This post is an enhanced republication of an OpEd I wrote jointly with Jordan Schneider a month ago that was published in Wired Magazine. This enhanced version includes more information on how governments around the world are adopting open source technology, like Israel, India, and Pakistan. It also now has a Chinese language version, which is of course a “default requirement” for a bilingual newsletter like this one. Hope you like it!
When you stream the latest Netflix show, you fire up servers on Amazon Web Services, most of which run on Linux. When an F-16 fighter takes off, three Kubernetes clusters run to keep the jet’s software running. When you visit a website, any website, chances are it’s running on Node.js. These foundational technologies—Linux, Kubernetes, Node.js—and many others that silently permeate our lives have one thing in common: open source.
Open source is a technology development and distribution methodology, where the codebase and all development—from setting a roadmap to building new features, fixing bugs, and writing documentation—is done in public. A governing body (a group of hobbyists, a company, or a non-profit foundation) publicly manages this work, which is most often done in a public repository on either GitHub or GitLab. Open source has two important, and somewhat counterintuitive, advantages: speed and security.
These practices lead to faster technological developments, because a built-in global community of developers helps them mature, especially if the technology is solving a real problem. Top engineers also prefer to work with and on open source projects. Wrongly cast as secretive automatons, they are more often like artists, who prefer to learn, work, collaborate, and showcase what they’ve built in public, even when they are barely compensated for that work.
But doesn’t keeping a technology's codebase open make it more vulnerable to attack? In fact, exposing the codebase publicly for security experts and hackers to easily access and test is the best way to keep the technology secure and build trust with end users for the long haul. Sunlight is the best disinfectant, and open source is that sunlight in technology. Linux, the operating system, and Kubernetes, the cloud container orchestration system, are two of the most prominent examples.
Open source is not limited to software, but also impacts hardware development. RISC-V, first introduced in 2010 at UC Berkeley, is an open source chip design instruction set architecture—which tells a chip how to do basic computation, like addition, subtraction, multiplication, etc. RISC-V is gaining traction in the hardware manufacturing space throughout the world, because it lowers barriers to entry and increases chip development speed. OpenRAN, an open source 5G networking stack that started gaining momentum in 2016, is also gaining more attention and has already been embraced by the UK and Japanese governments.
Using open source technology is now the fastest way new products get built and legacy technologies get replaced. Yet as US policymakers develop their industrial policy to compete with China, open source is conspicuously absent.
By leaning on the advantages of open source, policymakers can pursue an industrial policy to help the US compete in the 21st century in line with our broader values. The alternative is to continue a top-down process that picks winners and losers based on not just technology but also political influence, which only helps individual firms secure market share, not sparking innovation more broadly. A few billion more dollars won’t save Intel from its technical woes, but a healthier ecosystem leveraging open source technology and community would put the US in a better position for the future.
Open source technology allows for vendor-neutrality. Whether you’re a country or a company, if you use open source, you’re not locked in to another company’s technical stack, road map, or licensing agreements. After Linux was first created in 1991, it was widely adopted by large companies like Dell and IBM as a vendor-neutral alternative to Microsoft’s Windows operating system. In the future, chip designers won’t be locked into Intel or ARM with RISC-V. With OpenRAN, 5G network builders won’t be forced to buy from Huawei, Nokia, or Ericsson.
However, open source is not the panacea to all problems. By definition, anyone can run, change, copy, and distribute an open source technology. Thus, the technology and knowledge transfer can go to friends or foes.
China’s technology sector is already starting to embrace open source—a sensible thing to do for a country looking to maintain its rapid growth and establish technological self-reliance in the face of US sanctions. Its Ministry Industry and Information Technology included open source in an official policy planning document back in 2016 and just a few months ago anointed Gitee, a GitHub competitor, to be the domestic “national champion” to drive open source growth in China. Earlier this month, Huawei also open sourced its homemade mobile operating system, HarmonyOS, now called OpenHarmony, which anchors a brand new open source technology foundation, the OpenAtom Foundation -- China’s first.
China isn’t alone. The Israel Defense Forces have adopted open source technologies, like OpenStack and Hadoop, to not only cut down on IT cost, but also deliver faster and more secure software for its soldiers. India recently announced a national competition to promote the use of RISC-V to achieve self-sufficiency in semiconductors. India’s archrival, Pakistan, is also no stranger to open source and RISC-V; last year, it hosted a tech symposium for SiFive (a RISC-V oriented startup) that drew more than 2,500 people. More interestingly, SiFive closed a $60 million USD funding round in August that included investments from the corporate venture arm of SK Hynix, a South Korean semiconductor giant, and Aramco, Saudi Arabia’s national oil and gas company -- both with tight relationships with their respective governments. Open source is being adopted by many countries as part of their industrial future, and this trend will not stop.
