By the time you read this post, you are likely bombarded with news and tweets about the antitrust hearing of the big four tech companies (Apple, Amazon, Facebook, Alphabet) and their respective quarterly earnings. Meanwhile, another announcement happened in the tech world that I believe could be just as impactful but received relatively little attention: the Linux Foundation’s announcement of its public health initiative to combat COVID-19.

【想看中文的读者请点击这里或滚动到本页下方】

Let’s dive into why the Linux Foundation Public Health (LFPH) initiative is important in this humanity-scale fight against the coronavirus, the global collaborative potential of open source technologies, and the strategic value open source should play in a country’s industrial policy.

Dissecting the LFPH

To date, the LFPH is one of the few COVID-related initiatives that is technology-oriented and global in nature, as opposed to financial-oriented in the form of monetary policies and stimulus packages. Its founding members are the following seven companies:

  • Cisco
  • Doc.ai
  • Geometer
  • IBM
  • NearForm
  • Tencent
  • VMware

While its global coverage may surprise some people, it’s actually the default in open source. All open source technologies have a global reach, because the code base is public, transparent, and accessible to any person with an Internet connection can download the code to run, copy, modify, and distribute it. There is no “going global”, you are global from Day 1. Thus, collaboration in open source always attracts contributions from a worldwide audience. While this initial cohort of members heavily represents the U.S. (Cisco, Doc.ai, Geometer, IBM, VMWare are all American companies of various sizes), it also includes NearForm, an Irish tech consulting and training company, and more notably Tencent, a Chinese tech giant. Tencent’s involvement very much runs counter to the stream of current events between the U.S. and China -- dominated by sanctions, distrust, and the closing of diplomatic posts. It’s worth pointing out that out of the big tech players on this member list, only Tencent and IBM have actually done some COVID-related open sourcing already. Four months ago, Tencent open sourced a global case tracking software with an AI-based digital health portal, and IBM open sourced a dataset of epidemiological case reports.

The LFPH also hosts these two open source projects:

  • COVID Shield: a COVID exposure notification app developed by a volunteer team at Shopify, the Canadian e-commerce giant, currently in the process of being deployed in Canada.
  • COVID Green: a similar exposure notification solution developed by NearForm to support the Irish Government’s response to COVID-19.

Both of these solutions are built on top of the Google Apple Exposure Notification (GAEN) system announced in April. A version of it was first made available in May as part of the iOS 13.5 update.

It’s useful to nerd out about GAEN’s technical specs for just a bit here to understand why this protocol was embraced by the LFPH in this first phase of the initiative over other alternatives. This protocol is a hybrid of Bluetooth Low Energy technology with cryptography -- meaning it’s likely the most privacy-friendly and least intrusive option for building exposure notification apps. The distance limit between two devices that communicate using Bluetooth Low Energy max out at 100 meters (~330 feet), which is not that far, but far enough to do COVID contact tracing. It’s also opt-in by default, as opposed to opt-out, giving users the choice. Combined with cryptography that encrypts the shared data so only relevant institutions (e.g. public health authorities) can access the information, the GAEN protocol strikes a decent balance between data sharing and privacy protection. Of course, it also has the added benefit of being developed jointly by the two tech behemoths that collectively owns close to 100% of the world’s smartphone operating system market share, making distribution much easier.

There are two other alternatives to GAEN. One is a Bluetooth-based protocol not developed by Google and Apple, currently adopted by countries like Australia, Malaysia, and France. The other one is a GPS-based protocol, which is likely more intrusive since GPS is generally used for location tracking via satellites not just near-distance communication like Bluetooth. This protocol is currently adopted by countries like China, India, Israel, Singapore, and New Zealand.

The LFPH publishes and maintains a very helpful graphic showing which countries are adopting which one of the three protocols: GAEN Bluetooth, non-GAEN Bluetooth, GPS.

Source: https://landscape.lfph.io/

You don't have to squint too hard to notice one conspicuous absence: America. We will discuss that shortly when we get to industrial policy.

Open Source Nuances

For readers who are not steep in open source, it may not be totally clear why this foundation-led open source initiative is such a big deal. I’ll do my best to explain the significance without the jargon.

Open source technology development: Two of the most important, and somewhat counterintuitive, advantages to open source technology development are speed and security.

