One reason for the somewhat separate open source ecosystems that the author doesn't touch on is language. In my experience, the dev communities are already pretty separate simply because the languages are so different from each other. Japanese dev communities follow a similar pattern from what I know.
While I'm sure the geopolitical issues cause some division, I'd be willing to bet the main reason is much more fundamental and the two ecosystems just naturally developed separately.
Google is too "helpful" in assuming what I want instead of what I say for me to find it anymore, but there was a Linus Torvalds quote about how it didn't even occur to him to write linux in anything but english, even though that's not his native language.
Those days are done. The world now has plenty of internet for any language you speak, and there's no need for standardizing on the "biggest" language.
Agreed. I think a lot of native english devs don't realize just how much english permeates every aspect of software. Another post on HN talking about the process of digitizing Tibetan mentioned how line breaks aren't really a thing in that language. But of course, they're everywhere in software and required for things to even function. So many decisions are based on language that go beyond actual communication. It's kinda wild to think about.
I'm not sure I understand why this is an apocalypse. Diversity is great. While I'm sure the CNCF would love a world where literally everything ran on kubernetes, as one example, the reality is that making kubernetes the one tool for everything everywhere all at once will only turn it into a piece of certification design-by-committee garbage (which, let's be real, it basically already is). We should not want one unified world of open source; I love the idea that anyone, whether divided by race, nationality, or just thought process, is out there approaching problems from a different angle and rethinking from first principals. We should share ideas, not code.
I guess you could look at this as a restatement of the 'Reflections on trusting trust' paper (https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...), in that the whole software chain needs securing ideally (though there is value in even doing parts of it).
I don't think that will be possible with federated governance, rather the chain is probably best secured mathematically and in a distributed fashion. Potential use for the blockchain/merkle-clock event log/zksnarks etc. ?
I don't think it's as much a technical problem as it is a social, or process, problem. Math and distribution won't solve those. If the introduction of an exploit is done well (e.g. the XZ exploit), the provenance of the malicious code will pass muster. It'll just be doing bad things, at least from the OSS consumer's perspective.
That’s not really what the paper is about.
Can't it be solved with the reproducible builds?
This has already happened. We won't use software, open-source or otherwise, from an adversarial nation.
I'm not really following — is the author discussing funding/foundations for Open Source software and supply chain security? The rise of "communities" in other countries doing open source development? Or how the East can't trust the West, and vice versa? The geopolitical aspects and cyber norms discussions are already happening[0] but in ways and at a pace that usually frustrate technical people.
I like DHH's take on Open Source[1]: "Using open source software does not entitle you to a vote on the direction of the project. The gift you've received is the software itself and the freedom of use granted by the license."
We should welcome these new communities and thank them for their contributions and perspective. As long as I have the freedom to choose, and censorship isn't a barrier I don't see an issue - they can do what they want. With OSS I can at least review the code and form my own opinion on who and what I should trust.
[0] https://www.csis.org/analysis/creating-accountability-global... [1] https://world.hey.com/dhh/open-source-is-neither-a-community...
> a sort of United Nations of Open Source that equally represents all.
If you think the UN equally represents all, you are mistaken. The UN basically exists as a forum for the major powers at the end of WWII to wield influence with a veneer of respectability (see Permanent Security Council).
Ultimately, developers live in nation states, and need to eat, pay taxes, avoid getting throw in prison, etc.
Nation states are also well aware of the power of software and won’t ignore it like they did before. Software, including open source is part of the full-spectrum competition.
Given the geopolitical rivalries, I have approximately zero hope that open source will avoid these rivalries
I've worked around (and occasionally in) UN agencies for a good deal of my career, and it's getting to the point where I'd be surprised if it lasts another decade at this rate.
I'd like to avoid a very dicey political hole here, but let's just say the inability of its governance structures to prevent recent conflicts or protect its peacekeepers puts it squarely in League of Nations territory.
The UN has also been unable to prevent terrorists from infiltrating it's agencies.
Up to this point nations have shown no interest in funding open source software and that's likely to continue. (This is despite the fact that Linux fuffills the public benefit argument for science funding better than most research.)
I have no doubt that governments will fund the planning and implementation of exploits, polluting OSS libraries and systems, when it's in their interest to do so. Possibly over the long-term, using a combination of social engineering and code itself.
Governments have minimal incentives to fund things that are working without their funding.
The EU has been funding open source for years, and Germany just started their own funding program, currently in the pilot phase: https://www.sovereigntechfund.de/
I recently discovered that the SuSE based distribution used by some libraries on NRW a decade ago, is now Windows running in kiosk mode instead.
It depends on your definition of "working".
Yes, I'd go with the zero hope option too.
> Nation states are also well aware of the power of software and won’t ignore it like they did before.
In 2020, DARPA instituted the CyberSocial project. One of its goals was to find ways to identify code introduced maliciously (for lulz, patriotism, or profit) to OSS projects where the intention of that code is to create or exploit vulnerabilities.
There's a decent, accessible discussion of the issues at
https://www.ifri.org/en/studies/software-power-economic-and-...
> Nation states are also well aware of the power of software and won’t ignore it like they did before. Software, including open source is part of the full-spectrum competition.
Why then is OSS not funded like scientific research?
Because the tools to write OSS are cheap. A laptop and a brain are enough. Everybody already got them. About time and paying one own bills: some people volunteer and somebody are paid by their employees to write open source or to occasionally contribute to it. I did it myself years ago. We needed to add some functionality to an OSS library and I asked to my customer if I could send the patch to the project on GitHub. They told me yes and I believe it's still there. GitHub inflicted 2FA to me for that later on, but that's another story.
Some scientific research tools are as cheap as what we use to write software. Other tools cost a lot, from the 10 thousands to the billions. They are funded in several ways from universities, research labs to transnational entities.
