By some measures, open source has been wildly successful in the cloud. Open source solutions like Kubernetes have eaten closed-source alternatives for lunch. Yet, in other respects, open source within the cloud has been a complete failure. Cloud-based architectures continue to pose fundamental problems for achieving open source’s founding goals of protecting user freedom. For many organizations, using the cloud means surrendering control to proprietary solutions providers and facing stiff lock-in risks.
These observations beg the question: Why hasn’t open source been more influential in the cloud, and what could be done to make cloud computing more friendly toward open source?
Open Source’s Problem with the Cloud
From the early days of the cloud era, there has been a tension between open source and the cloud.
When free and open source software first emerged in the 1980s under the auspices of Richard Stallman and the GNU project, the main goal (as Stallman put it at the time) was to make software source code available to anyone who wanted it so that users could “use computers without dishonor” and operate in solidarity with one another.
If you run software on a local device, having access to the source code achieves these goals. It ensures that you can study how the program works, share modifications with others and fix bugs yourself. As long as source code is available and you run software on your own device, software vendors cannot “divide the users and conquer them.”
But this calculus changes fundamentally when software moves to cloud-based architectures. In the cloud, the software that you access as an end user runs on a device that is controlled by someone else. Even if the source code of the software is available (which it’s usually not in the case of SaaS platforms, although it theoretically could be), someone else--specifically, whoever owns the server on which the software runs--gets to control your data, decide how the software is configured, decide when the software will be updated, and so on. There is no solidarity among end users, and no equity between end users and software providers.
Stallman and other free software advocates realized this early on. By 2010, Stallman was lamenting the control that users surrendered when they used cloud-based software, and coining terms like “Services a Software Substitute” to mock SaaS architectures. They also introduced the Affero General Public License, which aims to extend the protections of the GNU General Public License (the mainstay free software license) to applications that are hosted over the network.
The fruits of these efforts were mediocre at best. Stallman’s pleas to users not to use SaaS platforms has done little to stem the explosive growth of the cloud since the mid-2000s. Today, it’s hard to think of a major software platform that isn’t available via an SaaS architecture or to find an end user who shies away from SaaS over software freedom concerns.
And although the Affero license has gained traction, its ability to advance the cause of free and open source software in the cloud is limited. The Affero license’s main purpose is to ensure that software vendors can’t claim that cloud-based software is not “distributed” to users, and therefore not subject to the provisions of traditional open source licenses, like the GPL. That’s better than nothing, but it does little to address issues related to control over data, software modifications and the like that users face when they use cloud-based services.
Thus, cloud-based architectures continue to pose fundamental challenges to the foundational goals of free and open source software. It’s hard to envision a way to resolve these challenges, and even harder to imagine them disappearing in a world where cloud adoption remains stronger than ever.
Open Source’s Cloud Successes
You can tell the story of open source in the cloud in another, more positive way. Viewed from the perspective of certain niches, like private cloud and “cloud-native” infrastructure technologies, open source has enjoyed massive success.
I’m thinking here about projects like Kubernetes, an open source application orchestration platform that has become so dominant that it doesn’t even really have competition anymore. When even VMware, whose virtual machine orchestration tools compete with Kubernetes, is now running its own Kubernetes distribution, you know Kubernetes has won the orchestrator wars.
OpenStack, a platform for building private clouds, has been a similar success story for open source on cloud-based architectures. Perhaps it hasn’t wiped the floor of the competition as thoroughly as Kubernetes did, but OpenStack nonetheless remains a highly successful, widely used solution for companies seeking to build private clouds. =
You can draw similar conclusions about Docker, an open source containerization platform that has become the go-to solution for companies that want a more agile and resource-efficient solution than proprietary virtual machines.
And even in cases where companies do want to build their clouds with plain-old virtual machines, KVM, the open source hypervisor built into Linux, now holds its own against competing VM platforms from vendors like VMware and Microsoft.
When it comes to building private (or, to a lesser extent, hybrid) cloud-based infrastructures, then, open source has done very well during the past decade. Ten years ago, you would have had to rely on proprietary tools to fill the gaps in which platforms like Kubernetes, OpenStack, Docker and KVM have now become de facto solutions.
Open Source and the Public Cloud
Open source appears less successful, however, when you look at the public cloud. Although the major public clouds offer SaaS solutions for platforms like Kubernetes and Docker, they tend to wrap them up in proprietary extensions that make these platforms feel less open source than they actually are.
Meanwhile, most of the core IaaS and SaaS services in the public clouds are powered by closed-source software. If you want to store data in Amazon S3, or run serverless functions in Azure Functions, or spin up a continuous delivery pipeline in Google Cloud, you’re going to be using proprietary solutions whose source code you will never see. That’s despite the fact that open source equivalents for many of these services exist (such as Qinling, a serverless function service, or Jenkins, for CI/CD).
The consumer side of the cloud market is dominated by closed-source solutions, too. Although open source alternatives to platforms like Zoom and Webex exist, they have received very little attention, even in the midst of panic over privacy and security shortcomings in proprietary collaboration platforms.
Building a Better Open Source Cloud
One obvious objection to running more open source software in the cloud is that cloud services cost money to host, which makes it harder for vendors to offer open source solutions that are free of charge. It’s easy enough to give away Firefox for people to install on their own computers, because users provide their own infrastructure. But it would be much more expensive to host an open source equivalent to Zoom, which requires an extensive and expensive infrastructure.
I’d argue, however, that this perspective reflects a lack of imagination. There are alternatives to traditional, centralized cloud infrastructure. Distributed, peer-to-peer networks could be used to host open source cloud services at a much lower cost to the service provider than a conventional IaaS infrastructure.
I’d point out, too, that many proprietary cloud services are free of cost. In that sense, the argument that SaaS providers need to recoup their infrastructure expenses, and therefore can’t offer free and open source solutions, doesn’t make a lot of sense. If Zoom can be free of cost for basic usage, there is no reason it can’t also be open source.
Admittedly, making more cloud services open source would not solve the fundamental issue discussed above regarding the control that users surrender when they run code on a server owned by someone else. But it would at least provide users with some ability to understand how the SaaS applications or public cloud IaaS services they use work, as well as greater opportunity to extend and improve them.
Imagine a world in which the source code for Facebook or Gmail were open, for example. I suspect there would be much less concern about privacy issues, and much greater opportunity for third parties to build great solutions that integrate with those platforms, if anyone could see the code.
But, for now, these visions seem unrealistic. There is little sign that open source within the cloud will break out beyond the private cloud and application deployment niches where it already dominates. And that’s a shame for anyone who agrees with Linus Torvalds that software, among other things, is better when it’s free.