Why talk about FOSS?
This article was stimulated by a number of factors: Olle’s sadness at Digium Asterisk Hardware Device Interface (DAHDI) no longer being supported; I’m currently running an annual open source telecom software survey; and I was rereading the HBR article “The Digital Economy Runs on Open Source. Here’s How to Protect It“.
Before we get going, I know most readers understand this, but I too often jump into the meat of my article without restating this important point about FOSS (Free and Open Source Software): “Free software” does not refer to the monetary cost of the software, rather whether the license maintains the software user’s civil liberties (“free” as in “free speech” not “free candy”). I’ll also mention at this point the EULA (End User License Agreement) episode of South Park with the human centipede. I’m not going to link to the clip as it’s rather nasty. But it does capture how nasty proprietary software licensing can be. Blame the lawyers and our behaviour to not read T&Cs (Terms and Conditions).
FOSS has been an amazing success, back in 2000 I liked the idea as it reminded me of the early ’80s when software was mostly source code bundled with the hardware. However, I was circumspect on how broad the reach of FOSS could be. Great for small and medium sized projects and businesses, but corporations have more needs including trusted partners and dedicated support.
Well, the Web runs on FOSS. Apache and Nginx web servers run over 60% of the world’s websites, and Kubernetes powers cloud computing. IBM purchased Red Hat, one of the most successful companies built around FOSS for $34 billion. A year before that, other tech giants paid billions to acquire a stake in FOSS, most notably Microsoft (bought GitHub for $7.5 billion) and Salesforce.com (bought MuleSoft for $6.5 billion). FOSS has achieved mainstream success and changed the world.
Black Duck Software runs an annual Future of FOSS survey. In the most recent survey 78 percent of respondents said their companies run part or all of its operations on OSS and 66 percent said their company creates software for customers built on open source.
FOSS is part of most software builds.
FOSS a Two-Edged Sword
The success of FOSS comes from amazing people who are allowed to create impressive software through volunteerism without the damping effect of a large organization and its processes that drag the rest of the organization along with their many requirements and approvals. But FOSS has proven to be a two edged sword:
- In Olle and Sandro’s TADSummit Special presentation, he shared how LOG4j was one of the FOSS projects that precipitated the EU CRA Act.
- Some of the most widely used FOSS packages are housed under the accounts of individual developers (rather than broader communities), raising the issue not only of security, but also of reliability.
- Most companies are using outdated versions of open-source programs. Failing to stay abreast of updates means it is more likely the software contains bugs and security weaknesses.
As Olle and Sandro in their TADSummit Special pointed out Security needs to move left across all software development projects, and be part of the design process
Culture Shift Required, it’s like Tipping
There’s also a cultural shift required. Many FOSS implementers think the Free means zero cost. As Microsoft’s Ballmer said in 2000 “Linux is Communism”. But it isn’t, users / implementers need to contribute across code, docs, and cash:
- Cash can be sponsoring or attending community events, or paying to accelerating the development of specific features by the core project team, or update support (keeping updated to the latest version, a critical issue).
- Documentation is always a thankless task, and is always behind the features available in the current release. Most FOSS projects need help there.
- And code from the community is what makes FOSS projects better than proprietary software.
Most of the FOSS community, those that are active on the project’s Slack channel do the above. But that’s <1% of the people using the project; there are large corporations using FOSS in their internal and customer projects who are not contributing. I’ve seen excuses such as, ‘our vendor purchase processes do not allow it.’ Then change the processes, if you’re using FOSS, recognize the project and help the team. If they are successful, they are working day and night, and struggling to keep up with demand as they love their software. They need support, ideally sustained support so they can retain full time staff.
Bottom-line: FOSS has enabled the web, transformed enterprise IT, and made programmable communications / telecoms possible. It’s a maturing model that needs support by everyone that uses FOSS. It’s not free as in no cost, it’s free as in speech (you will not be made part of a human centipede), and it’s the responsibility of everyone to recognize the projects. If you use it, contribute what you can, think of it like tipping after a meal, its optional, but you really should.
The teams behind open source projects can also be bought, but that must be managed carefully, as mentioned at the start of this article with Olle’s sadness with DAHDI. However, projects can be forked by the community, and as I’ve said many times, open source projects never die, the code sits in github. See how active Restcomm remains, even though the Telestax team have dispersed after Mavenir closed Telestax down.
