Demystifying Free and Open Source Landscape: Why the software matters and what’s at stake if the foundations crumble - An interview with PKP's Alec Smecher

Quote from interview: I do believe that the balance is tipped in favour of the Open Access movement. We’re not communicating science on tree bark or stone tablet. Copies are essentially free. That is not to say we can be complacent, only that the Principles of Open Science are better aligned with the nature of digital communication than the incumbent publishers protecting closed access.

DOI: https://doi.org/10.59350/jrxnk-x4264

We’re sitting down with Alec Smecher, PKP’s Associate Director for Development, who will help demystify some of the key tenets of the free and open source software landscape.

The use of PKP’s suite of free and open source software (FOSS), as well as the broader open access ecosystem, have often been described as an archipelago — a distributed yet interconnected constellation of journals, institutions, and communities. Each publishing initiative is like an island: locally grounded, self-governed, and responsive to its own context, while sharing common infrastructures, values, and a commitment to accessibility, interoperability, and Open Access as a global public good. This framing affirms both sovereignty and solidarity, allowing for local relevance alongside global collaboration. In practice, what do these ideas mean? We’re sitting down with Alec Smecher, PKP’s Associate Director for Development, who will help us demystify some of the key tenets of the free and open source software landscape.

An Interview with Alec Smecher, PKP’s Associate Director for Development

Here’s a chance to rehearse your elevator pitch: how would you explain what free and open source software is, and what sets it apart from the proprietary alternatives most people use every day without much thought?

Step 1 of a successful elevator pitch involving software licenses: Hit the emergency stop halfway between floors. It’s the only way to keep an audience. I promise I won’t dwell on this part but it’s important!

Free and Open Source means the freedom to see how software works, to change it, and to use it how and where we like, at no cost, with the specifics depending on which license is used. It is both “free as in beer” and “free as in speech”. Pretty much any computerized device you interact with has some amount of open source on it; even if you don’t know or care, you’re relying on a philosophy of community stewardship and openness that is philosophically akin to Open Access in scholarly communication or even — at the risk of being grandiose about it — the tenets of modern democracy (at least, how it’s supposed to work). With software being ubiquitous in everything we do, the way that software is owned, distributed, kept safe, and controlled is not a nerdy rabbit hole any more — it’s critically important to all of us.

By contrast, proprietary software is a black box, and your ability to use it, understand it, and to trust and rely on it are entirely dependent on the whim and longevity of the private interest that owns it. It’s often to that private interest’s benefit to control your use in ways that don’t serve you: microtransactions, obtrusive ads, crippleware, manufactured obsolescence, vendor lock-in, etc. Cory Doctorow coined the delightful term “enshittification” to capture much of this; his focus might be on technology but nothing about this is particular to modern tech. This was happening decades ago in the form of cable TV bundling and predatory time-shares, for example.

Anywhere there’s leverage over the consumer, there’s a predatory business model to abuse it. Open source takes away some of the control that permits all those annoyances (or worse) and transforms it into a community benefit.

(As shorthand, I’m going to talk a lot about commercial enterprise and business with regards to software — but I need to point out that universities are at the roots of free software and indeed much of software in general! Universities can and do maintain a tremendous amount of infrastructure that we all depend on — just as Simon Fraser University is the home of PKP.)

Thanks, Alec. I want to turn to a handful of key concepts that we talk a lot about when it comes to PKP software. I want to say, that I think these are all interdependent, but I want to try to frame each concept within the free and open source framework.

Let’s start with distributed (or decentralized). What does that mean in the context of free and open source software? How does this differ from conventional, centralized software development models? In other words, what does FOSS make possible and what does it help protect against?

There are two ways in which “distributed” might apply here, so let me start by distinguishing between them. The community maintaining FOSS can be said to be distributed, in that they might not all work for the same company or live in the same country, making the project less prone to a single point of failure or control; but apart from that, if the software runs independently on many computers around the world — as PKP software does, but also LibreOffice (FOSS), Microsoft Windows (proprietary), and WordPress (FOSS) — it’s a different beast than a typical “Software as a Service” deployment, where only one organization runs the software for all users (as with Github, Google Docs, Figma, Microsoft Teams, Uber, and countless others).

Both forms of “distributed” are important to digital freedom and I would argue that a healthy FOSS project includes both types, although there are many FOSS projects that lack the second, and likewise many proprietary projects that do not.

