Introduction to Open Source Software
Rob Moffat - FINOS
Note: there is some overlap of content here with Introduction to Open Source Readiness
Hi Everyone!
Thanks for having me today to talk about the FINOS, and open source, and how this applies to finance.
So - I’ll give you a quick history of who I am, and then later in the presentation, I’ll talk to what FINOS is, the organisation I work for. And, I’ll talk about the Linux Foundation, who some of you may be aware of.
So my job here at FINOS is a technical architect and one of the projects or “strategic initiatives” I run at FINOS - is Open Source Readiness, and this is really about getting financial organisations to engage more with open source.
So today, I’m going to talk about open source and why I’m into it. I’ll talk about the finance industry, and why it’s getting into Open Source, and then I’ll talk about FINOS and the Linux Foundation, and how it’s trying to help with all of that.
But let’s try and hear from you first.
How many people here know what open source software is? I want you to look around the room as we answer these questions - see how many people answer yes to each one.
How many people here have used open source software? Maybe written programs in languages that have open source implementations like Python? JavaScript, Perl, Java?
How many people have raised issues, or contributed to open source projects? Maybe you’ve found a bug in a piece of open source software, and told the developers about it?
And How many people have their own open source projects on GitHub or GitLab or somewhere?
How many people have heard of GitHub, and know what that is?
So, what is open source? For now, let’s just think of it as software. Just code that gets written.
But unlike most code, like say, Microsoft Word or Windows, you are free to pass it from one person to another. There’s no such thing as piracy. Copying is allowed.
You can read the source code, and see how it works.
You can change it, what they call “derivative works”
You can use it for whatever you want. Controlling a drone. Flying a jet. Doing your finances. Whatever.
And… it has a license that allows you to do all of this. That is, you’re legally entitled to do this without restrictions.
Now, what might surprise some of you is quite how pervasive open source software actually is.
Let’s look at some now.
So, let’s talk about some early pieces of open source software that are still shaping the world we live in. So, Linux is one of the oldest pieces of open-source software. It was started in 1991, but really got going in the late 90’s and 00’s. Linux takes a lot of code from the GNU project, which started in the 80’s, and was mainly an academic endeavour, as there weren’t many other people on the internet. This is an operating system, so it provides services to other programs to run, like file management, handling displays and keyboards and so on.
Now you might not think you’re familiar with Linux, but both Android and iOS (Apples iPhone operating system) both use a lot of code from this open-source route.
Next to that, I’ve got the Apache feather and the Nginx logo, which between them host about 60-70% of all the traffic on the internet. They are web servers, so when you ask for a web page, the chances are it’ll be Apache or NGinX serving the page. Apache dates from 1995.
Down on the bottom right, I have the wordpress logo, which a lot of people will be familiar with. Wordpress serves about 30% or so of all web pages, so it’s also huge, and, Open Source. It dates back to 2003, originally.
Often, people will run their Wordpress blog on an Apache server, on a Linux Operating System.
So, that’s often known as a LAMP stack. So Linux, Apache, we know. MySQL is a database - so all your wordpress posts get stored in there. And PHP, Pearl, Python, they’re open-source programming languages - some of the biggest. And Wordpress is written in PHP.
All of this is Open Source… except perhaps for MySQL, which was Open Source, but is now owned by Oracle. But here’s the thing: once Oracle (somehow) managed to acquire MySQL, the original open-source MySQL became MariaDB.
So now, no-one really uses MySQL, because Oracle want to charge money for it, and because most of the improvements are being done in MariaDB. So the LAMP stack is now really Linux, Apache, MariaDB, Php.
And this brings us to a really interesting question: did these Open Source projects get so popular because they were good, or because they were Open Source?
We’ll touch on that as we go. But for now, the takeaway is that Open Source is a big deal - a much bigger deal than a lot of commercial software.
Now often, to be successful, it looks like you have to Open Source your software.
Now, why is that? Why are you more likely to be successful if your software is open source?
