It was the best of times. It was the worst of times. It was the age of wise development. It was the age of open-source business foolishness. It was the spring of AI hope. It was the winter of security despair.
The year 2024 saw major advances in Linux and open-source software development. However, it also witnessed some disturbing open-source business moves that raised concerns about its future.
Let’s start with the bad news.
1. Businesses dump open source in search of profits
Company after company abandoned their open-source roots to seek money with prosperity licenses and trademarks.
For all practical purposes, all software is built using open source. By Synopsys’ count, 96% of all codebases contain open-source software. But all too often in recent years, once a business has established itself with open source, it dumps its code’s open-source licenses for semi-proprietary licenses such as the Server Side Public License (SSPL) and the Business Source License (BSL) 1.1.
Also: The open-source tools that could disrupt the entire IT incident management market
This trend has included companies such as Cockroach Labs, Confluent, MongoDB, Elastic, MariaDB, Redis Labs, and HashiCorp. The list goes on and on and grows ever larger.
Still, other businesses compromise their open-source licenses by locking down their code with delayed open-source publication (DOSP). These companies include GitButler, Sentry, and Snowplow. Here, the name of the game is to promise that their code will be released under an open-source license at some point in the future.
A new anti-open-source movement has been started by WordPress co-founder Matt Mullenweg, who founded and is the CEO of Automattic. In this case, the code is still open source, but he’s demanding that one WordPress hosting company, WP-Engine, must pay 8% of its net profits for using the WordPress trademark. Rumor is he’ll be making similar demands on other WordPress companies. Just this last week, it appears that WordPress is threatening to cripple all new and updated third-party WordPress themes and plugins. This is not how open source is supposed to work.
Also: If ChatGPT produces AI-generated code for your app, who does it really belong to?
What I find most annoying about all these efforts to squeeze profits from open source is there’s no proof whatsoever of changing licenses or otherwise restricting them. Indeed, a study by Redmonk analyst Rachel Stevens, which examined several companies that made such license changes, found their growth rate remained the same as it was before the change. In addition, market capitalization results were mixed, with only MongoDB showing significant growth while valuations for others, such as HashiCorp, dropped.
Now, open source has never been a business model, but it’s essential for developing software. Companies that don’t recognize its vital importance to their future efforts will find themselves unable to progress in tomorrow’s markets.
2. Major Linux security vulnerabilities avoided
On a more positive note, a potentially catastrophic security breach was narrowly avoided when Microsoft developer Andres Freund discovered a backdoor in XZ Utils, a widely used Linux data compression utility. The backdoor, which could have compromised millions of computers, was inserted by a malicious actor who had spent years gaining trust within the open-source community. This incident highlighted the sophisticated threats facing open-source projects and the importance of vigilant code review.
Also: Leaving Windows 10 for Linux? 5 security differences to consider first
This catch underlines, though, that we must spend a lot more time on securing open-source software development. The OpenSSF’s Open Source Consumption Manifesto may serve as the foundation for establishing this approach. Something must be done. Open source is vital to all software now.
3. CentOS replacements gain traction and Linux continues to rule
Following Red Hat’s withdrawal of support for CentOS, a host of CentOS replacements has arisen. In 2024, they came of age. AlmaLinux and Rocky Linux emerged as prominent replacements for the numerous businesses that had relied on CentOS. These businesses have filled the void left by CentOS by providing stable, community-driven enterprise Linux distributions.
With its CentOS-friendly replacement, Liberty Linux, SUSE is also doing well. SUSE’s own Linux family, SUSE Linux Enterprise Server (SLES), is growing. Liberty, Rocky, and Oracle Linux are also now built on the new Open Enterprise Linux Association (OpenELA) codebase. This project’s goal is to create a truly open-source enterprise Linux that’s compatible with Red Hat Enterprise Linux (RHEL).
Also: Want to save your old computer? Try these 6 Linux distros
This isn’t to say that Red Hat is hurting. It’s not. The biggest commercial Linux distribution is doing just fine. IBM’s Red Hat acquisition has proven to be arguably IBM’s most successful acquisition ever.
Arvind Krishna, IBM’s CEO, claimed that Red Hat had doubled in size since its acquisition and saw a 14% growth rate in its last quarter. According to IBM CFO James Kavanaugh, OpenShift, Red Hat’s Kubernetes distro, and the Ansible DevOps program both grew at more than 20% year over year, with the core Red Hat Enterprise Linux (RHEL) disto business growing “in the double digits.”
Indeed, put it all together, and it’s clear that without Red Hat, IBM would be struggling to make a profit.
4. AI and open source go together like bread and butter
Without open source, there is no AI. It’s that simple. In their search for profits, though, AI companies — with the notable exception of IBM with its Granite models — like to give open source a lot more lip service than they do to releasing their code and models under an open-source license. Yes, I’m looking at you, Meta, with your Llama.
That said, open source doesn’t fit easily with AI. If you don’t believe me, just look at the endless fights over the Open Source Initiative’s (OSI) Open Source AI Definition (OSAID) 1.0. We may have an “official” open-source definition, but we are nowhere close to an agreement about how valid OSAID is.
Also: IBM’s new enterprise AI models are more powerful than anything from OpenAI or Google
While the details are still being worked out, there can be no question whatsoever that AI and open source will continue to work together. AI’s foundations are built from open-source programs such as Hugging Face Transformers, PyTorch, and Tensorflow. Without these programs and others, none of the AI programs you use every day — such as ChatGPT — would exist.
5. Real-time Linux made it into mainstream Linux
It took 20 years — no, really! — but Real-Time Linux (PREEMPT_RT) is finally in the mainline kernel.
And what is a real-time operating system (RTOS), you ask? It’s a specialized operating system designed to handle time-critical tasks with precision and reliability. Unlike general-purpose operating systems like Windows or MacOS an RTOS is designed to respond to events and process data within strict time constraints, often measured in milliseconds or microseconds.
Also: 20 years later, real-time Linux makes it to the kernel – really
Many people assume that RTOSs are for fast processes. They’re not. Speed is not the point of RTOSs — reliability is. This feature is crucial in applications where timing is everything, such as industrial control systems, medical devices, and aerospace equipment.
This opens up a new field of devices for Linux. Going forward, we’ll see numerous new real-time hardware gadgets running Linux.
Looking ahead, I see all these trends continuing, for better or worse. It’s my sincere hope that it will all, in the end, work out for the best.