A healthy FOSS project is not just software. It’s a community that exceeds the boundaries of a single individual or organization. There is a quality of shared ownership, transparency and responsibility. There may or may not be a formal decision-making process or a clear leader, but there should be healthy debate over direction and critiquing of work.

If a schism emerges over something controversial, or the community doesn’t like the direction the project is going, or if a supporting organization folds, it’s always an option to “fork” the project — where part of the community splits off and establishes a new home for their work, taking the source code with them. My favourite examples of these forks are in response to threats from commercial interests: MariaDB emerging from MySQL when the latter was acquired by Oracle; OpenSearch emerging from ElasticSearch when the latter’s maintainer shifted to a more restrictive license. Another of these is affecting us right now; we use Mattermost (the software) for communication within our team and community, but since Mattermost (the company) has recently been imposing more artificial limits on the software to encourage paid accounts, we are looking at moving to a community-maintained fork. Because it’s open source, this is always an option.

To pick examples from the scholarly communication world, had Bepress been open source, forking would’ve been an option as a safeguard against its commercial acquisition and the subsequent turmoil. And as the Coko Foundation shuts down operations, it looks like some of its open source software may move to a new home.

And when we talk about being locally grounded, what about free and open source software enables localization and bibliodiversity? How do you see local contexts influencing how OJS and other PKP software are used, adapted, and sustained?

One of the superpowers you gain by choosing Open Source is the ability to customize the software. Obviously modifying code is not something many people should be expected to do, but if the project embraces that potential, it can mean the creation of an ecosystem that supports the sharing of adaptations to local needs using mechanisms like plugins. In our case, we have a Plugin Gallery where users can discover plugins that other have written, and those with the capabilities can write and release them to the community. Most beneficiaries of this toolset have no idea how to read code — as it should be — but it gives them the power to access community-owned adaptations.

But beyond the code, there are lots of other aspects that benefit from community contributions, like translations into local languages, community-maintained documentation, bug reports, and open conversations that help us to understand the best ways to steward the software for future releases. All of these are done in the collaborative spirit of Open Source in a way that would be tough for a proprietary software vendor to replicate.

As long as scholarly communication is dominated by Western institutions, particularly commercial ones, it will be hard to convince them of the equal importance of non-Western languages, subjects, modes of work, and communities of practice. PKP is based in Canada, and while our team is very international, it doesn’t need to be representative of our global community in order to serve its full diversity. We’ve seen communities spring up around Uzbek and Kiswahili translations; a massive Indonesian user community multiplying around Open Access mandates by their federal government; discussions of what it means to be Kurdish in a world where standard language classifications often expect to be associated with a specific country; interest and code contributions to support the Jalali calendar; support for scholars using mononyms in a world where scholarly citation formats typically expect Western-style personal names; and I’m sure there’s much more waiting to be discovered. Just counting and locating our user community is a whole research project unto itself!

The word sovereignty comes up a lot in discussions about open infrastructure. What does software sovereignty look like in practice — both within PKP and the wider open access publishing world? How is this different than in commercial models of software development and academic publishing? Why does it matter now, as infrastructures and platforms are being consolidated under a few powerful actors?

I’m glad that the issue of sovereignty has hit the mainstream, though as usual not in response to good news. Covid-19 gave us a closer look at the limits of our independence when supply chains failed and borders closed, and now Canada’s relationship with our biggest trading partner is being sorely tested. But digital sovereignty hasn’t received enough attention, even as it’s been eroded steadily over the last decades. The fabric of the Internet used to be anchored by strong international university IT (well, okay, also American military investment), but that has changed.

Unfortunately the lure of outsourcing and the very effective lobbying of American tech titans has taken what used to be a healthy ecosystem supporting the boring necessary things, and transformed them into private near-monopolies. Microsoft (Outlook) and Google (Gmail) all but own the global flow of email, and our universities, which used to be the bedrock of those services, have simply outsourced to them rather than figure out how to manage spam.

As library and university IT budgets have been gutted, more and more of what they used to do has been outsourced to fewer, larger commercial operations. As they’ve done that, institutional data has shifted to commercially owned servers in cloud environments — where it’s not even clear what country the data is in, and whose privacy and security laws it is subject to.

Again, there are clear parallels in scholarship. Consider the monopolization of scholarly outputs by commercial publishers, and subsequent subjection of that material to commercial pressures as it’s sold back to scholars with an enormous markup.

