By the time you read this post, you are likely bombarded with news and tweets about the antitrust hearing of the big four tech companies (Apple, Amazon, Facebook, Alphabet) and their respective quarterly earnings. Meanwhile, another announcement happened in the tech world that I believe could be just as impactful but received relatively little attention: the Linux Foundation’s announcement of its public health initiative to combat COVID-19.


Let’s dive into why the Linux Foundation Public Health (LFPH) initiative is important in this humanity-scale fight against the coronavirus, the global collaborative potential of open source technologies, and the strategic value open source should play in a country’s industrial policy.

Dissecting the LFPH

To date, the LFPH is one of the few COVID-related initiatives that is technology-oriented and global in nature, as opposed to financial-oriented in the form of monetary policies and stimulus packages. Its founding members are the following seven companies:

  • Cisco
  • Geometer
  • IBM
  • NearForm
  • Tencent
  • VMware

While its global coverage may surprise some people, it’s actually the default in open source. All open source technologies have a global reach, because the code base is public, transparent, and accessible to any person with an Internet connection can download the code to run, copy, modify, and distribute it. There is no “going global”, you are global from Day 1. Thus, collaboration in open source always attracts contributions from a worldwide audience. While this initial cohort of members heavily represents the U.S. (Cisco,, Geometer, IBM, VMWare are all American companies of various sizes), it also includes NearForm, an Irish tech consulting and training company, and more notably Tencent, a Chinese tech giant. Tencent’s involvement very much runs counter to the stream of current events between the U.S. and China -- dominated by sanctions, distrust, and the closing of diplomatic posts. It’s worth pointing out that out of the big tech players on this member list, only Tencent and IBM have actually done some COVID-related open sourcing already. Four months ago, Tencent open sourced a global case tracking software with an AI-based digital health portal, and IBM open sourced a dataset of epidemiological case reports.

The LFPH also hosts these two open source projects:

  • COVID Shield: a COVID exposure notification app developed by a volunteer team at Shopify, the Canadian e-commerce giant, currently in the process of being deployed in Canada.
  • COVID Green: a similar exposure notification solution developed by NearForm to support the Irish Government’s response to COVID-19.

Both of these solutions are built on top of the Google Apple Exposure Notification (GAEN) system announced in April. A version of it was first made available in May as part of the iOS 13.5 update.

It’s useful to nerd out about GAEN’s technical specs for just a bit here to understand why this protocol was embraced by the LFPH in this first phase of the initiative over other alternatives. This protocol is a hybrid of Bluetooth Low Energy technology with cryptography -- meaning it’s likely the most privacy-friendly and least intrusive option for building exposure notification apps. The distance limit between two devices that communicate using Bluetooth Low Energy max out at 100 meters (~330 feet), which is not that far, but far enough to do COVID contact tracing. It’s also opt-in by default, as opposed to opt-out, giving users the choice. Combined with cryptography that encrypts the shared data so only relevant institutions (e.g. public health authorities) can access the information, the GAEN protocol strikes a decent balance between data sharing and privacy protection. Of course, it also has the added benefit of being developed jointly by the two tech behemoths that collectively owns close to 100% of the world’s smartphone operating system market share, making distribution much easier.

There are two other alternatives to GAEN. One is a Bluetooth-based protocol not developed by Google and Apple, currently adopted by countries like Australia, Malaysia, and France. The other one is a GPS-based protocol, which is likely more intrusive since GPS is generally used for location tracking via satellites not just near-distance communication like Bluetooth. This protocol is currently adopted by countries like China, India, Israel, Singapore, and New Zealand.

The LFPH publishes and maintains a very helpful graphic showing which countries are adopting which one of the three protocols: GAEN Bluetooth, non-GAEN Bluetooth, GPS.


You don't have to squint too hard to notice one conspicuous absence: America. We will discuss that shortly when we get to industrial policy.

Open Source Nuances

For readers who are not steep in open source, it may not be totally clear why this foundation-led open source initiative is such a big deal. I’ll do my best to explain the significance without the jargon.

Open source technology development: Two of the most important, and somewhat counterintuitive, advantages to open source technology development are speed and security.

You’d think that developing software in the open, where the whole world can participate, can be messy and slow. The reality is the messiness and slowness do happen, especially during a project’s early days, when both the technology and the processes organizing its development are immature. But once some best practices are established, the velocity of improvement is much faster than a similar technology developed behind closed doors. Having the whole world download, test, deploy, and debug your work is extraordinarily powerful, if you know how to organize that energy and attention.

Open source technology is also more secure and trustworthy. Having the codebase public and transparent to all may feel like oversharing, exposing the technology to attacks and security breaches. In reality, allowing security experts and hackers to easily access and test the codebase is the best way to secure the technology continuously. As I’ve written in “Can ByteDance Build Trust?” and many other posts, sunlight is the best disinfectant, and open source is that sunlight in the technology world.