So, let’s just think about that from a bank’s perspective for a moment.
If they uses an open source database, no one can come along and try and ask for money for it.
Also, (and this is really a problem with Oracle as I mentioned on the last slide), let’s say you were paying for a database. Maybe it costs £100 a year. The vendor of that database could come along and say, next year, it’ll cost you £1000 or £10,000.
Now, if you’ve got lots of code working that uses that database, it might be really expensive to move away from it. And so, you might just end up paying the £10,000.
This is called vendor lock-in.
And vendors love it.
But, customers, not so much.
So hopefully, you can begin to see why large financial organisations are into open source.
And according to the Synopsis OSSRA report from this year, 96% of all codebases contain some open source software.
And 76% of all code is open source.
So, open source is a big deal.
So, how many people have heard of Kubernetes?
I am going to talk about this twice today. First, let’s look at it from a bank’s perspective.
So, Kubernetes is really a whole open source ecosystem - that is, a whole universe of tools, services, products, training, documentation, and so on that is used to build modern cloud computing platforms.
Now to begin with, the whole idea of cloud computing was invented by Amazon, with AWS - Amazon Web Services. AWS is huge. But, AWS is like Oracle - it’s a vendor product.
And, we’ve already discussed why that might be a problem for customers like banks.
But Kubernetes is open source.
If I build all my cloud services on top of Kubernetes, I’m avoiding that whole vendor lock-in problem we talked about.
And, I think it’s probably hard to overstate the importance of this. Companies like banks are using masses and masses of cloud services.
Look, I have no idea whether this graph is correct or not.
But it sounds about right. $600b dollars of cloud computing in 2023. And it’s constantly increasing.
How many billions of that is the finance industry? Probably quite a few.
So, from the perspective of a Deutsche Bank, or an HSBC or whoever, this needs to run on open source software like Kubernetes.
Which, by the way is a project maintained by the Linux Foundation.
So, at this point I’ve really been talking a lot about organisations using (or consuming) open source.
But really, the rest of this talk is going to be about that second part - contributing to open source. And this is where FINOS comes in, and the Linux Foundation and it’s my part of the story and why I’m at FINOS.
The first job I had in banking was with Deutsche Bank, back in early 2000’s. I then worked for several years at RBS - in credit and market risk. I took a few years out of banking when my children were really young and then came back and worked at Credit Suisse as a contractor for a few years.
While I was there I was working on Back Testing, which is kind of a way of checking that your risk methodology works.
As a part of that, I got involved in an open source project called Concordion, which was a tool for building tests and I was able to extend this to use for Back Testing risk models.
So, that is: I took an open source tool.
I saw that it was nearly what I needed, but not quite.
So then, since I’m a coder, I wrote some code to extend it to do the extra stuff I wanted it to do, and I contributed that back.
But I had to write this in my own time, outside of the bank and then during my day job, consume the software within the bank. So credit suisse was getting a good deal here.
After I worked there I was pretty burnt out of risk and so I took a job at HSBC helping to build bots on this new fangled chat platform called Symphony, and it was at a Symphony meetup that I first met Gab and Mao from FINOS.
I built some nice chat bots at HSBC and a Symphony App where you could search for and read HSBC research.
But after that, I went back to Deutsche Bank again because they were rolling out Symphony and wanted me to head up their Bot practice.
And what I found was, a lot of the code I’d written for HSBC I ended up writing again at DB!
But this time, I worked with the DB staff and was able to Open Source that code so that other people could benefit from it. And that code now exists as a FINOS project called…
Spring Bot.
Shortly after that, my job at DB was relocated to India, so along with a bunch of other Symphony experts, I was let go. Which was cool because I’d been planning to take a sabbatical anyway.
But Open Source doesn’t sleep, so even on my sabbatical I carried on attending FINOS meetings on Spring Bot, along with the staff from DB.
Now the interesting thing is: Spring Bot is still going, We’ve had lots of improvements. It now supports bots across Symphony and Microsoft Teams. The same bots work in both places.