Since PKP’s software is generally self-hosted, i.e. a university library will put it on a server of their own in order to run an institutional publishing service, it’s sometimes felt like we’re swimming against the tide of outsourcing. (Of course there are commercial services that use our software and that’s been a part of its success — but it’s the library hosts that are closest to my heart.) We have fought against the erosion of the ability to run software independently in a million small ways — maintaining alternatives to Content Delivery Networks (CDNs), avoiding single-vendor integrations, choosing to use and support Open Source tools ourselves in our process — and it’s hard work but it’s been worthwhile for this moment when issues of sovereignty suddenly matter more clearly. The world is being reminded that there are hard limits to how much we can collectively pursue the convenience of outsourcing without harsh reminders of what we give away in the process.

Perhaps you’ve seen Canadian Prime Minister Mark Carney’s speech at Davos. More or less simultaneously, Cory Doctorow made a presentation titled “Post-American Internet” at the Chaos Communications Congress. Carney spoke about the importance of middle powers sharing the development of infrastructure; Doctorow explained what got us into our present predicament and how the current moment offers an opportunity. Neither mentioned PKP, of course, but they might as well have. This is exactly what our community has been working towards, diligently and without fanfare, for decades — both in the form of the software, and the Open Access scholarship they publish with it.

This also touches on ownership. In commercial software models, ownership often implies control, enclosure, and profit. In FOSS, we tend to talk instead about stewardship and collective responsibility. Why does ownership, or the lack of it, matter in software development, and what shifts when the emphasis moves from ownership to stewardship?

I mentioned above that I was going to talk a lot about companies and corporate ownership. So much of our current experience of technology is capitalistic and very Silicon Valley in flavour; sometimes it’s hard to see the difference between a technology and the form in which it’s presented to us. We assume that the natural state of software is commercial, and that FOSS is the aberration.

PKP might be best known for its software, particularly OJS, and it’s therefore tempting to see OJS as PKP’s “crown jewel”. Were we a private enterprise, a normal business model would have us control and limit access to that product as a way to extract capital, again centering the software as our purpose for existing. But if you refocus your attention on PKP’s goals, it’s the promotion and facilitation of Open Access publishing worldwide that’s important; the software is only a means to support that goal. I heard the phrase “Software as a Liability” (SaaL) recently and it rang true. The software is only valuable insofar as it supports our goals, but every line of code represents technical debt that requires care and feeding. As past managing director Brian Owen frequently quipped (quoting Neil Young), “rust never sleeps”. The software is not the important part, it’s the things it facilitates.

Focus on the community, and you’ll see the global rise of scholar-led, bibliodiverse, free-to-read science. Focus on the commercial model, and you’ll get stuck on the software and how to use it to extract profit from that community.

So, to come back to your elevator pitch, taking these three aspects together, what makes distributed, locally grounded sovereignty important for today’s scholarly publishing and wider information economy?

It is abundantly clear what happens in scholarly publishing when we sacrifice any of these aspects. Without distributed collaboration, it is too easy for structural weakness to invite co-option and monopolization, as we’ve seen with the serials crisis. Once a market is captured, the monopoly will fight hard to protect itself and inflict tremendous damage along the way. Without digital sovereignty, we give up the ability to steer our own course and are prey to outside pressures.

The remaining element, the importance of a distributed approach, is an underappreciated part of the story; this is what Mark Carney was referring to at Davos when he spoke about the need for middle powers to work together and share infrastructure. Middle powers like Canada cannot stand alone in their pursuit of locally-grounded sovereignty. What they can do is share and co-develop the open-source tools that permit them to do so. This is the rising tide that floats all boats.

What problems does free and open source software respond to? In other words, what is the status quo that FOSS pushes back against, and how did we arrive at this current moment of consolidation, diminished bibliodiversity, and extractive publishing economies dominated by a few oligopolies?

I love that this question mixes software language (FOSS) with scholarly communication language (bibliodiversity) indiscriminately. Stewart Brand’s rallying cry “Information wants to be free” applies equally to both.

It’s frustrating to see the Internet forget its early promises as freedoms are eroded and it comes to resemble a bookstore more than a library, but I see many ways in which efforts to control information are at a natural disadvantage. I hear about scholars using SciHub because it’s more convenient than navigating the institutional sign-ins required for the legitimate access they are entitled to. I’m endlessly amused by my e-reader’s insistence that I treat a borrowed e-book like a physical copy, to be returned within a limited time so someone else can “borrow” it. I’m frustrated by the tremendous efforts wasted on building paywalls.