You’d think that developing software in the open, where the whole world can participate, can be messy and slow. The reality is the messiness and slowness do happen, especially during a project’s early days, when both the technology and the processes organizing its development are immature. But once some best practices are established, the velocity of improvement is much faster than a similar technology developed behind closed doors. Having the whole world download, test, deploy, and debug your work is extraordinarily powerful, if you know how to organize that energy and attention.

Open source technology is also more secure and trustworthy. Having the codebase public and transparent to all may feel like oversharing, exposing the technology to attacks and security breaches. In reality, allowing security experts and hackers to easily access and test the codebase is the best way to secure the technology continuously. As I’ve written in “Can ByteDance Build Trust?” and many other posts, sunlight is the best disinfectant, and open source is that sunlight in the technology world.

Look no further than the U.S. Department of Defense’s (DoD) deep adoption of Kubernetes, an open source container orchestration software, as an example. Right now, the U.S. Air Force’s F-16 fighter jets are running three concurrent Kubernetes clusters. Few machines require more robust security than F-16’s.

Defeating COVID-19 will also require technology that can both improve quickly and be secure and trustworthy. Developing such a solution the open source way is a no-brainer.

Foundation: the role that a foundation plays in open source is more subtle. While a foundation’s involvement in an open source project is by no means necessary, it can help in two meaningful ways: accelerate development and vendor neutrality.

Foundations like the Linux Foundation, having organized, governed, and fostered many large-scale projects, have distilled lots of experiences and best practices that can help reduce some of the messiness and slowness that often plague young open source projects. Both COVID Shield and COVID Green are most certainly young open source projects. Their progress may be hampered if they are driven solely by Shopify and NearForm, respectively. By having the LFPH “host” these two projects (and likely many others in the future), they can all leverage the foundation’s know-hows in IP management, technical governance, community building, and many other essential elements of open source to accelerate their development.

A foundation also provides vendor neutrality to the technology. Neutrality is key for an open source project to achieve wide and deep adoption, because no big user can tolerate the risk of being locked-in by another company. The DoD would not invest deeply in using Kubernetes if it was still a Google project, where it was first created; it would not want to be locked-in to any Google-imposed restrictions or dependencies. Because Kubernetes is hosted in the Cloud Native Computing Foundation (CNCF), a sub-foundation of the Linux Foundation, the lock-in risk is reduced.

Global collaboration on solutions to fight COVID no doubt requires the same neutrality. Many national governments and public health authorities are involved, and none of whom want to be locked-in to any vendor. Fittingly, the LFPH is led by Dan Kohn, who was the executive director of the CNCF for four years. He’s done this before.

Full Stack Industrial Policy

Coming back to the American flag being noticeably missing in the Linux Foundation's public health landscape graphic, there is little doubt at this point that America’s top leadership, in both the White House and Congress, is grossly dysfunctional and incompetent. Without a coherent national plan, different state governments are left to their own devices. Some states, like California, New Jersey, and New York have decided to not adopt the GAEN and opt for manual contact tracing. Other states, like Alabama, North Dakota, and South Carolina said they would adopt the GAEN, but have yet to approve and release any app for people to use. The inconsistency and inaction have made controlling this pandemic that much more difficult.

The LFPH presents a new template, with neutrality to both technology vendors and partisan politics, that has the potential to facilitate the large-scale collaboration necessary to develop solutions for large-scale problems, like the coronavirus. By bringing together a common infrastructure layer (the GAEN protocol), a few open source applications to develop and foster (COVID Shield, COVID Green), and both big and small companies who are willing to put in resources and expertise to support the initiative sustainably, the LFPH is a full stack solution.

More than ever, America needs to fully embrace and leverage open source from the very top to: 1. Defeat COVID in the short-term; 2. Put forward an industrial policy and long-term vision.

Arguably, America has not had a holistic industrial policy since NASA’s space program landed humans on the moon and the National Interstate and Defense Highways Act of 1956 built the interstate highway system. Combining Washington DC’s mostly laissez-faire stance since the Reagan Administration with four decades of globalization, many companies have profited handsomely by offshoring their supply chains, while America’s own capabilities have deteriorated. Rebuilding these capabilities is not easy; just because you used to have it, doesn’t mean you can have it again with the snap of a finger. The latest and most painful example is Intel’s massive delay of its 7nm chip manufacturing process, forcing it to place a big order with the rival Taiwanese foundry, TSMC.

Open source is not the panacea to all of these massive challenges. But strategically incorporating both open source technologies and the spirit of open source collaboration can replenish much of this deterioration of American industrial capabilities. Like I noted earlier, one of the biggest strengths of open source is speed of development.

