Home  >  Posts

Reviewing open source trends in 2024

A black magnifying glass held over the keyboard of a laptop

Well it’s a new year again and time for a few more predictions for what 2025 will hold. I’ll publish those next week. In the meantime, let’s see how I did in 2024.

Artificial Intelligence

One of the trends I was keeping my eyes on was artificial intelligence. I wrote

Some generative AI projects and companies have called themselves “open”, but there’s no agreement on what that means. Certainly it’s not enough for the model itself to be open if the training data isn’t open as well. The Open Source Initiative is working on a definition of open source AI, but for now it’s up to projects who want to develop an open source AI to figure out what it means for them.

The OSI published their Open Source AI Definition to mixed reviews. Critics — including me — don’t think it goes far enough. Only time will tell.

I didn’t see as much AI policy creation as I expected in 2024. I’ve started collecting policies that I find, but there aren’t that many out there. If you’re aware of one, please let me know so I can add it.

Business pressures

A year ago, I was talking about both licensing changes and finances. The two are linked, of course, but I’m going to examine them separately.

Red Hat’s changes to how they publish source code and Hashicorp’s switch to the Business Source License made a lot of people very angry. This may be the year if we see whether or not that matters.

Spoiler alert: it does not. Red Hat is doing well enough, contributing to the nearly 36% share price increase in parent company IBM’s stock in 2024 (disclosure: I own shares of IBM from my time as a Red Hat employee). IBM announced plans to acquire Hashicorp in April. While the OpenTofu project, a fork of Hashicorp’s Terraform, is successful so far, it doesn’t seem to have harmed Hashicorp. Perhaps emboldened by this, Redis changed its license in March which resulted in the Linux Foundation-backed Valkey fork. Perforce announced coming changes to the Puppet licensing that will drive the community to fork it as well. In enterprise open source, it seems the “enterprise” influence outweighs the “open source” influence.

But not everything suggests more license shenanigans are on the horizon. Elastic returned to an open source license for Elasticsearch and Kibana mid year. At the end of the year, Nvidia closed its $700 million acquisition of Run:AI and announced plans to open source it.

How about on the finance side?

With interest rates rising, borrowing money is no longer free(-ish). As a result, the capitalist machine demands better results from companies. That means that companies who don’t have a solid understanding of how their open source investments connect to the business may find themselves making cuts. If you’re running a project, foundation, or event that relies on corporate funding, brace yourself for a tighter budget.

The U.S. Federal Reserve cut rates in the last third of the year, but the effective rate is still higher than it’s been for almost the entirety of my career. Money continues to be not free. I’m aware of open source cuts at Docker (which included my role) as well as at Cisco. The technology sector more broadly had significant cuts, including at Dell, Intel, Fastly, and Citrix. In all, Layoffs.fyi shows about 151,000 people cut across 542 companies in 2024. Both of these numbers are down significantly from 2023, which is good.

As for projects, foundations, and events, they are undoubtedly feeling the strain, although I’m not aware of any that have gone under as a result. The sense I got talking to folks at KubeCon US was that booth presence at events may not be worth the investment, particularly as companies tighten travel budgets and send fewer people as a result.

Supply chain

When I wrote last year’s post, I did not know that I’d be working directly in the supply chain security space for most of the year. At a personal level, if nothing else, the software supply chain has proven to be incredibly significant. From the broader perspective, I wrote:

We’ll see more changes like these in 2024, along with greater attention at companies on the security of the open source code they consume. The challenge for open source projects is that this attention will often lead to unfunded mandates. For volunteer projects, unfunded mandates are ignored at best and burn out maintainers at worst.

I’m willing to say that I nailed that one. The attack on xz brought to light in late March definitely put a scare into people. The Cyber Resilience Act (CRA) in Europe also brings regulatory pressure. Tools large and small (shout out to GUAC, zizmor, and Supply-Chain Firewall among many others) have been introduced or improved to help with various security aspects. The Python Software Foundation has put a lot of effort into improving the security of PyPI and key Python libraries and the Sovereign Tech Agency has made funding available for open source developers.

This post’s featured photo by Agence Olloweb on Unsplash.

Categories:Posts

Tags:

Ben Cotton

Ben formerly led open source messaging at Docker and was the Fedora Program Manager. He is the author of Program Management for Open Source Projects. Ben is an Open Organization Ambassador and frequent conference speaker. His personal website is Funnel Fiasco.

Share

Related Posts

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.