I do believe that the balance is tipped in favour of the Open Access movement. We’re not communicating science on tree bark or stone tablet. Copies are essentially free. That is not to say we can be complacent, only that the Principles of Open Science are better aligned with the nature of digital communication than the incumbent publishers protecting closed access. I can only hope this will help to counteract the influence of all the money still flowing into closed publishing.

Coming from a software background and learning about scholarly communication “on the job”, I’ve found a lifelong home amongst academic librarians and the journal community, both of which I love deeply — but I’m sometimes disappointed by scholars’ reticence to learn from external parallels. It took too long for academia to recognize successful models for collaboration and open peer review in GitHub; it was slow to accept the lessons of toxic online discourse when adapting to more public models of communication; and it has been painfully slow to recognize non-Western (and even non-English-speaking) cultures and languages as critically important to global scientific discourse. In short, scholarly communication can be extremely conservative, and often in denial about it.

There are lessons that Open Access needs to learn from the outside world, and vice versa. To paraphrase and update Lawrence Lessig of twenty years ago, SciHub is Napster is DeCSS is the advent of the VCR. Journal bundling is cable TV bundling. AI slop is a papermill is a vanity press is a forged painting. All are aberrations in the flow of information caused by the pursuit of capital, and there is nothing new under the sun. We need to learn from the parallels.

When I try to make sense of software, I often reach for physical analogies, like my fondness for the “archipelago” metaphor. When thinking about software interoperability, for instance, I’m reminded of the “right to repair” movement: the idea that being able to open, modify, and build on our tools is essential for collective improvement and for resisting monopolization, privatization, and proprietary control. Does that analogy resonate with you? And could you speak more about why interoperability matters and what it enables in software?

Metaphors are my sometimes my only hope in trying to communicate about software! But you’re correct — the “right to repair” (which generally refers to physical devices) is so close a parallel to Open Source that the comparison is almost tautological. Again I need to refer to Cory Doctorow’s “Post-American Internet”, where he describes the roots of anti-circumvention measures that underlie our inability today to legally repair things we ostensibly own, whether it’s our smartphones (sealed with security screws and tamper detection), cars (locked into vendor-controlled parts and service ecosystems), or in the world of software, to continue to safely manage a computer that has been abandoned by its vendor.

(Shout-out to Free Geek Vancouver, a volunteer-led computer recycling facility that during its operations diverted many, many tons of e-waste from the landfill by using Linux to lend years of additional life to computers that had been declared prematurely obsolete, and by ethically recycling what couldn’t be reused — the very intersection of Open Source and Right to Repair.)

Infrastructure scholars Geoffrey Bowker and Susan Leigh Star once wrote that infrastructure is often invisible until it breaks down. Thinking about that idea, and the growing discourse around our current digital infrastructures, from data centres straining local energy grids to AI eviscerating jobs and the corrosion of privacy, do you think we’re at a moment where our digital infrastructure has become more visible than ever?

Digital infrastructure may be more visible than before, but it’s far from visible enough, I’m afraid! Software complexity is multiplying at a frightening rate. When I began writing OJS 21 years ago, we wrote our own code and depended very little on 3rd party packages. It was possible for a single developer to understand the whole application including dependencies, from top (web browser) to bottom (database and server platform), one side (submission and peer review) to the other (publication and distribution). The software industry has grown outward in every dimension, with entire new specialities like UX, accessibility, dev/ops that represent entire careers.

Meanwhile, it’s become much more common to incorporate hundreds or even thousands of 3rd-party components into a typical application, each with their own independent teams, maintenance cycles, and roadmaps. Your project might require a dozen external dependencies, and those might each require a dozen of their own, and so on. There is a high degree of community trust involved, as it’s not feasible to review these.

This has led to the rise of so-called “supply chain attacks”, where attackers look for weak links (either social or technical) in those dependencies in order to attack infrastructure that relies on them, such as (most famously) Heartbleed, XZ Utils backdoor, and Log4Shell.

Much in the way that peer review in science is a point of weakness — reviewers are underappreciated and overtaxed, and the peer review mechanism is not designed to detect academic fraud — maintainers of all that infrastructure are frequently taken for granted. They might be easy marks for innocent-looking contributions that contain subtly malicious code; they might be overwhelmed by external pressures and hand the reins over to a bad actor; or they might find themselves suddenly owning critical infrastructure without the support required to manage it according to its worth. This is absolutely an unsolved problem, and the ease of generating high volumes of good-enough-looking code is throwing fuel on the fire.