Also, Symphony themselves have stepped up their game and open sourced lots of new bot libraries to FINOS too.
And the Symphony team are now starting to collaborate with FINOS and DB on Spring Bot.
None of this would have happened if this was a DB-internal project. It would probably be abandoned by now.
So, although Spring Bot is super niche, it has benefitted from being Open Source.
And, DB have benefitted from open sourcing it.
The second example I want to quickly cover is Risk-First. So this image is from my website, riskfirst.org. The idea of Risk-First is to be a catalog of the different risks you could face managing a software project. And, it goes into detail discussing each of them.
The reason I wrote this was because I felt that a lot of software development is blindly following processes, but really, it should try to tailor those processes to the types of risks that it faces along the way: staff risks, complexity risks, dependency risks, even Legal risks, if you’re Facebook.
Now the reason I wanted to show you this is to try and give you a bit of a feel for where open source happens. At FINOS, and for me personally, nearly everything we do is on GitHub.
So, this is the risk-first website repo, on github.
So, “repo” is short for Repository, and a repository is basically, a project full of files.
And, each page of the website is a file in my repo…
Why is it called GitHub?
So GitHub gets its name from Git, which is basically a version control system, There is no good reason for it being called git. It’s handy that it’s a short name, because we end up typing it a lot.
Git was designed and built by Linus Torvalds, the inventor of linux. He invented it because he wasn’t happy with the other version control tools for open source projects.
And, it really caught on.
So, this is why we have
GitHub.
Which is now owned by Microsoft and is the world’s largest repository of open-source code and a thriving community of developers.
So as I said before, each file in my Risk First repo is a page on my website.
Here’s one of them, called “A Pattern Language”.
Now, if I want, I can press the “Edit” button, and Github will allow me to edit that page.
Now this is written in a language called “MarkDown”. As opposed to “Markup” like HTML is. See what they did there? The idea of markdown is that it still looks OK even when you’re just viewing it as text, but, it can be made to look really nice when you view it as a webpage.
So, I can have headings, and bullets, and quotes, and sub-headings - and, all the formatting is simply done just with text. If a line begins with a hash, it’s a heading. If it starts with a dash, it’s a bullet. Quotes begin with a chevron.
How many people here know markdown? This is a crucial format to know for writing documentation for open source projects. Yes, it’s open source. You should learn it if you don’t already.
And, when you save it, on Github the Markdown it looks like this.
But, Github also has a feature called Jekyll, which is a Open-Source (obviously) static website generator. After I make an edit on Github, it recreates the webpages in my website, on riskfirst.org
It looks something like this.
And obviously, Markdown is open source and Jekyll is open source, and people write extensions for them too. Github is hosting this page for me, and the domain is riskfirst.org, but I don’t have to worry about running a webserver, or paying for a server somewhere.
But one last thing I can do is take all those markdown files, run them through another open source tool called pandoc, which produced a PDF. I was then able to upload that onto KDP, and have a book to sell.
Now, I’m not going to give JK Rowling any sleepless nights, but this is a nice thing to have, and people do buy this - sometimes. I’m glad I did it.
The point is, without open-source software, I would be nowhere. I couldn’t have done any of this stuff - least of all publish a book!
Because my writing is open-source, more people have access to these ideas. The work, to a certain extent, advertises itself to people who are interested in this topic. It can be found with search engines. People can read it and see if they like it first. I was never going to sell millions of copies, and maybe, by publishing the whole thing open-source, I am limiting sales. But actually, selling books isn’t that good a way to make money anyway, so let’s move on and talk about Open Source in the workplace.
So, let’s just recap.
We’ve got GitHub, which is commercial software. It’s using Git, which is open source and written in C. It’s using markdown which is open source. It serves websites using Jekyll (which is open source) and GitHub and Jekyll are written in Ruby, which is open source.
Meanwhile, Pandoc, which I used to create the book is open source, and it’s written in Haskell, which is open source.
