2021: A year in open source

Hear from CIOs, CTOs, and other C-level and senior executives about data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more


Let that OSS Enterprise newsletter accompany you on your open source journey! Sign up here.

Open source software (OSS) is never far from recognition and controversy, whether it’s a major security incident, trademark dispute, or flying a helicopter on Mars.

Let’s take a look back at some of the big OSS talking points of the year.

A serious open source bug

Above: The Log4j logo

Security is always a major discussion point in open source, and 2021 was no different. The biggest story of the year was almost certainly the zero-day vulnerability found in the Apache logging library Log4j, which is used by countless consumer and corporate organizations – from Apple’s iCloud to AWS and IBM.

Log4Shell, as the vulnerability is called, has existed since 2013, but was only discovered by Alibaba’s security staff at the end of November and made public two weeks later. It is considered particularly dangerous because it enables Remote Code Execution (RCE) and allows hackers to access remote systems and sensitive data. Log4Shell earned near-celebrity status with a Common Vulnerability Scoring System (CVSS) rating of 10.

Although the Apache team released a fix on December 6th, Log4j’s ubiquity across cloud services, infrastructure, and everything in between makes it difficult for any business to update their systems fast enough – and maybe not even at that to know that their software is primarily based on Log4j. Needless to say, attackers attempted to exploit Log4Shell in the wild and expanded its scope to include ransomware.

There are many lessons to be learned from this, as Justin Dorfman, open source program manager at Reblaze, wrote in VentureBeat:

“The incident shows how a flaw in seemingly simple infrastructure code can threaten the security of banks, tech companies, governments, and just about any other type of organization.”

However, in the wake of the Log4j vulnerability, the usual argument emerged, and countless people noticed that it shed light on the inherent security flaws of community-driven software. Others argued that the main problem was that when times were good, companies like to take advantage of open source, give nothing back and then point a finger at OSS when something goes wrong.

A somewhat sobering reminder: One of the main supervisors of the Log4j project – Ralph Goers, who fixed the vulnerability – has a full-time job as a software architect. Goers works on “Log4j and other open source projects” in his free time.

Poetic license

LAS VEGAS, NEVADA - NOVEMBER 30: Participants arrive during AWS re: Invent 2021,

Above: LAS VEGAS, NEVADA – NOVEMBER 30: Participants arrive during AWS re: Invent 2021,

Photo credit: Noah Berger / Stringer via Getty

One of the biggest points of discussion was probably at the turn of the year when Elastic announced that it was converting its database search engine Elasticsearch from an open source Apache 2.0 license to a duo of proprietary “source available” licenses. In the end, the move came as little surprise and was the culmination of years of disputes between Elastic and Amazon’s cloud computing offshoot Amazon Web Services (AWS).

As a completely open source project, any company could do what it wanted with Elasticsearch – including the “as-a-service” offering, as Amazon did when it launched the Amazon Elasticsearch Service in 2015. A chain reaction of events that made Elastic Ultimately prompted Elasticsearch – and the Kibana visualization dashboard – to switch to new licenses.

That Amazon had decided to use “Elasticsearch” in the name of its own managed service was one of the problems – it was a clear trademark infringement in the eyes of Elastic and caused confusion in the market as to which Elasticsearch service was which. Because of this, Elastic filed a lawsuit against Amazon back in 2019, but lawsuits are generally not a quick process. Additionally, the license change has helped accelerate Amazon’s development of the Elasticsearch brand. It worked, because just a week after Elastic announced the license change, Amazon announced that it would begin work on an open source Elasticsearch fork that would eventually ship under an entirely new name – OpenSearch.

There were also license refusals elsewhere in the open source area. Software Freedom Conservancy (SFC), of which Google and Red Hat are sponsors, sued Vizio, alleging that the smart TV maker violated two open source licenses by using and modifying software without publicly deriving the derived source code to make accessible. Vizio shows no sign of movement, however, and the case took a somewhat ugly turn when Vizio filed a motion to “remove” the case in California State Court, apparently based on a belief that “consumers do not have third party copyleft rights.”

The up-and-coming social network “Truth Social” of the former US President Donald Trump has apparently violated Mastodon’s open source license, with Mastodon originally threatening a lawsuit. The crux of the problem was that Truth Social’s Terms of Service claimed the code was entirely proprietary, and no reference was made to its Mastodon Foundation in any way – plus, the open source license provides that all derivative projects are as well must be made available under the same license.

Although the social network hasn’t officially launched yet, it appears to be doing a bit of meeting Mastodon’s licensing requirements – it recently confirmed that it was built on top of Mastodon, and the developers uploaded a ZIP file of its source code. Whether that’s enough remains to be seen, but the eyes of the open source community will remain on Trump’s company before the official launch in 2022.

Trademark disputes

Branding is by no means restricted to AWS vs. Elastic. Shortly before the start of the new year, Facebook asserted the trademark rights to the open source project “PrestoDB”. This created an issue for PrestoSQL, a fork created by the original Presto creators when they left Facebook – they were forced to change the name of their project to Trino.

Ten months later, by November, live streaming software provider Streamlabs OBS had to remove “OBS” from its name after being called upon by the open source OBS project on which it is based. Similar to AWS vs. Elastic, the focus was on avoiding brand confusion, with the OBS project’s Twitter account revealing that some of its volunteers dealt with disgruntled Streamlabs customers who appeared to be confused between the two entities.

Open source eats Mars

Open source software is so ubiquitous that it is often claimed that it is eating up the world. But when you can watch the very first Mars helicopter flight, open source software is eating the entire solar system.

The historic achievement was made possible by “an invisible team of open source developers from around the world,” wrote former GitHub CEO Nat Friedman. About 12,000 developers contributed to open source projects that were used in the software that made the helicopter’s maiden flight in the Red Planet possible – and yet “most of these developers don’t even know they contributed to the first Make Mars helicopter flight possible, ”Friedman noted.

To mark the occasion, GitHub placed a Mars 2020 Helicopter Mission badge on the GitHub profile of every developer who contributed to code used in the mission.

Above: GitHub badge

Linux turns 30

Linux was first released on September 17, 1991, and the ubiquitous open source operating system proudly turned 30 that year.

It is impossible to underestimate the importance of Linux across the technological spectrum. Android – the world’s most widespread mobile operating system – is based on a modified version of the Linux kernel. Today, Linux is used in everything from automobiles to air traffic control to medical equipment, and it’s also widely used in web servers, most commonly Apache. In fact, the growth of the web for the past 30 years has been largely driven by Linux and similar open source software.

To the next 30 years of open source innovations.

VentureBeat

VentureBeat’s mission is to be a digital marketplace for technical decision makers to gain knowledge about transformative technologies and transactions. Our website provides essential information on data technologies and strategies to help you run your organization. We invite you to become a member of our community to gain access:

  • current information on the topics of interest to you
  • our newsletters
  • closed thought leadership content and discounted access to our award-winning events such as Transform 2021: Learn more
  • Network functions and more

become a member



Source link

Comments are closed.