TNS
VOXPOP
Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
0%
At work, but not for production apps
0%
I don’t use WebAssembly but expect to when the technology matures
0%
I have no plans to use WebAssembly
0%
No plans and I get mad whenever I see the buzzword
0%
AI / Open Source

Open Source in 2024: More Volatility, More Risk, More AI

The coming year may find more companies changing their open source licenses to business ones, a new wave of regulation and GenAI's continued evolution.
Jan 1st, 2024 5:00am by
Featued image for: Open Source in 2024: More Volatility, More Risk, More AI
Image by Diana Gonçalves Osterfeld.

The open source world started 2023 on an unsettled note, with widespread tech layoffs, a volatile economy, and a new generative AI platform that didn’t just produce answers, but apparently could produce computer code.

The last 12 months have seen generative AI evolving in leaps and bounds, and a license change by HashiCorp that suggested venture capital firms don’t see much future in the open source model —  all against a background of continued economic uncertainty.

So, what should we be prepared for in 2024?

“There’s a bit more optimism around,” Rebecca Rumbul, executive director, and CEO of the Rust Foundation, told The New Stack. “Which isn’t to say it’s back to the heady days of 2021 spending. But I’m feeling a bit more optimism from a lot of the companies that I’ve been speaking to.”

However, she added, there was ground to make up after deep cuts in developer relations roles — cuts she said could be a false economy. “Keeping good relationships with the open source community massively pays off commercially,” Rumbul said.

But there are more immediate ways that companies can ensure a commercial payoff. HashiCorp’s decision in August to move its entire product line, including Terraform, onto the Business Source License, sent shockwaves through the industry. But it also prompted a fork, in the shape of OpenTofu, which won immediate backing from the Linux Foundation.

At its customer conference, HashiCorp CEO David McJannet questioned the entire foundation model and said the Linux Foundation’s backing of OpenTofu was tragic for open source innovation. It could ultimately mean, he said, “There’ll be no more open source companies in Silicon Valley.”

Linux Foundation Europe general manager Gabriele Columbro told us that more license switches — and subsequent forks — were likely: “The more VC-backed open source startups that are out there, there’s going to be a percentage of them that decides at a certain point that is in the best benefit to switch the license.”

A Fork in the Roadmap?

HashiCorp had been absolutely within its right to do what it did, Columbro said. But the episode would likely encourage users to pay more consideration to the distinction between open source and open governance of projects, which would likely strengthen the role of foundations.

“When you’re choosing to depend on a piece of open source, you probably want to ask yourself that question. Is it just open source and so a single proprietary company might be able to pull the rug under my feet at any point?”

A major company using a product like Terraform could face a bill of hundreds of thousands of dollars just to work out how it is affected by a license change, he said. “I can just imagine how much a JPMorgan or a Google had to spend to even just figure out where they stand on Terraform and do an impact assessment.”

And those calculations are increasingly important, given the increasing acceptance of open source by big business, particularly in the finance space.

Columbro said, “I think we are on the cusp of financial services and fintech fully realizing that they are a tech-centric industry, and therefore embracing open source, in the very same way the big tech does, as a core pillar of their digital transformation, but also of the very fabric of the industry.”

This will break patterns of lock-in in the finance industry, and lower the barrier of entry for new fintechs, he said. But it should also create more competition, and ultimately benefit consumers, through better experiences and lower costs.

That potential blowback could make some vendors think twice about closing their code, some predict.

“A number of exec teams will now be discussing if they want to take the risk and move to closed-source models because the downside is more apparent,” said Joe Brockmeier, head of community at Percona.

“While we won’t see this stop completely, it will make those kinds of conversations more important. Some of them may even take place in public so that everyone understands the whole thought process that goes on around these choices.”

But that doesn’t mean that the industry shouldn’t look again at licensing and associated issues through 2024, suggests Amanda Brock, CEO of the nonprofit OpenUK.

“I think that it is time we had more open conversations between the different factions who have these different views, that we create more understanding across users, across contributors and across communities,” Brock said

As 2024 kicks off, she added, “I think you will see a lot of people actively engaging to try and broker this peace.”

Open Source and GenAI

A united front is arguably more important than ever, given the shockwaves that AI in general, and generative AI in particular, is sending through tech and society at large.

The UK’s efforts to get governments to agree on a regulatory framework for AI in November may have captured a lot of airtime, with reports suggesting there was an underlying theme that open source AI was a particular threat. But this was arguably nothing compared to the coverage given to the shenanigans at OpenAI later in the month, which highlighted the potential dominance of a few companies that are decidedly closed source.

People were already “severely freaked out” about the privacy aspect of GenAI, according to Patrick McFadin, vice president of developer relations at DataStax,  who believes this will lead to a revolt against OpenAI and the hyperscalers.

At the same time, he told TNS, “Regulating open source will be almost impossible. Once things are out there and open, you can’t regulate it. The open source [large language models] exist, they’re being trained, and they’re starting to get better than GPT-4, making it harder to regulate them.”

Brock was less apocalyptic, though no less serious. “As we see AI normalizing and people beginning to gain a better understanding of what it is and cutting through the hype, we will have better conversations about what open source means and how that fits into AI.”

This will result in “engagement with the open source communities and their representatives, rather than just the companies, which is what’s been happening globally.”

She said the inclusion of China at the U.K.’s Bletchley Park conference on AI safety this past fall was important, as it suggested the regulatory conversation was shifting away from sovereignty and focusing on collaboration across borders.

This has implications more broadly, said Brock, contributing to an international open source tech sector, which encompasses strong local ecosystems and skilled workforces that collaborate globally.

What’s Ahead for Open Source Regulation?

But there’s plenty in the way of increased international cooperation around tech – or indeed, international cooperation around anything. To paraphrase a former British prime minister, the greatest challenge for a leader is, “Events, dear boy. Events”

If the last three years have been event-packed, 2024 will be equally so, not least because of an unprecedented number of elections due, including the U.S.  presidential race. These elections become cybersecurity incidents themselves. But they could also herald and shape further regulation and legislation that could directly affect the open source world

Both the U.S. and E.U. have been putting in place legislation and regulation around AI, but it is 2024 that will see how these efforts start playing out in the real (virtual) world.

The European Union’s Cyber Resiliency Act will also come into effect in 2024. Recently announced revisions have reportedly made it less overtly problematic for open source, but the final text is yet to be released.

At the same time, the U.S. has already been turning the technology screws on China and Russia, choking off exports of GPUs to the former, for example, and enforcing wide-ranging sanctions on the latter. A change of U.S. government after the forthcoming November elections could herald an even more isolationist stance.

And there have been at least some instances of contributions to open source projects being refused because the coders in question worked for sanctioned Russian companies.

“I think it would be terrible for open source if it was just U.S. centric or aligned with U.S. foreign policy,” said Rumbul. “That’s not the spirit of open source.”

As for Brock, who started 2024 warning on the sustainability of open source, how does she view next year? “I’m not less concerned,” she said.

The open source community had built something exquisite, but the most exquisite object can be knocked off a table and smashed to smithereens.

The “risk” was probably higher than before, she said, “But risk isn’t always a bad word. Right? And with risk comes opportunity.”

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.