There is reason to be hopeful. During the waning days of the Obama administration in 2016, the White House released the Federal Source Code policy. Among other things, this policy requires all Federal agencies to open source 20% of their custom-made codebase (yes, the government builds plenty of their own software), all of which is centrally organized and accessible on code.gov. The goal is to improve reusability of software among Federal agencies (don’t reinvent the wheel) and allow the public to leverage these softwares as well. Both the policy itself and all the open source repositories housed under code.gov are managed publicly and transparently -- as all open source projects should.

All this open source work has been continuing since without much attention or fanfare, building processes and best practices within the Federal government. For what it’s worth, the American government’s open source muscle is much stronger than that of the Chinese central government’s, though officials from the Ministry of Industry and Information Technology have been participating in open source related events more actively in recent years.

A strong, official embrace of open source as part of a larger industrial policy is both desirable and realistic. We are seeing signs of this happening elsewhere. The UK government has publicly pushed for OpenRAN, an open source telecommunications solution to build 5G networks, so countries are not locked-in to either Huawei, Nokia, or Ericsson (recall vendor neutrality). I’m not advocating for top-down industrial planning in America, like what’s happening in China or South Korea. The free market is and should continue to be the dominant engine of growth and innovation. Federalism also serves an important function -- state and local governments should have the autonomy to adapt Federal leadership and direction to local conditions. The problem now is: there is no leadership, no direction.

Fighting a global pandemic and rebooting the world’s largest economy will need a humanity-scale effort that requires sharing, collaboration, and positive-sum thinking. Open source embodies all these values.

If you like what you've read, please SUBSCRIBE to the Interconnected email list. New posts will be delivered to your inbox (twice per week). Follow and interact with me on: Twitter, LinkedIn.


Chinese Version Below

COVID-19,开源,工业政策

当您读到这篇文章的时候,可能已经被四大科技巨头(苹果、亚马逊、Facebook、Alphabet)在美国国会的反垄断听证会的新闻以及它们各自的季度盈利报告所轰炸了。而与此同时,科技界发生了另一件我觉得同样有很大影响力,但没有太多关注的新闻:Linux基金会宣布其公共卫生计划来抗击COVID-19。

让我们深入分析一下为什么Linux基金会公共卫生(LFPH)计划在这场全人类规模的抗击冠状病毒的斗争中的重要性,开源技术的全球化协作潜力,以及开源在一个国家的工业政策中应该发挥的战略作用和价值。

解剖LFPH

迄今为止,LFPH是为数不多的以技术为导向的全球性抗击COVID的倡议之一,而不是以金融政策或经济刺激计划为导向的。其创始成员包括以下七家公司

  • 思科
  • Doc.ai
  • Geometer
  • IBM
  • NearForm
  • 腾讯
  • VMware

扎眼一看就是全球覆盖率,有些人可能会有点惊讶,但全球化其实是开源的“默认值”。所有开源技术从第一天起都是全球化的,因为代码是公开的、透明的,任何有互联网连的人都可以随意下载运行、复制、修改和分发代码。因此,以开源的方式合作总是会吸引着来自世界各地的贡献者。虽然这第一批成员在很大程度上代表了美国(思科,Doc.ai, Geometer, IBM, VMWare都是大小不一的美国公司),但它也包括爱尔兰一家技术咨询和培训公司NearForm,而更值得注意的是包括了腾讯。腾讯的参与在很大程度上与中美关系最近的一系列时事背道而驰,比如经济制裁,加剧的不信任和领事馆的关闭。值得指出的是,在这个成员名单上的科技大厂中,只有腾讯和IBM已经做了一些与COVID相关的开源工作。四个月前,腾讯开源了一套全球病例追踪软件,里边带有一个基于人工智能的数字化健康软件。IBM开源了一个流行病学病例报告的数据集。

LFPH还托管了以下两个开源项目:

  • COVID Shield:一款由加拿大电商巨头Shopify的志愿工程团队开发的COVID暴露通知应用程序,目前正在加拿大部署试用。
  • COVID Green:由NearForm开发的另一款类似的暴露通知解决方案,来支持爱尔兰政府对COVID-19的反应和措施。

这两个解决方案都是建立在4月份发布的Google-Apple疫情暴露通知(Google Apple Exposure Notification,GAEN)系统上。第一版在5月份与iOS13.5的更新一起发布。