FOSS and Communications / Telecoms
The programmable communications industry is built on FOSS. Annually Zoom supports 3.3 trillion conference minutes (voice, video, data). Picking on the whole of the UK across fixed (40B) and Mobile (190B) its 230B voice minutes, and in decline. That’s a factor of 14 difference, split that across the 5 main carriers (BT, Vodafone, EE, Three, and O2); that’s on average about a factor of 70 in call minutes between Zoom and the UK telcos. The comparison is not entirely fair as Zoom is providing a video collaboration service with loads of features, versus a PSTN voice call.
Scale of implementation has not been a factor between FOSS and proprietary software for close to a decade. Over the past decade we’ve seen many of the moats used to lock-in customers into proprietary software disappear:
- Voice no longer requires specialized knowledge, WebRTC and open source voice CPaaS (e.g. Jambonz or Fonos) have made voice accessible to most developers.
- Scale, beyond the number of minutes supported as mentioned in the Zoom versus the UK example. The code base is now built on the shoulders of giants. For example, Zoom uses some of the code from the WebRTC project in its client that also uses the open source project WebAssembly.
- Roadmap control, with proprietary software adding a customer requested feature can take months / years, if at all. With FOSS, changes are implemented in days or weeks by the core project team, your team, preferred development partner, or project community member. You’re in control, and can react to customers and new opportunities in days.
- History shows FOSS outcompetes commercial software, e.g. solaris versus linux. Once upon a time FOSS was treated with suspicion. Yes, it works, but… All the above evidence from the Web, enterprise IT, and programmable communications shows its become the default.
- Proprietary software is generally not pick and mix, it’s a bundled single version. FOSS enables implementers to build what they need. Proprietary software may come with built in speech rec, and yes they allow other APIs, it’s never the same integrated experience. FOSS its built to enable an open approach, free to choose your prefered speech rec, and there is an experienced community there to help you.
- The need for specialized hardware has almost gone. FOSS and time (patents are only enforceable for 20 years) have helped remove the stranglehold of voice related patents. The world today is vastly easier for building voice related services.
- The old boys club of voice has diminished, voice on the PSTN is a commodity where developers can use aggregators to terminate voice without hurdles of paperwork, local legal entities, and knowing the right people, etc.
FOSS and Telcos
Telcos do use lots of FOSS in the IT infrastructure, some telcos have policies where a justification must be given to use proprietary software versus FOSS. Companies such as ng-voice and working group two are breaking into telcos with their FOSS based solutions. The telco world is changing, albeit slowly.
The telco network versus telco services are two related worlds. There are only a few network vendors. The approach to open the network tends to be through box and wire (interface) standards like NFV and ORAN. Smaller vendors try to insert themselves into such standardized networks that telcos struggle to implement. Open source projects have also tried, e.g. Yate. But telco is a well entrenched business between the limited number of network vendors and its purchasing departments.
For telecom services, IMS was successful in keeping voice linked to the network. In 2016 DT was showing WebRTC works fine over mobile networks. And 12 years before that I was showing VoIP worked fine over the internet. Communications is independent of the network. Emergency services are also supported in programmable communications. However, once a platform is deployed and paid for like IMS, there needs to be a compelling reason for change. We’re seeing new-build telcos adopt FOSS for their services, but the legacy telco market is vast.
Telcos’ services strategy remains closely linked to their network vendors, see the current focus on OneAPI 2.0 (CAMARA). However, there’s enough margin in their business that such decisions matter little to the bottom line, it’s a state granted oligopoly. Voice and SMS offers will be maintained given the emergency services requirements of their license. Regulation is not going to change on emergency services as that is a vote loser. Perhaps the fixed carriers will move first to FOSS in the services layer? They are closing down the copper network and going all IP for voice. Perhaps some niches in mobile, e.g. MVNOs, and those augmenting their cores using WG2 and ng-voice. But it’s likely to be a slow transition compared to the development of the programmable comms industry.
Telcos’ services strategy still appears closely linked to their network vendors, see the current focus on OneAPI 2.0 (CAMARA). There’s enough margin in their business that such decisions matter little to the bottom line, it’s a state granted oligopoly. Voice and SMS will be maintained given the emergency services requirements of their license. Regulation is not going to change on emergency services as that is a vote loser. Perhaps the fixed carriers will move first to FOSS in the services layer? They are closing down the copper network and going all IP for voice. Perhaps some niches in mobile, e.g. MVNOs, and those augmenting their cores using WG2/ng-voice. But it’s likely to be a slow transition compared to the development of programmable comms industry.