The point I’m getting to here is that one of the key advantages of open source is its composability. It’s like lego: you can keep building bigger and bigger things out of the building blocks.
GitHub is the odd one out on this page - it’s not open source. You can’t take the GitHub code and just use it to build something else.
All the other stuff, you can.
Now, bringing this back to banking. There are a lot of developers working in finance - we’ll see a slide on this in a bit. They can all build stuff with these legos.
Just think how difficult it would be if for every component used in say, Goldman Sachs, if they had to secure a license and payment for it. Do you have any idea yet if the bureaucracy that is involved in buying something at a big firm? There would be purchase orders and approvals and vetting suppliers and due diligence and invitations to tender… it’s a lot.
With open source, you don’t have to worry about any of that. You just build with the lego.
And, another of the key benefits of open source is, it gets better when people build on top of it. Just like my Concordion example earlier, people want to take time to fix bugs in these things because it helps them.
And it helps everyone else too.
So, if a bank open sourced more of its code - would people on the internet fix the bugs in it for them?
This is Deutsche Bank’s GitHub page. So, you can see here a number of projects that DB contributes to. There’s open banking, Spring Bot, as we talked about, Waltz, which is a software inventory tool, plexus interop which is a desktop interoperability platform…
Now if you look closely, it says “Forked from FInos…” for each of those, which means, these are projects where the main version of it exists in FINOS’ organisation, rather than DB, who have a copy. And the maven one - Maven is a Java build tool and that’s run by the Apache software foundation who remember from earlier create the Apache Web Server. They have lots of other open source projects too, including this one.
So, DB are starting to open source their projects, and contribute fixes into other projects.
An obvious question now, is, why would they contribute their own projects into FINOS?
So, let’s look at what FINOS and other software foundations do.
I work for FINOS, the FinTech open source foundation. This is our goal.
So, this is important. The FINOS foundation is independent. This is key. If DB or another bank wants other organisations to collaborate and contribute to their projects, then, those companies need to know that they’re equal partners with DB!
It’s important that HSBC or whoever is on an equal footing - so having the projects hosted by FINOS is preferable to DB.
And actually this avoids legal problems too, like Anti-Trust laws.
And.. yeah it’s not feenowz. Unless you live in San Francisco maybe.
I stole these slides from the FINOS marketing deck! Can you tell?
And this slide shows the different members of FINOS. You can play where’s wally with the DB. Platinum, Gold, Silver have different levels of benefits and pay different amounts.
And, we have lots of projects! You saw some of the ones DB is involved with already. I’m not going to go into the others, but you can check them out on GitHub and you can get involved and contribute code or documentation.
Rather than talk about those projects today, I want to focus on that “overarching” goal of FINOS, which is to accelerate open source collaboration in the industry.
So, let’s think about what “good” looks like.
Let’s think about Google for a minute.
So, Google really goes in hard on open source and uses it successfully. When they realised that apple was way ahead with the iPhone, but they wanted a piece of the mobile market, they came up with Android - an open source mobile operating system.
Same for Chrome - there were various browsers like Mozilla and Internet Explorer which had good market share. But Chrome came along and was mostly open source, and is now super popular.
Then Google realised Amazon was getting ahead with AWS, and they wanted to be a cloud computing provider. They couldn’t compete with AWS’ closed ecosystem so they created an open one around Kubernetes, and given all the stories Mao has been telling me about KubeCon in Amsterdam last week, that seems to be working out really well for them.
Google gets open source.
So you might ask - what’s stopping a bank being like Google? What’s stopping any of the other big banking firms from building the next amazing open source banking software?
Banks have a lot of rules to follow.
And these rules exist because governments want to protect their citizens private data, and keep the banking system stable.
So, banks are necessarily therefore, secretive organisations.
They have lots of very confidential, personal information and so these rules are there to provide every protection for that.
