nanomanpro - Fotolia

What we can learn from Facebook’s software developers

Open source is not just about free code. It also offers a way to collaborate and share best practices

Facebook recently contributed a key operating system (OS) diagnostics tool to the GitHub open source repository. The process it took to make this code open source provides an insight into how other organisations can contribute and gain value from the open source community.

In this community, source code is collected and maintained in repositories such as GitHub.

The repository holds requests for changes and provides version control and the ability for people to see the source code, comment on it, or even modify it.

A governance structure provides a kind of peer review, which controls how these modifications or requests for new features are incorporated into the main code base or are maintained as branches to the main development stem.

It’s a proven model, which can also be applied internally in organisations to enable different software development teams in a company to coordinate and share ideas across the business, breaking down silos and helping to foster skills and improve code quality.

Making code open source at Facebook

The global internet giants are big supporters of open source and at the GitHub satellite event in Amsterdam in May 2016, Facebook released its osquery tool as open source.

The tool exposes an OS’s internal workings as structured query language (SQL), which allows administrators to run queries that are able to determine how well it’s running.

Read more about Facebook

  • Consumers in Europe increasingly consider companies such as Facebook and Google as potential financial services provider.
  • Facebook CEO Mark Zuckerberg wants consumers to think of businesses as their friend. Sounds like a stretch? With the company’s new “chatbots”, it could soon be a reality.

Osquery is used internally throughout Facebook. “You can run a query to find out the full list of processes running,” said Facebook developer Javier Marcos. “The fact that osquery is open source means there is now a cool security community and companies have created businesses around it.”

According to Facebook developer Marjori Pomarole, it was always the company’s intention to make osquery open source: “This meant we had to make the code scalable to work on other platforms, not just Facebook.”

She said the code also had to be engineered in a way that made it easy for other developers in the open source community to get involved.

“The code had to be clean enough that people would not have a high barrier of entry if they want to tweak osquery for their own use, or they find an issue with the code which they would like to fix themselves,” said Pomarole.

Given that the tool allows people to find OS vulnerabilities, Pomarole said Facebook needed to discuss with those people contributing to the project, issues such as which information they would be happy to share publicly.

“This is the opposite to a lot of the open source projects we see on GitHub,” Pomarole added.

Sharing improves quality

Open source projects improve the knowledge of everyone in the industry. “It’s fun to share code and have someone talk to you about it,” said Facebook’s Marcos.

Facebook’s philosophy is to make its code open source. Pomarole said: “As soon as something has been developed, I see a lot of excitement on how we can make it open source.”

However, these moves are not purely altruistic. Pomarole said: “Open source development stops people going into silos and creating software to help solve problems everyone is facing. The more sharing that exists the more you improve security and knowledge.”

Her own experience is that open source helps developers learn. “Having someone read your code and point out improvements is much better than reading wikis.”

She added it’s a huge advantage for new developers to have their code available in the public domain on communities such as GitHub.

Many companies ask for a certain level of experience when recruiting developers. “If you are someone who is just starting out, you may have done a few internships but you may not have worked at a company before,” said Pomarole.  

But, rather than have a CV that shows potential employers work experience, she added, you “can point them to your GitHub repository which you’ve been working on, or show them where you have been helping out on other projects”.

However, Pomarole believes it could be counterproductive for people to expect developers to post all of their projects on GitHub and treat it like a resume.

When it doesn’t work

Not everything Facebook develops is practical for the open source community, Pomarole said, with some “projects that are heavily tailored to the Facebook infrastructure”.

She added that projects that are only suitable for Facebook’s own internal use, or where the company feels it cannot properly support externally, do not make good candidates to go open source, she said.

In these cases we “try to share the knowledge in a whitepaper or blog post rather than open source the code”, said Pomarole.

Read more on IT education and training