Let's talk about R&I

Jordi Cabot: "The sustainability of open-source software is at risk; its breakdown would be disastrous because we're surrounded by things that depend upon it"

ngels Codina Relat
ICREA research professor and leader of the SOM research group at the IN3

Jordi Cabot has a PhD in Computer Engineering from the Universitat Politcnica de Catalunya, and has worked as professor in the UOC's Faculty of Computer Science, Multimedia and Telecommunications, as a visiting researcher at the Polytechnic University of Milan (Italy) and the University of Toronto (Canada), and as an associate professor at the cole de Mines de Nantes (France), where he led an Inria Research team in Software Engineering. He was the only Spanish researcher to appear in a ranking of the top 20 consolidated software engineering researchers in a bibliometric study recently published by The Journal of Systems and Software.

Cabot joined the UOC as an ICREA research professor in 2015, and since then he has led the IN3's SOM (Systems, Software and Models) research group. His research focuses on software engineering and, in his own words, its main goal is "to help companies develop higher quality software faster". SOM's work is centred on the rigorous use of software models in all tasks relating to the development and maintenance of software. The group also applies this work to open-source software, and is particularly interested in the problem of the long-term sustainability of open-source software projects.

Software is often defined as “our society’s digital infrastructure”. Could you explain why that is?

Well, because everything we do and every device we own is based on software, whether it’s on your mobile phone or computer, or even in fridges or toasters, in other words, what we call the Internet of Things. The vast majority of the software we’re using depends, if not entirely, then at least to a large extent, on some component that was created following the principles of open-source software. Ultimately, everything we do and everything surrounding our society works, up to a point, thanks to there being, somewhere in that software, a component that has been developed following these principles and taking this collaborative and open approach.

And who develops this open-source software?

That’s the big issue. Open-source software is open and everyone can use it, which sounds pretty nice, and everyone can contribute to it. So, what’s the problem then? Very few people do contribute. Like everything that’s a communal asset, there are a lot of people who use it, but very few people who contribute to it. That applies to open-source software, to Wikipedia, and to any of these initiatives. Just so we get the picture, in the case of Wikipedia, for example, everyone uses it to learn new things, search for concepts, find information, and so on, but how many of us actually edit it? It’s reckoned that just 1% of people add content to it, and the same goes for open-source software. That’s why its sustainability is one of the great problems we have nowadays.

What might happen if open-source software fails?

It could be a disaster. There’s a very well-known example of this: Heartbleed. This was a software error in the OpenSSL cryptography library, which is open source, that allowed potential attackers to read a web server’s memory and retrieve sensitive private data from it. The tool was used in all servers, so through a domino effect, it had an impact on every website and system. It took at least five months to discover the error because, ultimately, there was only one person working there full time. The resources, therefore, weren’t sufficient, and just as there have been attacks like this, there may be others of different types. So, if there aren’t enough people helping monitor and maintain open-source software carefully, in cases like this, there could be a chain of events that could affect millions of products.

One of the research lines of the SOM group, which you lead, is how to ensure this software’s sustainability. What do you propose?

As we know that there are few human resources contributing to open-source software, what we’re trying to achieve is to optimize the community that does want to contribute. We’re doing this by trying to improve communication between them and detecting software areas that may need more attention. However, we have to accept that encouraging the software community isn’t enough because the underlying problem is that there aren’t enough people who want to contribute. As a result, the limit is set by the number of people who contribute. What can we do? Well, since we don’t have people, let’s use robots! Or bots, because ultimately they’re a software component. We bring “virtual people” to the project; these bots are able to automate many of the project’s repetitive tasks. So, our idea is to identify which parts of open-source software management and maintenance can be automated and we let people do the more creative tasks. Our job is to develop these bots, and to see how they can interact with people so that they’re accepted as members of the community. We also use artificial intelligence techniques so that these bots don’t remain so simple, to put it one way, and so that they can learn how the project works and progressively automate tasks of increasing complexity.

Are you currently working on any project in this area?

We’re working with a French company on a project to use bots in the area of citizen websites. In such case, we’re talking mainly about chatbots, that is, bots who can chat with the users. Our aim is to see how bots can help people access a website like the Barcelona City Council's, for instance, in order to pay a tax or search for information. A bot could browse the website and provide assistance to the citizens when doing these tasks, which are always more complicated than they seem because you have to fill in forms, follow a set of steps, etc; the chatbot could also be created automatically from the information that is already available on the website itself or in internal manuals. As always, the idea is to make it all quicker and more productive to do.

Open-source software began in 1983 as an idealist movement. In 2018, Microsoft bought GitHub, the main open-source platform worldwide, for 7.5 billion dollars. What has gone on between these two dates?

What open source means is that a company, an individual or a community makes a specific software’s actual lines of code available to people so that they can download it. After that, people can modify it as they please, commercialize it, etc., depending on its license. Microsoft itself is releasing the code of many of its products and is certainly contributing to developing third-party products. Basically, what it’s doing is releasing its products’ source code, which can be seen as a disinterested action allowing people to see how it’s done and adapt it. But it can also be seen as a purely economic decision. By releasing its products’ source code, Microsoft is making way for an ecosystem where developers will feel more interested in working on it and will maybe even help find mistakes that Microsoft hadn’t detected. It’s also a question of brand image. And in the end, one of the scarcest resources nowadays is good developers, and for companies it’s hard finding and hiring them. That’s why anything that gets the great developers to accept a job at Microsoft will really help the company, whose brand image has been really negative among the developer community.

In the field of open-source software, where do you think we’ll be in the next five years?

I think there’s no going back. People will increasingly demand that everything they buy is available in case they need to adapt it at any time or if the company behind the software goes out of business. It seems to me that software is invading our lives more and more – what we were saying earlier about the Internet of Things is a great example of this. Ultimately, every device in our homes has a more or less major software component. We’ll see increasingly more end users who, in some way, will want to be able to create, or more than create, adapt and develop software to really answer their individual needs. For years, people have been saying “software is eating the world”, and it’s becoming more and more true.

To finish, could you recommend any work – a film, a TV series, a novel, etc – that in some way tackles the themes covered by your research?

That’s difficult for my research in particular. For computing, I could recommend a series and a book. I should warn you now that as I spend all day thinking, in my time off, I look for series and books that aren’t too taxing, where I don’t have to think. The first book I’d recommend is the latest by Dan Brown, Origin. It’s very simple why: our beloved Barcelona Supercomputing Center plays an important part in it – I won’t say any more – and a well-known professor from the Universitat Politcnica de Catalunya appears in it. I find it curious that Barcelona and its computer scene play a key role in a worldwide number one. As for the series, I really liked Person of Interest. It's about computer engineers who create a computer able to predict possible violent acts in the future and then ends up becoming aware of itself. At the start, the series is very much a police procedural, but it ends up looking at whether we’ve given too much power to machines and it asks ethical questions and considers the fear that we might have of super-intelligence. It’s really worth watching.