Look no further than the U.S. Department of Defense’s (DoD) deep adoption of Kubernetes, an open source container orchestration software, as an example. Right now, the U.S. Air Force’s F-16 fighter jets are running three concurrent Kubernetes clusters. Few machines require more robust security than F-16’s.

Defeating COVID-19 will also require technology that can both improve quickly and be secure and trustworthy. Developing such a solution the open source way is a no-brainer.

Foundation: the role that a foundation plays in open source is more subtle. While a foundation’s involvement in an open source project is by no means necessary, it can help in two meaningful ways: accelerate development and vendor neutrality.

Foundations like the Linux Foundation, having organized, governed, and fostered many large-scale projects, have distilled lots of experiences and best practices that can help reduce some of the messiness and slowness that often plague young open source projects. Both COVID Shield and COVID Green are most certainly young open source projects. Their progress may be hampered if they are driven solely by Shopify and NearForm, respectively. By having the LFPH “host” these two projects (and likely many others in the future), they can all leverage the foundation’s know-hows in IP management, technical governance, community building, and many other essential elements of open source to accelerate their development.

A foundation also provides vendor neutrality to the technology. Neutrality is key for an open source project to achieve wide and deep adoption, because no big user can tolerate the risk of being locked-in by another company. The DoD would not invest deeply in using Kubernetes if it was still a Google project, where it was first created; it would not want to be locked-in to any Google-imposed restrictions or dependencies. Because Kubernetes is hosted in the Cloud Native Computing Foundation (CNCF), a sub-foundation of the Linux Foundation, the lock-in risk is reduced.

Global collaboration on solutions to fight COVID no doubt requires the same neutrality. Many national governments and public health authorities are involved, and none of whom want to be locked-in to any vendor. Fittingly, the LFPH is led by Dan Kohn, who was the executive director of the CNCF for four years. He’s done this before.

Full Stack Industrial Policy

Coming back to the American flag being noticeably missing in the Linux Foundation's public health landscape graphic, there is little doubt at this point that America’s top leadership, in both the White House and Congress, is grossly dysfunctional and incompetent. Without a coherent national plan, different state governments are left to their own devices. Some states, like California, New Jersey, and New York have decided to not adopt the GAEN and opt for manual contact tracing. Other states, like Alabama, North Dakota, and South Carolina said they would adopt the GAEN, but have yet to approve and release any app for people to use. The inconsistency and inaction have made controlling this pandemic that much more difficult.

The LFPH presents a new template, with neutrality to both technology vendors and partisan politics, that has the potential to facilitate the large-scale collaboration necessary to develop solutions for large-scale problems, like the coronavirus. By bringing together a common infrastructure layer (the GAEN protocol), a few open source applications to develop and foster (COVID Shield, COVID Green), and both big and small companies who are willing to put in resources and expertise to support the initiative sustainably, the LFPH is a full stack solution.

More than ever, America needs to fully embrace and leverage open source from the very top to: 1. Defeat COVID in the short-term; 2. Put forward an industrial policy and long-term vision.

Arguably, America has not had a holistic industrial policy since NASA’s space program landed humans on the moon and the National Interstate and Defense Highways Act of 1956 built the interstate highway system. Combining Washington DC’s mostly laissez-faire stance since the Reagan Administration with four decades of globalization, many companies have profited handsomely by offshoring their supply chains, while America’s own capabilities have deteriorated. Rebuilding these capabilities is not easy; just because you used to have it, doesn’t mean you can have it again with the snap of a finger. The latest and most painful example is Intel’s massive delay of its 7nm chip manufacturing process, forcing it to place a big order with the rival Taiwanese foundry, TSMC.

Open source is not the panacea to all of these massive challenges. But strategically incorporating both open source technologies and the spirit of open source collaboration can replenish much of this deterioration of American industrial capabilities. Like I noted earlier, one of the biggest strengths of open source is speed of development.

There is reason to be hopeful. During the waning days of the Obama administration in 2016, the White House released the Federal Source Code policy. Among other things, this policy requires all Federal agencies to open source 20% of their custom-made codebase (yes, the government builds plenty of their own software), all of which is centrally organized and accessible on The goal is to improve reusability of software among Federal agencies (don’t reinvent the wheel) and allow the public to leverage these softwares as well. Both the policy itself and all the open source repositories housed under are managed publicly and transparently -- as all open source projects should.

All this open source work has been continuing since without much attention or fanfare, building processes and best practices within the Federal government. For what it’s worth, the American government’s open source muscle is much stronger than that of the Chinese central government’s, though officials from the Ministry of Industry and Information Technology have been participating in open source related events more actively in recent years.

