2021: A year in open source – VentureBeat

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

Let theOSS Enterprise newsletterguide your open source journey!Sign up here.

Open source software (OSS) is never too far away from both acclaim and controversy, whether its a major security incident, a trademark tussle, or flying a helicopter on Mars.

Lets take a look back at some big OSS talking points of the year.

Security is always a major discussion point in the open source sphere, and 2021 was no different. The biggest story of the year was almost certainly thezero-day vulnerability found in the Apache logging library Log4j, which is used by countless companies across the consumer and enterprise realm from Apples iCloud to AWS and IBM.

Log4Shell, as the vulnerability is called, had existed since 2013, but was only discovered by Alibabas security staff in late November and publicly revealed two weeks later. It is considered particularly dangerous, given that it enables remote code execution (RCE), allowing hackers to gain access to remote systems and sensitive data. Log4Shell was elevated to near-celebrity status when it was awarded a CVSS (Common Vulnerability Scoring System) security rating of 10.

Although the Apache team issued a fix on December 6, Log4js ubiquity across cloud services, infrastructure, and everywhere in between, makes it difficult for every company to update their systems quickly enough on top of that, they might not even know that their software relies on Log4j in the first place. Needless to say, attackers began seeking to exploit Log4Shell in the wild and widened their scope to the ransomware realm.

There are many lessons to learn from this, as Reblazes open source program manager Justin Dorfman wrote in VentureBeat:

The incident exposes how a vulnerability in a seemingly simple bit of infrastructure code can threaten the security of banks, tech companies, governments, and pretty much any other kind of organization.

However, in the wake of the Log4j vulnerability, the usual argument reared its head, with countless people noting that it shone a light on the inherent security deficiencies of community-driven software. But others countered that by stating the main problem was that companies were happy to benefit from open source in the good times, not give anything back, and then point their finger at OSS when things go wrong.

Serving as a somewhat sobering reminder, one of the Log4j projects core maintainers Ralph Goers, who fixed the vulnerability has a full-time job elsewhere as a software architect. Goers works on Log4j and other open source projects in his spare time.

Above: LAS VEGAS, NEVADA NOVEMBER 30: Attendees arrive during AWS re:Invent 2021,

Image Credit: Noah Berger / Stringer via Getty

Arguably, one of the biggest talking points came at the turn of the new year, when Elastic revealed it was transitioning its database search engine Elasticsearch from an open source Apache 2.0 license to a duo of proprietary source available licenses. The move, ultimately, came as little surprise and was the culmination of years of headbutting between Elastic and Amazons cloud computing offshoot, Amazon Web Services (AWS).

As a fully open source project, any company had been free to do whatever they wanted with Elasticsearch including offering it as-a-service, as Amazon did when it launched the Amazon Elasticsearch Service way back in 2015. This kicked off a chain reaction of events that ultimately led Elastic to shift Elasticsearch and theKibana visualization dashboard to new licenses.

That Amazon had elected to use Elasticsearch in the name of its own managed service was one of the problems it was, in Elastics eyes, a clear trademark infringement, and it caused confusion in the market space about which Elasticsearch service was which. This is why Elastic filed a lawsuit against Amazon back in 2019, but lawsuits are not generally a swift process. Additionally, changing the license helped speed things up in terms of swaying Amazon away from the Elasticsearch brand. It worked, as just one week after Elastic announced the license switch, Amazon revealed it would begin work on an open source Elasticsearch fork, which would eventually ship under a completely new name OpenSearch.

Licensing kerfuffles were evident elsewhere in the open source sphere too.The Software Freedom Conservancy (SFC), whose sponsors include Google and Red Hat, sued Vizio, alleging that the smart TV maker breached two open source licenses by using and modifying software without making the derivative source code publicly available. Vizio is showing no signs of budging, though, and the case took a somewhat ugly turn when Vizio filed a request to remove the case from California State Court, seemingly based on the belief that consumers have no third-party beneficiary rights under copyleft.

Meanwhile, former U.S. president Donald Trumps upcoming social network Truth Social apparently violated Mastodons open source license, with Mastodon originally threatening a lawsuit. The crux of the problem was that Truth Socials terms-of-service claimed the code was entirely proprietary, and made no reference whatsoever to its Mastodon foundation moreover, the open source license stipulates that all derivative projects must also be made available under the same license.

While the social network is yet to formally launch, it appears it has gone some way toward meeting Mastodons licensing requirements it recently acknowledged that it was built upon Mastodon, and the developers uploaded a zip file of its source code. Whether that will be enough remains to be seen, but the eyes of the open source community will remain on Trumps company ahead of the official launch in 2022.

The issue of trademarks is by no means unique to AWS vs. Elastic. Just before the new year kicked off, Facebook asserted trademark ownership over the open source PrestoDB project. This caused a problem for PrestoSQL, a fork created by the original Presto creators when they left Facebook they were forced to change their projects name to Trino.

Fast-forward ten months to November, and live streaming software provider Streamlabs OBS had to drop OBS from its name after it was called out by the open source OBS project on which it is built. Similar to AWS vs. Elastic, avoiding brand confusion was central to this, with the OBS projects Twitter account revealing that some of its support volunteers had to deal with angry Streamlabs customers, who were apparently confused between the two entities.

Open source software is so pervasive, it has often been said that it is eating the world. But if the first-ever Martian helicopter flight is anything to go by, open source software is eating the entire solar system.

The historic achievement was made possible by an invisible team of open source developers from around the world, GitHubs former CEO Nat Friedman wrote. Some 12,000 developers contributed to open source projects used in the software that powered the helicopters maiden flight on the Red Planet and yet, most of these developers are not even aware that they helped make the first Martian helicopter flight possible, noted Friedman.

To mark the occasion, GitHub placed a Mars 2020 Helicopter Mission badge on the GitHub profile of every developer who had contributed to code that was used in the mission.

Linux was first released on September 17, 1991, the omnipresent open source operating system turned the grand old age of 30 this year.

Its impossible to overstate the importance of Linux across the technological spectrum. Android the worlds most widely used mobile operating system is based on a modified version of the Linux kernel. Today, Linux is used in everything from automobiles and air traffic control to medical devices, and is also widely employed in web servers, the most common being Apache. In fact, the growth of the web over the past 30 years has been fueled in large part by Linux and similar open source software.

Heres to the next 30 years of open source innovations.

Originally posted here:

2021: A year in open source - VentureBeat