This should not scare American policymakers, because the core values of open source—transparency, openness, and collaboration—play to America’s strengths. The Department of Defense is one of the largest consumers of open source technologies and is well versed in the intricacies and nuances. A few federal agencies have also open-sourced their code, as part of the Federal Source Code policy instituted during the waning days of the Obama administration in 2016. Among other things, this policy requires all federal agencies to open-source 20 percent of their custom-made codebase. Today, anyone can find and use the code open-sourced from these departments on code.gov. Both the policy and the code repositories are managed publicly and transparently—as all good open source projects should be.
This is a set of muscles and capabilities that China, Pakistan, and other countries do not (yet) have. This is a competition that is America’s to lose.
Instead of a directionless trade war with China, America should articulate a clear set of industrial policies, objectives, and a vision for the future with open source as the centerpiece. In the meantime, open source can play a pivotal role in fighting COVID-19. It’s already happening organically with Linux Foundation Public Health (LFPH), a global collaborative effort leveraging open source apps built on top of the Google Apple Exposure Notification system to make Covid-19 exposure notification more accessible. Instead of shuttling around the world telling others to not use Huawei, the White House should work closely with allies to embrace and foster OpenRAN, a promising but still immature technology.
By doubling down on open source, America can not only address some of our most pressing technological challenges faster and more securely, but also revive relationships with our allies and deepen productive collaborations with the tech sector.
If you like what you've read, please SUBSCRIBE to the Interconnected email list. To read all previous posts, please check out the Archive section. New content will be delivered to your inbox (twice per week). Follow and interact with me on: Twitter, LinkedIn.
这篇文章是我一个月前与司马乔丹(Jordan Schneider)联合撰写的一篇专栏文章的增强版,原文发表在 Wired Magazine上。这篇“增强版”包括了更多关于世界各国政府如何使用开源科技的内容,如以色列、印度和巴基斯坦。而且现在也有中文版本了,这也是一份双语周刊必须有的“默认需求”哈。希望您喜欢!
当你在Netflix看电影或电视节目时,会启动Amazon Web Services上的服务器,大部分都运行在Linux上。当一架F-16战斗机起飞时,三个Kubernetes机群会同时运行,以保持飞机里系统软件的正常运作。当你访问一个网站,任何一个网站是,都有可能启动运行Node.js. 这些基础科技-- Linux,Kubernetes,Node.js -- 包括其他许多技术都在默默渗透大家的生活中。它们的共同点:开源。
