The state of free and open source software

BradLUG (Bradford GNU/Linux Users Group) A self-help group for GNU/Linux, Open Source and Free Software users in and around the Bradford District, West Yorkshire

Home About Meetings FOSS

The state of free and open source software

John R Hudson

Posted on November 10, 2014

( 9 minute read )

It is over 25 years since Richard Stallman set up the Free Software Foundation and Intel commissioned Michael Tiemann to write the first open source software and less than 25 years since Linus Torvalds issued the first version of Linux and Berkeley Systems Department issued the first version of Unix to run on PCs. Yet today, these operating systems dominate computing in super computers, space exploration, scientific computing, digital televisions, smartphones and Internet services and are gradually being taken up by motor vehicle manufacturers and the creators of household equipment and gadgets. Only on the desktop and in medical devices has free and open source software not made significant inroads.

DEC, now part of HP, and IBM were the first companies to spot the commercial advantages of free and open source software; rather than having research departments all competing to write similar programs, they decided to cooperate by sponsoring a number of charities which oversee the development of software which any company can use. This meant that there was no competition over standards for digital televisions as there had been between Betamax and VHS or Sky and BSB while the competition between Apple and Samsung, though one uses BSD and the other Linux, has been more about design and features than about the underlying software.

Companies can sponsor their staff to work for one of the charities or make charitable donations to support their work. The software the charities produce is not biased to the needs of one company — it cannot be because they are charities — but serves wider needs and the charities welcome people without any company affiliation to contribute to the development of the software. Alongside the charities, a large number of voluntary groups have been established, some of them writing key software that we use every time we connect to the Internet.

Many people have been sceptical about the capacity of voluntary groups to produce quality software but, when the US Department of Homeland Security, concerned about the use of software by terrorists after 9/11, began to investigate the quality of software, it found that, while new software had about the same percentage of bugs whoever had produced it, the charities and voluntary groups were much quicker at putting these bugs right than were commercial companies so that, over time, free and open software became more reliable than commercial software.

This year, Coverity, the company that took over responsibility for checking software from the Department of Homeland Security, concluded that across all software, old and new, free and open source software has fewer bugs than commercial software.

However, the widespread use of free and open source software has revealed some serious bugs in it, notably Heartbleed and Shellshock. Heartbleed arose because a volunteer on a small voluntary project made a mistake one Christmas. But the fallout was the recognition that the companies that use free software prepared by volunteers should be more active in supporting them and a fund was quickly organised by the major computing companies to support key small voluntary projects.

Shellshock was more complicated; it arose because the BASH program is one of the earliest examples of free software and the bug arose over a number of years in various parts of the code some of which was written long before the rise of the Internet when no one could foresee the uses to which BASH might be put. BASH can automate processes on a computer and many programmers routinely use it to run a number of programs which take the output of the previous one to do their work. So it was possible for a hacker to alter code that was passing between programs.

Because BASH is free software and the source code is available to everyone, two programmers at RedHat were able to provide an interim fix the day it was announced and a full fix was released the following day — a speed of response which commercial companies cannot remotely match. But the real problem with Shellshock arises from the success of free and open source software. Many people will simply not realise that they are using BASH because it will have been part of a package of programs they received. So they may not appreciate the need to upgrade their version of BASH. In part, this is a legacy of the way commercial companies used to work; if a bug was found, it was not fixed until the next release for which the customer had to pay an upgrade fee. So administrators accustomed to using commercial software do not appreciate the very different philosophy of continuous improvement which underlies free and open source software.

While commercial software dominates the desktop, free and open source software such as Firefox, Chrome, LibreOffice and VLC is making increasing inroads but the major change in the next ten years is likely to be that the traditional desktop will become the least common way of interacting with the Internet. By the end of 2014, there will be more smartphones using free and open source software than there are desktop computers using commercial software and children starting school this year may never need to use a desktop computer. Last year I had a new boiler installed and the engineer had all his instructions on a tablet, most of which run free and open source software.

The area of most concern is medical software which is almost all commercial; moreover, unlike a new drug, a new medical device can be approved in the US and Europe solely on the say-so of the manufacturer with no published results of tests on the software in the device. The most serious bugs on the Internet are not life threatening but a bug in medical software could seriously damage you or end your life.

However, the most important lessons for charities and voluntary organisations arising from the growth of free and open source software lie not in the software, important as that may be for their operations, but in the ways of motivating and developing volunteers that have become commonplace within the free and open source community. Skills in leading groups of volunteers and in mentoring new recruits have become key to the success of most projects, skills which many charities and voluntary groups could learn from. For a detailed study of this see Gabriella Coleman’s Coding freedom: the ethics and aesthetics of hacking, reviewed on pp. 22–23 of Briefing Bradford, April 2013.