has deeply pervades enterprises, industries, and the daily lives of you and me.

In the past 15 years, developers have expressed their preference for open-source tools and platforms and this has forced Apple to embrace open-source. Apple's plans include the open-source Swift programming language that was introduced at the end of 2015. Even in the Windows world which has been in competition more than a decade, after Microsoft's new CEO, Staya Nadella, took office in 2014, Microsoft began to shout, "Microsoft loves Linux", and what's more in November of the same year, Microsoft decided to open source and the release of .NET server-side, allowing .NET applications to execute on Linux and OS X, which dropped a shocker in the open source community and was a new milestone in the history of open source. Even Google has admitted that open source has become a mainstream trend in today's IT industry.

The Cloud Era will be an Open Source World

The open-source cloud operating system OpenStack, known as cloud Linux in the cloud circles, won first place among the most popular open-source projects in 2014 released by the Linux foundation. It can even be said that OpenStack has become the standard cloud platform operating system.

Since being established in 2010, OpenStack has attracted many leading software and hardware companies looking to take advantage of OpenStack opportunities. Red Hat announced 3 year-technical support of OpenStack's commercial version; Ubuntu / Canonical provided technical support for 5 years; HP and IBM have released their own OpenStack-based cloud services platform; even a few years ago Microsoft announced that Hyper-V had gained exchange functionality with OpenStack. In addition, OpenStack has attracted other companies, including Intel, Cisco, Dell, Hewlett-Packard, Oracle, Red Hat, AMD, IBM, VMware, Ubuntu, SUSE, EMC, SAP, Seagate, WD, NetApp and NEC.

Many IT departments in traditional enterprises, such as AT&T, French Orange Telecom, Yahoo, Paypal, Taobao and BMW, to name a few, have began using OpenStack to build their internal IaaS platforms. As these players have entered the market, OpenStack has changed the cloud industry. In the OpenStack ecosystem, there are now hundreds of manufactures that have emerged to provide services to thousands of enterprises and institutions. To assist companies compare the services provided by various manufacturers with detailed technical specifications and product information, OpenStack has released OpenStack market, which included a public cloud, application distribution, training and consulting, systems integration and drivers.

In world with emphasis on speed, companies need greater flexibility and freedom to expand and scale, OpenStack's open-source release allows companies to access all kinds of functions and program codes, greatly improving the speed and flexibility of the expanding cloud infrastructure. Again, since the open-source field changes quickly, to take the lead, developers must pay more attention to the latest changes in technology than IT developers focused on working on general business software. By open source projects, companies are able to keep up with the world's latest technology progress, so in the end their products are more competitive. In addition, open-source programs and projects are good opportunity for companies and manufacturers to understand what kind of knowledge and technology is owned by other experts.

After OpenStack, only two years later Docker came out. It is a lightweight virtualization technology and it also swept the IT world. In February 2013, Linux Torvalds, the father of Linux, announced that his organization would release Linux kernel version 3.8, which would reinforce the mechanisms of Control Groups and Namespaces and realize the Linux Container (LXC) for which the open source community had for many years rallied against. LXC not only subverts the the way developers create applications, but also changes MIS's traditional peacekeeping role. Many IT companies began to support Docker, as Microsoft has announced plans to built the Docker engine in Windows Server. However, the true cause of LXC's huge impact is the standardized platform for the Container build by Docker's company. Docker's founder and chief technology officer Solomon Hykes said Docker's real value is helping people build consensus to truly achieve an open-source spirit, rather than technology.

Development community platform subverts open-source economic mode

Since 2008, it was GitHub, a version control service, that made a significant change in the open-source community's interaction model. After a short period of 7 years, GitHub has become the world's largest hosting platform for open-source projects. It has more than nine million registers of developers, has established more than 20 million development projects, and even Google is planning to shut down its own Google Code service in favor of pushing GitHub. Meanwhile it also is Microsoft's first choice when they released .NET's core codes.