By the way, another example of this is generally speaking, social media sites are all blocked by firewalls in banks. Again, this is to stop staff wasting time on Insta all day long but that’s kind of a happy accident - the main reason is to stop people accidentally or deliberately copy-pasting private data onto the internet,
GitHub might not be people’s first example of a social media site, but it kind of is. It’s a community where people follow each other, exchange messages, you have stars instead of likes, but it’s close enough that this is blocked too, or made read-only.
So, as well as banks inventing their own rules, they also are regulated industries. So they have lots of rules to follow from governments. And they get big fines if they don’t obey them.
One law is that all electronic communications must be recorded for auditing for five years. This means, banks have certain systems (like Symphony chat) which they approve for communications because they are able to keep the 5-year record.
But this rules out a lot of ways of engaging with open source projects - like GitHub, Slack, Google Docs and so on, The way compliance has been implemented prevents open source happening.
So probably a lot of people heard about the fines in 2022 that many firms got for not following those rules. This is actually an excerpt from the Open Source Readiness site where we have been documenting all of the different compliance rules that might apply to open source.
And I’ll show that in a bit.
There are so many rules and regulations that banks have to follow. I worked in RIsk for many years and there were always new regulations coming out to follow. Just complying with these rules is hard work - vast numbers of staff are involved in making sure they avoid getting fines like these.
And when you have so many people in the organisation figuring out how to stop other people from doing things, you end up with a very “closed” culture, one which avoids risk.
Culture is hard to pin down- it’s kind of the unwritten rules and ways of behaving. And it changes slowly, usually.
I think it’s fair to say that even though banks do a bit of open source, they don’t have an “open source culture”, unlike say…
I was trying to get an idea of whether there were more people working in big tech or finance this morning, so I tried googling it, and then I tried using Wolfram Alpha and in the end I gave up and asked Chat GPT.
So here’s today’s obligatory reference to Chat GPT in a presentation. This is its idea of how many employees work for various finance organisations.
It had no idea of how many of them work as software engineers. I am guessing that for each of these it’s at least in the region of tens of thousands.
… and here’s the same thing for big tech. Again, at somewhere like Amazon, a lot of people are going to be in operations. But I think this is similar?
Apparently, the contribution of big tech to GDP is about 8%, and for finance it’s 21%. So I guess my point is that there are not finance firms that are even trying to be strategic about open source in the same way as Google, or Netflix, Amazon or Facebook for that matter.
One final point on this is, Apple have just announced a new savings account with something like 4% interest. They’ve partnered with Goldman Sachs to do this. Now, Apple could run a savings account, but they don’t want to!
They don’t want all these rules and compliance. And they want to keep their culture of being a bunch of west coast hippies or whatever. Not risk-averse secretive bankers. I think.
So, the goal of OSR, and one of the goals of FINOS and one of my goals is - how can we fix that problem? How can we unlock the innovation potential of finance organisations and allow them to to go from benefiting from open source in the tiny way that DB did with me to benefitting from doing open source in the same way as Google with all these blockbuster projects.
So, I’m not going to dive into all the ins-and-outs of this project today, I just want to draw your attention to a few things we’re doing.
First, we’re building the Body of Knowledge. This is a repository produced by all the FINOS members which says how banks should engage with open source. How they can get the most from it, how they can contribute.
Go check that out!
There’s new stuff turning up there all the time.
We’re working with the people at DB and all the other institutions to make these best practices a reality across the industry.
We are building a developer training course. If you’re a developer, you can take this course and learn how best to engage with open source in your organisation.
We’re working with folks at financial institutions to build this out. You’ll see this soon on our website, it’ll be a free course - anyone can take it.
We are building a certification. Do you know how to do open source properly? Do you know how to be a contributor, a maintainer, how to consume dependencies properly? How to behave ethically and considerately in an open source community?
This is the exam.
Take the exam, display your badge on LinkedIn or whatever social you use.
We’re hoping this catches on and people across the industry start taking this.
If you’re interested in doing either of those - hit this link, fill in the form and I’ll set you up.
Any questions?
Made with Keynote Extractor.