开源是一种技术开发与分发方式,其中的代码和所有开发的工作和过程(从设置产品未来路线到构建新功能、修复bug和编写文档)都是公开的。管理开源项目的机构(比如一组业余爱好者、一个公司或一个非营利基金会)也都是公开。这些工作通常在GitHub或GitLab的公共代码库中进行。开源有两个重要的,但有点违反直觉的优势:速度和安全性。
开源的运维方式和实践能促使更高速的技术开发,是因为全世界的开发者都可以参与来帮助一个项目成熟,尤其是当项目的技术能解决一个棘手的现实问题。顶尖的工程师也更喜欢与开源项目合作。他们经常被误解成一群神秘的机器人,但他们更像艺术家,他们更喜欢学习、工作、合作,并在公共场合展示自己的“作品”,即使他们很少得到报酬。
但是一门技术的代码如果都公开了它不会更容易受到攻击吗?事实上,公开代码更方便安全专家和黑客随时测试技术,是保持技术安全并与用户建立长期信任的最佳方法。阳光是最好的消毒剂,开源就是科技界的阳光。操作系统Linux和云容器编排系统Kubernetes就是两个最突出的例子。
开源不仅局限于软件,也在影响硬件开发。RISC-V于2010年在加州大学伯克利分校首次推出,是一种开源的芯片设计指令集体系结构,基本用处就是告诉芯片如何做基本计算,如加法、减法、乘法等。RISC-V在全球硬件制造领域正获得越来越多的关注,因为它降低开发门槛,提高芯片开发速度。OpenRAN是一个开源的5G网络栈,在2016年发展势头开始提升,也越来越受到关注,并已经受到英国和日本政府的欢迎。
使用开源技术是构建新产品和替换老技术的最快方式。然而,在美国政策制定者策划与中国竞争的工业政策当中,开源明显“缺席”。
依靠开源的优势,政策制定者可以推行一套能真正帮助美国在21世纪发展,同时与普世价值观一致的工业政策。另一种选择则是继续目前的自上而下的方式,不依据技术,而以政治影响力来挑选赢家和输家,这只会帮助某些公司获得市场份额,而不会激发广泛的科技创新。再多花几十亿美元砸在英特尔上是不会把它从当前的技术困境中挖出来的。但一个更健康的,会利用开源技术和社区的科技生态,可以把美国放在更有力的位置。
开源技术的一大特点就是厂商中立。无论你是一个国家还是一家公司,如果你使用开源,你就不会被另一家公司的技术堆栈、产品路线或许可协议所束缚。自1991年Linux首次问世以来,它被戴尔和IBM等大公司广泛使用,就是为了替代微软的Windows操作系统,用一款厂商中立的产品。在不久未来,芯片设计师将不会被英特尔或ARM锁定因为有RISC-V。而有了OpenRAN,想搭建5G的电信公司也不会被迫从华为、诺基亚或爱立信中采购设备。
当然,开源并不是能解决所有问题的灵丹妙药。任何一方都可以运行、更改、复制和分发开源技术。因此,技术和知识的转移既可以传给朋友,也可以传给敌人。
中国的科技领域已经开始接受开源,对于一个在美国制裁面前寻求保持快速增长和科技独立自主的国家来说,这也是合理而明智的。工信部早在2016年就将“开源”纳入了一份官方政策规划文件,而就在几个月前,它正式把国产的GitHub竞争对手,Gitee,提升为推动中国开源发展的“国家队主力”。本月早些时候,华为也开源了其自制的移动操作系统HarmonyOS,改称为OpenHarmony,而且是中国第一家开源技术基金会,OpenAtom基金会的核心项目。
中国不是唯一一个拥抱开源的国家。以色列国防军已经采用了许多开源技术,如OpenStack和Hadoop,不仅为了降低IT成本,还为其士兵更快的提供了更安全的软件。印度最近宣布了一项全国竞赛,来推广对RISC-V的使用来加速国家实现半导体领域科技独立的步伐。印度的“死对头”,巴基斯坦,对开源和RISC-V也并不陌生;它去年为SiFive(一家主攻RISC-V的创业公司)举办了一次技术研讨会,有2500多人参加。更有意思的是,SiFive在8月份完成了一轮6000万美元的融资,其中包括韩国半导体巨头SK Hynix的企业风投和沙特阿拉伯国家石油天然气公司Aramco的投资,这两家公司都与各自的政府关系密切。开源正被许多国家作为其工业未来的一部分而拥抱,这个趋势不会停止。
这不应该吓到美国的政策制定者,因为开源的核心价值--透明、开放和协作--是美国的优势。国防部是开源技术的最大用户之一,并且深谙其中的复杂和细微差别。一些其他联邦政府机构也公开了他们自己的代码,这是2016年奥巴马执政末期制定的“联邦源代码政策”的一部分。除此之外,这项政策还要求所有联邦机构将自己开发的技术代码的20%都要开源。今天,任何一个人都可以去code.gov这个网站使用政府的开源技术,而且这项政策以及所有的代码库都是公开透明的,就像所有优秀的开源项目一样。
这是一套中国、巴基斯坦以及其他国家(目前还)没有的能力。这是一场美国该赢的竞争。
与其对中国展开毫无方向的贸易战,美国应该制定一套明确的工业政策、目标、和以开源为核心的未来设想。开源技术可以在对抗COVID-19中发挥关键作用,并且已经在民间发生。Linux基金会公共卫生(LFPH)计划,就是一个全球性的合作项目,利用建立在谷歌苹果曝光通知系统之上的开源应用程序,使COVID-19暴露通知更容易使用。白宫应该与盟国密切合作,拥抱并培育OpenRAN(一门很有前途但仍不成熟的技术),而不是满世界跑敦促其他国家不要用华为。
通过在开源上加倍努力,美国不仅可以更快、更安全地应对最紧迫的技术挑战,而且还能恢复与盟友的关系,并加深与科技界有更高效的合作。
如果您喜欢所读的内容,请用email订阅加入“互联”。要想读以前的文章,请查阅《互联档案》。每周两次,新的文章将会直接送达您的邮箱。请在Twitter、LinkedIn上给个follow,与我交流互动!