Peter Sanders, VP Field Applications Engineering at Napatech, looks at the importance of zero packet loss to a successful IDS deployment - measured by its effects on intrusion alert generation and file extraction.
I was recently at the Red Hat Summit in San Francisco. This is the event that today has become synonym with open source solutions, one of the biggest trends to have driven the technology industry in the recent years.
WHAT IS OPEN SOURCE?
Open source is a movement towards more open collaboration of what you bring to the table. Open source doesn’t have to be restricted to software, today hardware designs are also open sourced. An example of this is the Facebook initiative ‘open compute’.
The philosophy behind open source is that anyone should be allowed to freely use, copy, study and change the software or hardware, and depending on the open source license, keep the changes to themselves or be obliged to publish the changes. The goal is that everybody who has an interest in the project, be it software or hardware, can collaborate to improve and innovate the project.
Licenses – GPL, Apache, BSD
Open source means free, but there is still a cost when it comes to licenses. Two types of open source licenses exist today – copyleft and non-copyleft.
Copyleft licences require the derivative works to be released under the same license and includes the software that is linked to the copyleft software. The most commonly used copyleft license is the GNU GPL (General Public License), that exists in 3 versions, but I will not go into the details on that. Here is a useful link for more information: https://www.gnu.org/licenses/.
The cost of copyleft license is that you cannot use any open source licenses with a copyleft license without having to expose your IP under the same copyleft license. The Linux kernel is a good example of an open source project that is licensed under a copyleft license, GPLv2. The Linux kernel is used in all android-based phones, which also means that the source code for the kernel changes, such as in a Samsung phone, must be published to anyone who has an interest in getting the code.
LGPL (Lesser General Public License) is a copyleft license that actually allows the proprietary code to link to a library that is copyleft, without it being a derivate work as long as the linking is done dynamically. LGPL is used in many user space libraries, which is why companies can make proprietary closed source applications, like on Linux, without needing to publish their work even though they use open source libraries.
Non-copyleft licenses are truly free and unlike the copyleft licenses, require derivative work to be published. The only requirement of a copyleft license is that the originator gets credited by publishing the license of the copyleft component being used. Today, smartphones and TVs use lots of non-copyleft open source projects and within your smartphone or TV there must be a list of all the open source licenses used. Some of the most commonly used non-copyleft licenses are Apache, MIT and BSD licenses. In fact, the Apple operating system used in iPhones and iMacs are based on the BSD Unix operating system, which is distributed using the BSD license. That’s why they can keep the changes to themselves.
HOW CAN A BUSINESS SURVIVE IF EVERYTHING IS FREE?
A question you hear often is that, if open source is meant to be free for all to take, use and distribute, how can one make money from it? Red Hat as a company have been successfully selling support licences. They create great products based on open source components and publish all their contributions upstream, but they also support what they create, which means that if you buy a license from Red Hat you have someone you can contact if something doesn’t work etc. You as a person/company can build exactly the same product as Red Hat, by downloading the same open source components, compiling, constructing and getting them to work. Whether all the work involved is worth it or not will depend on your own business model.
At the Red Hat Summit I came across an inspiring keynote made by Nathan Seidle, Founder & CEO at SparkFun. He tells a compelling story on building a business selling open source hardware and states that open source is good for humans because we have an innate nature to want to learn from each other. He also says that it is also good for the business because the company can focus on the business principles and how to differentiate on that. Another interesting thing in his keynote is how he thinks patents are a bad idea because you end up spending lots of money on something that might not even protect you the way you want and that money might be better spent on innovation.
OPEN SOURCE COLLABORATION AND OPEN INNOVATION
It is often said that we cannot wait for standards, instead the open source work is setting the standard. We see this in the case of NFV solutions where open source is setting the standard instead of the old way of working where you have a group of people writing the standard before the work is done. Having things open sourced means that potentially more people in your company will work on your project, and drive the innovation in directions you might not even have imagined. But the question is:
Are you ready to go open source or will you be left behind?