在这里更深入的看看GAEN的科技细节是有必要的,从而可以了解为什么LFPH这个计划的第一阶段拥抱了GAEN协议,而不是其他方案。该协议是蓝牙低能耗技术与加密技术的混合体,这意味着它可能是构建感染暴露通知的基础层面里个人隐私保护做的最好一个选择。使用蓝牙低能量通讯的两个设备(比如手机)之间的距离最大范围为100米(约330英尺)以下。这并不算那么远,但足够进行COVID感染暴露追踪。它的默认设置是opt-in,不是opt-out,所以用户有选择权。因为有加密技术,只有有关公共机构,比如公共卫生机构,能看到有关的个人数据和信息。可以说GAEN是分享数据和保护隐私的权衡上做的最好的。当然,还有一个额外的好处就是它是由两家科技巨头苹果和谷歌联合开发的。这两家共同拥有全球智能手机操作系统近100%的市场份额,使得app的扩散极其容易。

除了GAEN以外还有两种选择。一种是个不是谷歌和苹果开发的蓝牙协议,目前被澳大利亚、马来西亚和法国等国采用。另一种是基于GPS的协议,对隐私保护更不友好一些,因为GPS是通过卫星进行定位跟踪,而不仅仅是像蓝牙那样的近距离通信。该协议目前已被中国、印度、以色列、新加坡和新西兰等国采用。

LFPH出版和维护着一个非常好用的图表。哪些国家正在采用三种协议中的哪一种(GAEN蓝牙、非GAEN蓝牙、GPS)?一目了然:

Source: https://landscape.lfph.io/


不必眯着眼睛看就能察觉到一个挺明显的“缺席”:美国。在我们谈到工业政策时,会更细致的讨论这个问题。

怎么理解开源

对于对开源领域不太熟悉的读者来说,这个由基金会主导倡议的开源计划的背后意义可能并不好理解。我会尽力必开“行话”,把这些意义解释清楚。

开源技术开发:开源技术开发过程的两个最重要的、但也有点违反直觉的优势是速度安全性

大家可能会认为,在完全公开的环境下开发软件,整个世界都可以参与,会不会非常混乱和缓慢。事实上,混乱和缓慢确实是有的,尤其在项目的早期,因为技术和组织社区的流程都不成熟。但一旦有了一些最佳实践和流程,技术迭代的速度要比闭门开发的同类技术快得多。如果你知道如何组织社区的精力和能力,让全世界的人下载、测试、部署和找bug是股非常强大的力量。

同时,开源技术的安全性也更高。直观的看,把所有代码公开共享,可能会让项目受到更多的网络和黑客攻击。实际上,允许网络安全专家和黑客们看到和测试代码是持续保护和巩固技术安全性的最佳方式。就像我在 “字节跳动能在海外建立诚信吗”一文和其他许多帖子里写到的阳光是最好的消毒剂,开源就是科技领域里的阳光

美国国防部(Department of Defense,DoD)对Kubernetes(一种开源容器编排软件)的深度采用就是个最好的例子。目前,美国空军的一架F-16战斗机会同时运行三个Kubernetes机群很少有比F-16对安全性要求更高的机器了。

要想造出一款能击败COVID-19的技术,它既要能迅速迭代,又必须安全可靠。用开源的方式开发这个方案无疑是最好的选择。

基金会:基金会在开放生态中扮演的角色更为微妙些。虽然基金会参与管理开源项目并不是必须的,但它可以发挥两大作用:加速进度和厂家中立

像Linux Foundation这样的基金会,组织、管理和培养过许多大型项目,累计了许多经验和最佳实践,这些经验和实践可以帮助减少年轻开源项目起步时的混乱和缓慢。COVID Shield和COVID Green无疑都是很年轻的开源项目。如果仅由Shopify和NearForm分别驱动,它们的发展可能会慢很多。通过让LFPH“托管”这两个项目(今后还会有其他项目加入),它们可以充分利用基金会在知识产权管理、技术治理、社区建设以及开源的许多其他要素的经验和知识,以加速发展。

基金会还提供了供应商厂家的中立性。中立性是驱动一个开源项目达到广泛和深入采用的关键因素之一,因为没有大用户能容忍被另一家公司锁定的风险。如果Kubernetes,一个最初在谷歌开发的项目,现在仍然是谷歌的项目的话,美国国防部是不会大量使用和投入到Kubernetes这门技术的。它不想冒被谷歌强加任何限制或依赖的风险。因为Kubernetes托管在Linux基金会的一个子基金,云原生计算基金会(Cloud Native Computing Foundation,CNCF)中,锁定风险就降低了许多。

