2021: A year in open source

Hear from CIOs, CTOs, and other senior executives and leaders on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more


Leave him OSS Company Newsletter guide your open source journey! register here.

Open source software (OSS) is never too far from praise and controversy, whether it’s a major security incident, a marquee battle, or flying a helicopter on Mars.

Let’s take a look back at some big OSS talking points from the year.

A serious open source flaw

Above: the Log4j logo

Security is still a major topic of discussion in the open source world, and 2021 was no different. The biggest story of the year was almost certainly the zero-day vulnerability found in the Apache logging library Log4j, which is used by countless consumer and enterprise companies, from Apple’s iCloud to AWS and IBM.

Log4Shell, as the vulnerability is known, had been around since 2013, but was not discovered by Alibaba security staff until the end of November and publicly revealed two weeks later. It is considered particularly dangerous, since it enables remote code execution (RCE), allowing hackers to gain access to remote systems and sensitive data. Log4Shell was elevated to near-celebrity when it achieved a Common Vulnerability Scoring System (CVSS) security rating of 10.

Although the Apache team released a patch on December 6, Log4j’s ubiquity in cloud services, infrastructure, and everywhere in between, makes it difficult for every business to update their systems quickly enough. to know that their software relies on Log4j in the first place. Needless to say, attackers started looking to exploit Log4Shell in the wild and widened their reach into the realm of ransomware.

There are many lessons to be learned, as Justin Dorfman, Reblaze’s open source program manager, wrote in VentureBeat:

“The incident shows how a vulnerability in a seemingly simple piece of infrastructure code can threaten the security of banks, tech companies, governments, and just about any other type of organization.”

However, as a result of the Log4j vulnerability, the usual argument has surfaced, with countless people noting that it made the light on the inherent security gaps of community software. But others responded by saying the main problem was that companies were happy to take advantage of open source at the right times, give nothing back, and then point the finger at OSS when things go wrong. .

Serving as a somewhat sobering reminder, one of the main people behind the Log4j project – Ralph Goers, who patched the vulnerability – has a full-time job elsewhere as a software architect. Goers works on “Log4j and other open source projects” in his spare time.

Poetic license

LAS VEGAS, NEVADA - NOVEMBER 30: Attendees arrive during AWS re: Invent 2021,

Above: LAS VEGAS, NEVADA – NOVEMBER 30: Attendees arrive during AWS re: Invent 2021,

Image Credit: Noah Berger / Stringer via Getty

Arguably one of the most important talking points came at the start of the New Year, when Elastic revealed it was in transition its database search engine Elastic search from an Apache 2.0 open source license to a duo of “source available” proprietary licenses. The move came as no surprise and was the culmination of years of confrontation between Elastic and Amazon’s cloud computing arm, Amazon Web Services (AWS).

As a fully open source project, any company was free to do whatever they wanted with Elasticsearch, including offering it ‘as a service’, as Amazon did when it launched Amazon Elasticsearch Service in. 2015. chain reaction of events that ultimately led Elastic to move Elasticsearch – and the Kibana visualization dashboard – to new licenses.

One of the issues was that Amazon chose to use “Elasticsearch” on behalf of its own managed service – it was, in Elastic’s view, a clear trademark violation, and it caused confusion. in the market space as to which Elasticsearch service was which. This is why Elastic filed a complaint against Amazon in 2019, but lawsuits are usually not a quick process. Additionally, the license change helped speed things up by moving Amazon away from the Elasticsearch brand. It worked, because just a week after Elastic announced the license change, Amazon revealed he would start working on an open source Elasticsearch fork, which would eventually ship under a brand new name – Open search.

Licensing issues were also evident elsewhere in the open source sphere. The Software Freedom Conservancy (SFC), whose sponsors include Google and Red Hat, sued Vizio, alleging that the smart TV maker violated two open source licenses by using and modifying the software without making the derived source code available to the public. . Vizio shows no signs of changing, however, and the deal took a turn a little ugly when Vizio filed a request to “withdraw” the case from the California State Court, apparently based on the belief that “consumers have no third party beneficiary rights under copyleft.”

Meanwhile, former US President Donald Trump’s next social network “Truth Social” apparently violated Mastodon open source license, Mastodon threatening legal action. The crux of the matter was that Truth Social’s terms of service stated that the code was fully proprietary and made no reference to its Mastodon foundation – furthermore, the open source license states that all derivative projects must also be available under the same License.

While the social network has yet to officially launch, it appears to have taken a certain step towards meeting Mastodon’s licensing requirements – it recently recognized that it was built on Mastodon, and the developers downloaded a zip file of its source code. Whether this will suffice remains to be seen, but the eyes of the open source community will remain on Trump’s company ahead of the official launch in 2022.

Brand fights

The brand issue is by no means unique to AWS vs Elastic. Just before the start of the new year, Facebook claimed brand ownership over the open source “PrestoDB” project. This caused a problem for PrestoSQL, a fork created by the original creators of Presto when they left Facebook – they were forced to change the name of their project in Trino.

Fast forward ten months to November and live streaming software provider Streamlabs OBS had to give up “OBS” from his name after he was called by the open source OBS project on which it is built. Similar to AWS vs. Elastic, avoiding brand confusion was at the heart of this, with Project OBS’s Twitter account revealing that some of its support volunteers were facing angry Streamlabs customers, who were apparently confused between the two entities. .

Open source eats Mars

Open source software is so ubiquitous that it has often been said to devour the world. But if the first martian helicopter flight is something to pass, open source software is eating up the entire solar system.

The historic achievement was made possible by “an invisible team of open source developers around the world,” former GitHub CEO Nat Friedman wrote. Some 12,000 developers have contributed to the open source projects used in the software that propelled the helicopter’s maiden flight to the Red Planet – and yet, “most of these developers don’t even know they helped make it possible. the first Martian helicopter flight, ”noted Friedman.

To mark the occasion, GitHub placed a March 2020 Helicopter Mission badge on the GitHub profile of each developer who contributed code used in the mission.

Above: GitHub badge

Linux turns 30

Linux was first exit On September 17, 1991, the ubiquitous open source operating system turned 30 this year.

It is impossible to underestimate the importance of Linux across the technology spectrum. Android, the world’s most widely used mobile operating system, is based on a modified version of the Linux kernel. Today, Linux is used in everything from automobiles to air traffic control at Medical equipement, and is also widely used in web servers, the most common being Apache. In fact, much of the growth of the web over the past 30 years has been fueled by Linux and similar open source software.

Here are the next 30 years of open source innovation.

VentureBeat

VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the topics that interest you
  • our newsletters
  • Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
  • networking features, and more

Become a member


Source link

About Jon Moses

Check Also

Phoronix Test Suite 10.8 released with many enhancements for Open Source benchmarking

Phoronix Test Suite 10.8 is the latest quarterly feature update for our open source, automated, …