I’m gratified that the importance of supporting infrastructure has finally made it onto the agenda, but there is so much more work to be done! Personally, I think it’s time for an Open Source revolution in government IT.

Despite this visibility, it still feels like the underlying free and open source software infrastructure that supports Diamond Open Access doesn’t get the recognition it deserves. We often talk about infrastructures like transportation, health care, or the postal system as public goods. Do you think we’re moving closer to, or further away from, recognizing knowledge production and open infrastructure as public goods of similar societal value?

I do think we’re getting better at recognizing the societal value. I’m about to contradict myself with two opposing answers, so I’ll apologize in advance!

First, there are many, many ways of promoting, recognizing, and supporting shared infrastructure including Open Source software beyond the financial. We have many partners who contribute code to the project through grants they secure in service of their own needs — GDPR support from TIB in Germany, and multilingual and metadata improvements from TSV in Finland, to pick two recent examples of many. We also tackle projects for third parties when they overlap sufficiently with our community’s needs; we’ve achieved a tremendous amount thanks to the European Commission’s OSS ORE project, which will see open peer review, megajournal and continuous publication, a preprint workflow, typesetting, and so much more added to OJS for release in version 3.6 late this year. We have an incredible community of volunteer translators, plugin maintainers, sprint participants, etc. We simply could not achieve a fraction of the work we do without all of these forms of contribution. I’m blessed to be able to work with so many others on this “public good” without having to quantify any part of the exchange in dollars.

And now the contradictory (and very blunt) answer: tell me where you spend your dollars, and I will tell you what you support. It’s easy to love the idea of open infrastructure and open publishing in spirit, but when budgets are tight, to treat both as optional. I ascribe no blame in this; it’s a consequence of the effective pressure placed on e.g. collections budgets by commercial publishing. But if institutions want to see this dynamic change, they’re going to have to make brave decisions. The good news is that collective support for shared infrastructure should be cheaper than the equivalent commercial product!

FOSS can sound idyllic: free to use, community-governed, and adaptable. But decentralization also brings risks and responsibilities. What challenges come with this model, both technically and socially?

One of the biggest challenges we deal with lately is our team’s scalability. We are lucky to have a tremendously large community, publishing over 55,000 active journals using OJS all over the globe; while our team size has grown beyond the skeleton crew we started with, we certainly haven’t grown at the pace of our community. The maintenance needs of the software are significant and ongoing, and it’s a huge responsibility to do it well for such a large and diverse group. We hope to make significant investments in OMP in the coming year, but it’s difficult to carve out the time and budget to do this when OJS takes up so much of the oxygen in the room. The team accomplishes a huge amount for its size, but the demands for new features are bigger still, and we have to be careful not to grow the software out of coherence or beyond our ability to manage it. There is a lot of strategy in getting this right and we’re constantly trying to improve. Fortunately we have amazing people who care very much about their work.

Looking back, have the past 20 years unfolded in ways you could have predicted? I ask because I’m about to ask you about the next 20…

Twenty-one years ago I was a nerdy kid with a head full of his first trip to Europe, wondering whether to drop tech work entirely and become a journalist (having recently read too much Hunter S. Thompson). I started working with PKP by digitizing Archivaria (the journal of the Association of Canadian Archivists, which recently published its 100th issue!) for import into OJS 1.0. I was already aware of Open Source, but not Open Access, and could not have imagined that it would turn into a long career and passion; that I would see John Willinsky appointed to the Order of Canada for his work; or that I would have the privilege of shaking hands with similarly passionate partners in Nepal, Norway, Ghana, Vietnam, Germany, Brazil, Morocco, Spain, and just about everywhere else.

At the beginning, as John has often said, it was hard work to convince anyone to take a journal online. We can count that among the battles we definitively won. Others, I have to admit, have surprised me in their persistence. The benefits of Open Access are so evidently demonstrated, and yet so much of the world’s research is still locked up. I believe we can unlock the remaining half, but we need to have a hard look at the sources of that conservatism: tenure and promotion, unexamined pro-Western bias, commercial protectionism and simple inertia.

And finally, can you explain the Internet to me? What is it, where is it, and how does it get into my home?

I live in a hundred-year-old house on a dirt crawlspace. There are pipes down there, and I’m not sure what all of them are for, but the spiders are huge and I’ve learned not to touch anything I don’t intend to fix. Perhaps one of those is the Internet, or maybe this is a metaphor for maintaining mature software.