In previous program designer it is difficult to see someone else's code, but in GitHub, tracking functions allow developers to write code and develop a wide range of open-source projects together. Unlike the past open-source community with few technology developers involved, because of GitHub's appearance, people with no software development experience also can involve themselves in the development through increased records, release, version tracking and other functions, so more people can enter the open-source circle. GitHub has popularized the decentralized governance model Git with an easy-to-use Web interface, almost completely replacing the centralized model used by Subversion. GitHub addresses open-source program code, amendments, defects return and other production issues during the development process into a bonded data, and then converts them into social objects, thus creating a network effect similar to emerging social media, and so that the team of both Google Go and Microsoft .NET gave up their own open-source platform, and transferred to the GitHub to strive for the support of the community.

GitHub's success is due to the distributed design software Git but also the selection of the SaaS business model. The greatest power of GitHub's business model is self-service. Open-source software in the past could be gotten for free by everyone, so traditional open-source software companies mostly profit from authorization and providing support services, Red Hat for example, is a typical representative of this first generation of this open-source business model. "Traditional open-source model is the service contract type business model," and its downside is that a lot of contact with customers is needed in the sales process, for example contract negotiations between business people and customers. But GitHub's business model is to provide it for free and hope customers love to use as much as possible. After more and more use, the customers will naturally want to purchase advanced features almost without the persuasion of salesmen. The price strategy of GitHub service is that all public items are completely used free with no limit of users or data volume. Only when a person wants to establish a closed project on GitHub, users and customers need to pay monthly fees, and the more closed the projects are, the higher the costs. Afterwards a lot of open-source startups, Docker for example, also follows GitHub and adopts this new business model. This is very different from the past model.

Reflection in open source security

Trend Micro recently announced the importance of global information security trends, including growing attacks resulting from POS malware and mobile devices. For Shellshock vulnerabilities, the report also points out that the Shellshock flaw affects all versions of Bash before 4.3, and its severity in the classification of the US national vulnerability database is the highest score of 10. What's more, a hacker can obtain permission to execute arbitrary commands via the Shellshock vulnerability. The ease of attack is astounding.

Shellshock vulnerabilities affect a very wide range. In simple terms, Bash is everywhere, and exists in many systems that lack regular updates or support mechanisms, that is to say, there are still many vulnerable devices in the world. Apart from preventive efforts, it is more important to rethink the overall security of Linux and open-source software.

After the Shellshock vulnerability was confirmed, people began to seriously consider safety management of open-source projects; and the debate will certainly continue in future, but the fact cannot be changed that hackers can easily find open-source software vulnerabilities. We must remember that we are in a defensive position and also can obtain the source code and quickly fix any vulnerabilities that come to light, but for closed-source software program, you must rely on the updates provided by maintenance staff, so it's a mixed blessing.

The real highlight of this loophole is that it is necessary for the open-source projects and the user community to spend more time on user safety. For open-source projects, dedicated safety audits are necessity. Most of the projects have a good process of problems discovery and solving, but this is not enough, and we must advance to prevent such problems in the first place, which relies on all of us working together. If companies use open-source software, they should examine whether any program source security vulnerabilities exist in these applications, and the results will be returned to the project team after the review.

Conclusions

In the 1990s, open-source consisted of only a handful of developers with a fanatical love of open-source, but in the 21st century, the use of open-source has penetrated into all fields and become a mainstream trend. In 2014, the Internet of Things burst onto the scene and with rapid speed gained global popularity. In the next two to three years, more networking applications will be part of a larger outbreak, and the open-sourcing of the Internet of Things with enjoy a correspondingly rapid development. The following are some examples: Huawei launched LiteOS, a system specifically designed for the open-source of Internet of Things, to create a ecosystem of global Internet of Things; Google released a new open source project named Physical Web, hoping to establish a new standard for people to interact with the Internet of things; Apple also launched a card layout for Internet of Things through open-source Swift; Swift is based on advanced technology LLVM and has the dual advantages of being easy to learn and efficient, and uses Swift as the main firmware development language; Swift will become the most important program language in the process of developing applications for the Internet of Things in three years. According to the latest research from International Data Corporation (IDC), it can be seen that among IT's existing closed-end solution, estimated to 2018, about 60 percent will turn to open-source hardware and software, which will help to drive the popularization of the Internet of Things. (The author is currently serving NSK Services Total Office in Syscom Group.)

Data sources

1. iThome news, publication date: 2015-01-22, 2015-04-22
2. NM man, the 108th stage: industry trends