A strong, official embrace of open source as part of a larger industrial policy is both desirable and realistic. We are seeing signs of this happening elsewhere. The UK government has publicly pushed for OpenRAN, an open source telecommunications solution to build 5G networks, so countries are not locked-in to either Huawei, Nokia, or Ericsson (recall vendor neutrality). I’m not advocating for top-down industrial planning in America, like what’s happening in China or South Korea. The free market is and should continue to be the dominant engine of growth and innovation. Federalism also serves an important function -- state and local governments should have the autonomy to adapt Federal leadership and direction to local conditions. The problem now is: there is no leadership, no direction.

Fighting a global pandemic and rebooting the world’s largest economy will need a humanity-scale effort that requires sharing, collaboration, and positive-sum thinking. Open source embodies all these values.

If you like what you've read, please SUBSCRIBE to the Interconnected email list. New posts will be delivered to your inbox (twice per week). Follow and interact with me on: Twitter, LinkedIn.

Chinese Version Below






  • 思科
  • Geometer
  • IBM
  • NearForm
  • 腾讯
  • VMware

扎眼一看就是全球覆盖率,有些人可能会有点惊讶,但全球化其实是开源的“默认值”。所有开源技术从第一天起都是全球化的,因为代码是公开的、透明的,任何有互联网连的人都可以随意下载运行、复制、修改和分发代码。因此,以开源的方式合作总是会吸引着来自世界各地的贡献者。虽然这第一批成员在很大程度上代表了美国(思科,, Geometer, IBM, VMWare都是大小不一的美国公司),但它也包括爱尔兰一家技术咨询和培训公司NearForm,而更值得注意的是包括了腾讯。腾讯的参与在很大程度上与中美关系最近的一系列时事背道而驰,比如经济制裁,加剧的不信任和领事馆的关闭。值得指出的是,在这个成员名单上的科技大厂中,只有腾讯和IBM已经做了一些与COVID相关的开源工作。四个月前,腾讯开源了一套全球病例追踪软件,里边带有一个基于人工智能的数字化健康软件。IBM开源了一个流行病学病例报告的数据集。


  • COVID Shield:一款由加拿大电商巨头Shopify的志愿工程团队开发的COVID暴露通知应用程序,目前正在加拿大部署试用。
  • COVID Green:由NearForm开发的另一款类似的暴露通知解决方案,来支持爱尔兰政府对COVID-19的反应和措施。

这两个解决方案都是建立在4月份发布的Google-Apple疫情暴露通知(Google Apple Exposure Notification,GAEN)系统上。第一版在5月份与iOS13.5的更新一起发布。










同时,开源技术的安全性也更高。直观的看,把所有代码公开共享,可能会让项目受到更多的网络和黑客攻击。实际上,允许网络安全专家和黑客们看到和测试代码是持续保护和巩固技术安全性的最佳方式。就像我在 “字节跳动能在海外建立诚信吗”一文和其他许多帖子里写到的阳光是最好的消毒剂,开源就是科技领域里的阳光

美国国防部(Department of Defense,DoD)对Kubernetes(一种开源容器编排软件)的深度采用就是个最好的例子。目前,美国空军的一架F-16战斗机会同时运行三个Kubernetes机群很少有比F-16对安全性要求更高的机器了。



像Linux Foundation这样的基金会,组织、管理和培养过许多大型项目,累计了许多经验和最佳实践,这些经验和实践可以帮助减少年轻开源项目起步时的混乱和缓慢。COVID Shield和COVID Green无疑都是很年轻的开源项目。如果仅由Shopify和NearForm分别驱动,它们的发展可能会慢很多。通过让LFPH“托管”这两个项目(今后还会有其他项目加入),它们可以充分利用基金会在知识产权管理、技术治理、社区建设以及开源的许多其他要素的经验和知识,以加速发展。

基金会还提供了供应商厂家的中立性。中立性是驱动一个开源项目达到广泛和深入采用的关键因素之一,因为没有大用户能容忍被另一家公司锁定的风险。如果Kubernetes,一个最初在谷歌开发的项目,现在仍然是谷歌的项目的话,美国国防部是不会大量使用和投入到Kubernetes这门技术的。它不想冒被谷歌强加任何限制或依赖的风险。因为Kubernetes托管在Linux基金会的一个子基金,云原生计算基金会(Cloud Native Computing Foundation,CNCF)中,锁定风险就降低了许多。

想在全球合作的基础上开发解决COVID的方案也需要同样的中立性。许多国家政府和公共卫生机构都会参与,它们中没有一个愿意被任何供应商锁定的。正巧LFPH是由Dan Kohn领导,他曾经担任了四年CNCF的执行主任。他知道该怎么做。



LFPH提供了一个新的模板,无论从技术厂商还是党派政治都保持中立,从而可以促进大规模协作,为像冠状疫情这种大规模挑战开发出解决方案。通过结合一个共有的基础设施层(GAEN协议)、几个需要开发和培养的开源应用程序(COVID Shield、COVID Green),以及吸引愿意投入资源和专业知识来持续支持该计划的大小公司,LFPH是个全套解决方案。