想在全球合作的基础上开发解决COVID的方案也需要同样的中立性。许多国家政府和公共卫生机构都会参与,它们中没有一个愿意被任何供应商锁定的。正巧LFPH是由Dan Kohn领导,他曾经担任了四年CNCF的执行主任。他知道该怎么做。

全套工业政策

回到Linux基金会公共卫生领域图表中没有美国国旗这个问题,毫无疑问,无论是白宫还是国会,美国最高领导层在对付COVID的过程中严重失职,毫无领导能力和方向。因为没有统一全国计划,各个州政府只能各自为政。有些州,如加利福尼亚州、新泽西州和纽约州已经决定不采用GAEN,而是选择完全人为追踪疫情感染。其他州,如阿拉巴马州、北达科他州和南卡罗来纳州表示会采用GAEN,但尚未批准和发布任何可以用的应用程序。这种不一致和无所作为使控制整个疫情变得更加困难。

LFPH提供了一个新的模板,无论从技术厂商还是党派政治都保持中立,从而可以促进大规模协作,为像冠状疫情这种大规模挑战开发出解决方案。通过结合一个共有的基础设施层(GAEN协议)、几个需要开发和培养的开源应用程序(COVID Shield、COVID Green),以及吸引愿意投入资源和专业知识来持续支持该计划的大小公司,LFPH是个全套解决方案。

现在的美国,比以往任何时候都更需要从最高领导层充分拥抱和利用开源,短期内击败COVID,同时提出一套长期的工业政策和规划。

可以说,自从美国宇航局的“太空计划”让人类登上月球和1956年《国家州际公路和国防公路法案》建造的州际高速公路系统以来,美国没有一个完整的工业政策。结合自里根政府以来华盛顿的放任主义立场和40年的全球化进程,许多公司通过离岸外包供应链获得了丰厚的利润,而美国自身的能力却每况愈下。重建这些能力并不容易;仅仅因为你曾经拥有过它,并不意味着你可以轻而易举地再次拥有它。最近的一个痛苦的例子既是英特尔大规模推迟其7nm芯片制造过程,迫使它向竞争对手台积电下大订单

开源并不是解决所有这些巨大挑战的灵丹妙药。但是,从战略层面上结合开源技术和开源协作精神,可以弥补和重建美国工业能力衰退的许多地方。正如我前面提到的,开源最大的优势之一就是开发速度

值得乐观的是:在2016年奥巴马执政的最后几个月时,白宫发布了一套“联邦源代码政策”。这项政策要求所有联邦政府机构开放其内部代码库的20%(是的,政府机关其实写很多自己的软件),所有开源了的政府代码都在code.gov这个网站上统一管理。其目标是提高联邦机构技术的可重用性(不要重新造轮子),并也允许公众利用这些软件。这套政策的内容和code.gov里托管的所有开源项目的管理和维护都是公开透明的,就像一个科技界里正规的开源项目一样。

自从此政策生效以后,这些开源工作一直在继续,虽然并没有引起太多的关注,而是默默的在累计经验,流程和最佳实践。因此,美国政府对开源的认知和管理经验要比中国政府多得多,不过工业和信息化部的官员近年来也在积极地参与与开源相关的活动。

作为一个国家长远的工业政策的一部分,官方大力支持开源是非常必要的。在某些国家已经看到了一些举动。英国政府公开推动支持OpenRAN,一种开源电信网络方案,来建设5G网络,从而避免被华为、诺基亚或爱立信锁定(回想下厂家中立性)就是个好例子。我并不提倡美国以一种完全自上而下的工业政策来规划国家发展,像中国或韩国那样。自由市场经济应该继续是增长和创新的主要引擎。联邦制也是有它存在的理由的——州政府和地方政府应该有一定的自主权,使联邦政府的领导和方向可以有效的适应具体当地情况。现在的问题是:没有领导,没有方向

与全球疫情作斗争,并重新启动世界最大的经济体,需要全人类级规模的努力。需要分享、合作和正和思维。这些价值观,开源自身都有。

如果您喜欢所读的内容,请用email订阅加入“互联”。新文章将会直接送到您的收箱(每周两次)。请在TwitterLinkedIn上给个follow,跟我互动交流!