The different faces of open source software


Open Source Software

The term open source has become a household term in software circles. Most people who work with technology in some capacity know that the Linux operating system is open source, as is the Firefox Web browser and much of the software that runs on their Android phone.

However, when it comes to defining open source, most people I’ve talked to aren’t that clear on what it is and how it works, but can often list these three aspects:

  1. It is freely/collaboratively developed
  2. Bugs and security loopholes can be detected and fixed much quicker than with closed source software
  3. It evolves much faster and to a greater extent than closed source software

But what is open source, exactly?

At a fundamental level, open source simply means that the source code for the software is made available to other software developers. What other developers are allowed to do with it afterwards depends on the specific open source license that is used. In general, there are two types of open source licenses available:

  1. Copyleft licenses, that are promoted by the Free Software Foundation (FSF)
  2. Permissive licenses

Copyleft licenses have more restrictions on what happens to the source code once someone modifies it. In short, if you modify source code released under a copyleft license, you are legally bound to publicly provide the source code for your modifications. This makes copyleft licenses ideal for larger, foundational software products like the Linux operating system where long-term growth and collaboration/standardization should be mandatory. There are many copyleft licenses available for developers to choose from. The GNU General Public License version 2 (GPLv2) provides a moderate set of restrictions on the source code, whereas GPLv3 provides a high set of restrictions that is better in line with what the FSF promotes. Some copyleft licenses, such as the Mozilla Public License (MPL), provide a lower set of restrictions compared to others but still require that modified source code is made available to others.

In contrast to copyleft licenses, permissive licenses do not force software developers to publicly provide the modifications that they make to source code that they have obtained. This means that a software developer could copy the source code for software released under a permissive license and modify it for their own private or commercial use, just as long as they cite the original author of the software. This makes permissive licenses more attractive for those who want their software to be incorporated into larger systems or other projects (e.g. startups). Microsoft used the TCP/IP source code from BSD UNIX under a permissive license to create their own TCP/IP software for Windows in order to quickly get Windows on the Internet bandwagon in the 1990s. Today, about half of the underlying macOS operating system, including a third of the macOS kernel is taken from FreeBSD using a permissive license. There are many permissive licenses available, including the Massachusetts Institute of Technology (MIT), Berkeley Software Distribution (BSD) and Apache licenses. Each one varies in the fine print (copyright use, patent terms, whether modifications require notification, etc.).

In the 2000s, copyleft licenses were the dominant license used for open source software, primarily because most open source software revolved around Linux. However, with the rise of startup culture and explosion of varied software projects this past decade, permissive licenses are now more common. Moreover, permissive licenses are easier for developers to understand, and often allow developers to incorporate other open source software that use different permissive licenses.

While different sites on the Internet list different market share breakdowns for open source licenses, the MIT license is often listed as the most frequently-used. The Apache and GPLv2 licenses usually take second and third place, with all others trailing far behind.

So, what is FOSS/FLOSS?

Simply put, the FSF encourages people to use the term Free and Open Source Software (FOSS) when referring to open source software today. More specifically, FOSS refers to software that ethically respects the user’s freedom (use, copy, study, modify). Since users may not completely understand that the word free was intended to refer to freedom and not price, the FSF now refers to FOSS as Free/Libre and Open Source Software (FLOSS).

Since permissive licenses can potentially allow software to make its way into proprietary, closed source systems that restrict user freedom, many people in the open source community equate FOSS/FLOSS with copyleft licenses only and criticize permissive licenses for benefiting companies that want to incorporate open source software in their own closed source products. This is reflected in the goodbye statement from the Linux Journal magazine, which ceased publication this week amid financial difficulty:

“It became clearer than ever to me that while Linux and FOSS had won the battle over the tech giants a decade before, new ones had taken their place in the meantime, and we were letting them win.”

While it is very true that most companies (including all of the tech giants) have incorporated a great deal of permissively-licensed open source software this past decade, I see this more as an evolutionary inevitability in the technology market. Copyleft licenses are still alive and well with many projects (e.g. Linux, the largest open source project), and these projects often provide foundational technologies to the entire industry that must remain openly-developed. The adoption of permissively-licensed open source software by companies isn’t necessarily a bad thing - it provides continuous economic benefits that have made open source the standard for most software projects this past decade (which is why permissive licenses are more common). In other words, it adds a healthy balance to the open source ecosystem to ensure that open source software continues to thrive.

It’s difficult to be 100% open source

Even if you run Linux as your main operating system, there are still some closed source components (drivers, firmware) that you may be using on your system. To make the user experience seamless, nearly all mainstream Linux distributions ship with these components in the installation media so that you don’t need to install them afterwards. This is why the FSF (which believes all software should be copyleft) only recommends a few obscure Linux distributions on their website that do not ship with these components (e.g. Trisquel Linux).

Moreover, the low-level software that starts your computer and allows the operating system to access the hardware is not open source on most systems. This low-level software is called the BIOS (or UEFI BIOS). And while developers have created open source replacements for the BIOS (e.g. Libreboot and Coreboot), hardware support for them are limited, in part because of other proprietary hardware components within your system and CPU.

Speaking of CPUs, nearly all CPU hardware (e.g. Intel, AMD and ARM) are proprietary, but people are developing a new open source CPU architecture called RISC-V that seems to be catching on quickly.

So, if you are dead set on being 100% open source, you may eventually be able to buy a RISC-V computer that uses Libreboot to load a Linux operating system that doesn’t support any proprietary hardware.

For most of us, however, using open source software whenever possible (if there is a choice) is probably good enough to feel like we’re participating in the open source community.