That could change with AI models because collecting data and training cost a lot, but they are not the usual OSS piece of code so I'm not sure that they belong to this thread.
"nation-state" has a particular meaning and it's not "a smarter-sounding way to say country"
For those wondering, the actual smarter-sounding way to say "country" is "state-level actor".
So, open source developers live in state-level actors, is the cool way to say it.
Your comment would be much more helpful if you explained your thoughts. Currently, it just sounds like "you're stupid."
In sociopolitical terms, a nation refers to a group of people sharing the same culture. A nation-state is a sovereign state (a country) that encompasses all of the people of that culture, as opposed to other kinds of states that might be multiethnic or city-states or empires or whatnot. It's generally seen as the culmination of various independence movements in the 19th and 20th centuries, as constituent peoples within multiethnic empires sought their own independence as a self-governing state.
Not all modern countries are nation-states. Countries like San Marino or Singapore are city states, while countries like the US are often seen not as nation states because they don't have a strong core concept of ethnicity forming the basis of the nation. (In particular, note that citizenship in the US--indeed most countries in the Western Hemisphere--is based primarily on jus soli, i.e., being born on sovereign soil; whereas most European countries figure it primarily on jus sanguini, i.e., based on your parents being citizens).
I've been on my phone so messages are terse but here: https://en.m.wikipedia.org/wiki/Nation_state
"As a community, we must look beyond geopolitical conflicts"
Is this even a problem? People in most FOSS projects does not seem to care at all about nationality, race and etnicity. I think most people don't care at all about 'geopolitics' in the first place. It is some pissing contest for the elite.
And even if they did, any user can be anonymous, and many projects accept pseudo-anonymous contributions.
Well, it depends. Several nginx core developers were laid off in 2022 for no fault of their own. Then we have examples like this:
https://news.ycombinator.com/item?id=35137213
I also wouldn't say it's all roses, some of my Russian and Jewish friends have felt very uncomfortable participating in FOSS projects during the past couple of years, although it has cooled off somewhat recently. (I have many in both countries for historical reasons.)
It's easy to think there is no discrimination when you're not on the receiving side of it -- some significant minorities in the US should know this very well.
> I also wouldn't say it's all roses, some of my Russian and Jewish friends have felt very uncomfortable participating in FOSS projects during the past couple of years
Yeah, this is something I often argue about with my colleagues. They claim that Russians brought it upon themselves, that they should oppose Putin etc. These arguments are ridiculous when you dig deeper, as an individual in Russia, whether a powerful one like Navalny once or almost unknown like the pianist hero Pavel Kushnir, you mean nothing. You will disappear just like that and nobody will even say a word.
Of course when you start advocating the war online and spread putinist propaganda, that's another question. But normal Russians are normal people like you and me, if anything they are more hostages of this terrible situation than Westerners.
> But normal Russians are normal people like you and me, if anything they are more hostages of this terrible situation than Westerners.
By any chance, did you have conversations with Russians recently where they feel like they can speak freely? The vast majority of them support if not Putin himself, then the idea of restoring Russian Empire through the force one way or another. A lot of them blame "west" for all their problems and a sizeable portion still feel that collapse of the west with its values is the thing to be desired.
Hiring or working with Russian is a liability for any company for practical reason - from espionage to causing major tensions in the periods of world instability or just when person will "come out" on social media with their views and beliefs.
Unfortunately I know one such a person, they repeat the same bs that you can hear from Mearsheimer (that Putin had "no choice", that the war is only because of NATO, that Russia is just defending itself against American aggression, etc.). It's hard to discuss it at all because the basic axioms are completely different for them.
> People in most FOSS projects does not seem to care at all about nationality, race and etnicity.
Largely true - but have your parser report "ERROR: Expected T_PAAMAYIM_NEKUDOTAYIM" and see how the user/contributor community reacts :)
> Is this even a problem?
Nope it’s not! I’m a little befuddled as to why this article was even written. I’ve collaborated with a bunch of Chinese devs and we never feel that politics are relevant or are suspicious of each other. We’re just a bunch of nerds hacking on projects across a large timezone.
Headline's word choice amuses me, because the literal meaning of "apocalypse" is "uncovering, revelation" which is quite appropriate for anything "Open Source", isn't it?
I imagine you also get amused when people use 'literally' figuratively?
Yes and I return to this series https://youtube.com/playlist?list=PLGVpxD1HlmJ-dLBoRLP91gvRJ...
How does it make sense for there to be ‘splits’ on a regional basis?
By definition, there cannot be any effective barriers between any part of ‘open source’ and any other part, assuming they are not made under mutually contradictory licenses.
So there cannot possibly be any differences lasting much longer than the time it takes to review the relevant codebase.
"Open source" doesn't require that the readme, comments, issues, and PR's use a language that you know. So depending on who you are, reaching the point where you're able to effectively collaborate could be the work of years.
Aside from that though, I agree. I can't see and technical reasons why one wouldn't mix oss from both communities, thereby bridging it into a single community.
There are plenty of translation tools available to overcome linguistic barriers with a few clicks. Which is more effort than zero clicks, but hardly a significant barrier.
And some of those tools could actually be better, in pretty much any language pair, then the majority of native speakers themselves.
Anyone else notice the irony? We're talking about Open Source, right? Then, "will the west adopt chinese software", which has a xenophobic touch. But wait, a paragraph later "Can I sell this to our clients?" Well, you know, I am too long into FLOSS to not notice this corporate bullshit. Its open source, you dont have to be able to sell it, MBA.
Right and OSS maintainers live off hugs and kisses.
Screaming treason whenever someone tries to make a living off OSS is the main reason the community is so toxic/in constant crisis.