It’s amazing how much of the technology we use every day is dependent on open source software. Developers are continually drawing on free code repositories that have been shared by friendly developers. With them so freely available, it’s no wonder that these open source libraries can be found in all kinds of software the world over, including in technologies that are essential to how we live our lives.
However, these bits of open source code are often not maintained, not updated, and can lead to security risks such as the OpenSSL vulnerability Heartbleed, which threatened the security of people using the internet. Even if they have been updated, how do you know where those updated libraries are, or which versions you should be using in your own projects?
Bath-based developer Andrew Nesbitt (pictured left) has been wrestling with this problem since 2014. To help combat it he created Libraries.io which now monitors over 2 million open source libraries across 33 different packet managers. This service helps to ensure developers are using the latest version of the code, as well as showing where those libraries are being used already and in what software projects.
Now, he’s been joined by Ben Nickolls (pictured above, in main picture), another Bath-based developer keen to highlight free and open source projects that are essential, and yet under-supported. To find out more about how the service works and how people can get involved with such a worthy project, we caught up with Ben at The Guild co-working hub to ask him a few questions:
TS: What is Libraries.IO?
Ben Nickolls: In short, Libraries.io (as a project) aims to improve the quality of software. All software. Open source software has been welded into a huge variety of technologies that are fundamental to our modern lives. It’s time to make sure those crucial building blocks are properly cared for.
“We want to create tools that help people make informed decisions about what software they use in projects”
We have three aims: to improve search and recommendation engines. To create tools that help people make informed decisions about what software they use in projects. And to highlight free and open source projects that are essential, and yet under-supported.
By understanding the relationships between software we can very quickly provide a recommendation for a piece of software –lets say a Redis client for Ruby– by knowing that the recommendation at the top is the one most frequently listed as a dependency in other projects. It’s one of three core approaches that we’re taking to try to improve all software.
TS: How does Libraries.IO work?
BN: Libraries.io harnesses the same techniques Google uses to index the internet, but applies them to software. Andrew substituted a network graph of websites and pages connected by hyperlinks, for one with software projects and links representing the use of code within another project as a dependency.
TS: What will you be bringing to Libraries.io in the new role?
BN: The easiest thing to say is that I will be doing everything that Andrew doesn’t, including finding funding. Which is to say that I won’t be spending 100% of my time developing libraries.io — though I might sneak a cheeky commit in there every now and again.
TS: How is Libraries.IO funded?
BN: We’re currently under what is know as ‘fiscal sponsorship’ of Brave New Software, which means they actually hold and disperse of the grants that we have received. We’re currently funded by the Alfred P. Sloan Foundation and the Ford Foundation, both of whom were born of the motor industry in the US. With them on board we have funding until 1st January 2018 so we’ll be looking for further support in 2017.
TS: You are concerned about the future of open source, what is it that concerns you and how can it be addressed?
BN: I’ve spent most of professional life working in or very close to open source. In my professional life it all began with Osmosoft and Jeremy Ruston at BT. I then fell into developing mobile applications using web standards and tools like PhoneGap, around the same time as Node.js was released. Having left software development for 2-3 years while I did other things at BT I suddenly found that I could get so far with these technologies that I could start my own company. So I did.
And herein is the issue.
I — like many other developers these days — gain so much from open source. There’s a reason why seed funds exist today when they could not in the late 90s. All that value instilled in freely available tools and technologies enables them to stand on the shoulders of those who built them. But while it’s fair to say that free and open source software has ‘won’ — whatever than might mean — I suspect its success could also be its downfall.
“Developers today just don’t contribute enough back to the foundational projects that underpin thousands of other”
I don’t think people today contribute enough back to the foundational projects that underpin thousands of others: our core, digital infrastructure. These projects are often supported by individuals or small groups on the basis of some moral obligation. I think this could be catastrophic for open source. I think we need so to make open source as egalitarian as it was back in ‘the day’. We also need to tackle the cultural aversion to money in open source, at least when it pertains to work these types of projects.
TS: How can people get involved with Libraries.io?
Contribute! Libraries has a long list of package managers that it doesn’t yet support. We also need users to tell us what they think of the site and whether there are any issues. With only two full-time staff we can’t do everything, but we’re looking at ways to reward those who are contributing from the community. We’re also redeveloping our documentation to encourage contributors of all ages and skills
TS: Is it easy to get involved with the open source movement in the West of England? How can people do this?
BN: When I first moved here I was told Bath was the ‘graveyard of ambition’, a common cliché touted by those who have gone belly up in the sun. I was amazed at just how open a community there is, both here and ‘abroad’ in Bristol *waves*. This area almost immediately felt like a place I could fall into very easily from a techie POV. Bath:Hacked, Bath Ruby, The Engine Shed/Set Squared lot, all great people, and some amazing companies too. But now I’m sounding like a Trumpain demagogue so I will stop myself and say, come say hi.
Many thanks to Ben for taking the time to answer our questions. You can see more at the Libraries.IO website and get in contact via firstname.lastname@example.org , you can also follow them on Twitter here: @librariesio And while you are about it, why not give us a follow too! @TechSPARKuk