Open Source Software: Why we use Open Source at Hybrid Heroes
What is open source software?
Open source software (OSS for short) is the software whose source code is freely accessible to anyone. The user has the right to use, study, change and distribute the software according to its license. The source code is shared openly and everyone is encouraged to contribute in order to improve the software. That is in contrary to proprietary software where the source code is strictly hidden.
Open source software development is a type of open collaboration to develop software in a collaborative and public manner by volunteer contributors who support the open source movement philosophy, and provide the software product to contributors and non-contributers alike.
The open source philosophy has advantages and positive influences in technology development such as:
-
Development of high quality products with low cost, which is easier for everyone to obtain and use, therefore providing more people with computer software and making technology more accessible by everyone.
-
It is open to be changed and improved by the users of the product which can contribute their improvements back to the product that they use.
-
Companies benefit from open source software for more efficient product development and smaller companies can benefit from it to compete in global market.
-
It facilitates innovation and development of new ideas.
-
Commercial success is not a factor in the quality of the product and the project is improved without monetary gain motivation.
-
More reliable than commercial software because of constant improvement by the community of the users and developers.
-
Transparency of the project code, developers and the history of project development.
Open Source software projects we use
Here at Hybrid Heroes we use several open-source tools and libraries in our daily workflows and for developing our apps.
As a base for our development we need an integrated development environment (IDE). We love to use Visual Studio Code for that, which is open source and is led by Microsoft. It comes with many top features and is a solid tool that helps us a lot while developing.
When it comes to the development we make use of a varity of different libraries and frameworks. For our Hybrid Apps we use the Ionic Framework and React Native as a base. Both are open-source and rely on other open-source technologies. React Native is based on the React Framework and was as well as React Native led and open-sourced by Facebook. The Ionic Framework works together with Angular which is also open source and is led by Google. As a native wrapper for our Ionic apps we use Cordova. Cordova was first created by Nitobi then bought by Adobe Systems and open sourced by Apache.
Apart from that we use different open source libraries that help us speed up our development. Whenever an open source project does not meet our custom needs we fork it (which means making a copy of it) and apply our custom changes to it. In this way we also contribute actively to open source as we make these forked projects publically available in our Hybrid Heroes GitHub repository.
Who else uses OSS?
Many companies use open source software in their daily workflows or as tools that help them develop new products. A good example for this is React Native which is also open source and was initially created by Facebook. Big companies like Tesla, Uber or Skype built their apps using React Native.
Open source software developement
Just as it is open to everyone to collaborate on an open source project, it is possible for everyone to initiate one as well. From an individual developer who writes a small library for their project and publishes it as open source for everyone to use, to big companies like Google, Microsoft and Facebook who make their internal softwares open source or develop an open source project from scratch. Aside from contributing to open source community, publishing an open source project unfolds the possibility to benefit from the community of developers or companies who will contribute to improve the project, either out of interest in the project or as the users of the project who want to have a better product to use. Examples of such products are Kubernetes, the system that is used for deployment of many Google products and powers Google Cloud platform, React and React native which are developed and used by Facebook and also published as open source project.
Open source software like any other software is developed either as a computer program for users or as a framework or library that is used by developers in other software. What open source and proprietary software have in common is that they are designed to accomplish specific tasks. The difference is in the motivation in initiation of them. Commercial software is developed with monetary gain in mind whereas open source software doesn't primarily start with commercial success as a goal but to support the idea and concept of open source and open collaboration. Some open source projects also have started as part of another project to solve a specific task and have been published separately as open source software later.
They also differ with proprietary software in that they don't follow the commercial plans of a company such as development and release timelines or marketing for target users. An open source software is flexible in what features it provides. If the users of the project want a new feature they can open a discussion about it which is called a "Feature Request" and if the requested feature conforms with the concept and the goal of the project it is approved to be added to the project in a specific milestone or a version of the project.
Aside from features, since no software is perfect, open source softwares with active communities are being improved constantly to fix the issues and bugs in the project. These issues are also reported mostly by the users and developers of the project and every project provides a system for documenting and keeping track of such issues which is called "Issue Tracker". The workflow is that the issue is reported by the community, it is reviewed by other members of the community and if verified, it is categorized and prioritized to be fixed in a specific timeline. Developers who want to contribute to the project, look for open issues to find what they can help with and after cooridinating with other memebers they start working on an issue to solve it. The contribution has it's own specific workflows which is most of the times documented in the project as "Contribution Guidelines" which basically says how developers can go about writing new code for the project.
When a developer fixes an issue or develops a required feature and they believe their code is ready to be included in the project they can make a request for committing their code to the project. The process of adding new code to the project is also specified in the contribution guidelines but the general process is that the developer provides their code in a request and describe what changes they have done and what is the purpose of the new code. The next step is "Code Review" which means the request and the code will be reviewed by other members to verify the correctness and quality of the code and provide feedback about it to the original developer. Normally there will be few iterations of updating the code based on the feedback from other developers until the code is in a state that other developers don't see any issue in it and it is ready to be committed to the project.
Aside from reviewing every new change, it is also tested in an automated and if needed also manual testing workflow to make sure that the new code achieves what it is written for and also it doesn't break the functionality of other parts of the software.
When both reviews and tests are passed the code is merged into the project and will be shipped with the software in a future release.
The process explained above is to make sure that the quality of the software doesn't decline through the development of the project. It means although everybody is welcome and encouraged to contribute, not every code is accepted to be included in the project.
With the new features and fixes that are added to the project the project memebers decide about next releases and new versions of the software. The releasing of the software also doesn't happen in one step to the end user. Typically there is few pre-release versions provided before the main release of the new version. The pre-release versions are used by developers and users who want to utilize the newest features of a software. These early adoptions of the product provides lots of feedback about the new version before it is released to the main, bigger group users and helps project maintainers to fix such issues in few iterations of pre-release versions.
OSS and security
Regarding security open source is often accused to be less secure than closed software as potentially everybody could contribute to the software. But as outlined before there is a strict process in most open source projects when it comes to integrating code changes. So it is highly unlikely that code changes that contain any security risks get integrated in the source code.
Also the open and collaborative approach can be seen as a chance as anyone is allowed to fix broken code. In contrary to closed software where this can only be done by the vendor. Apart from that in open source communities are more people testing and thus fixing the code.
Through that open source has progressively increased its security and is falsly accused of being less safe than closed software.
Rather it can be seen as more safe as the code is accessible and therefore it's also easier to spot and eliminate vulnerabilities.
But still it cannot be over-simplified as it highly depends on the project. As mentioned most of the open source projects follow a strict guideline when it comes to code integrations from outside developers. But there are also projects that don't. That's why it is important to inspect an open-source project precisely before integrating it into a project. And the good thing is that inspecting these projects is easy as all the information is available and checked by the open source community.