Over the past decade, Linux has gone from scrappy insurgent to mainstream choice for the enterprise data center. Linux has ruled the cloud from the beginning, and while it flopped on the desktop, it has an 83 percent share of smartphones in the form of Android, which is built on the Linux kernel. Plus, Linux pretty much owns the embedded market, from TVs to cars to new IoT devices.
Jim Zemlin, executive director of the Linux Foundation, has watched these triumphs up close during his 10-year tenure with the organization. During that time, the Linux Foundation has quietly expanded to encompass 26 collaborative projects, including such marquee ventures as Cloud Foundry, Node.js, OpenDaylight, and Xen.
The Linux Foundation also puts on dozens of live events, including the Apache Software Foundation’s conferences, and runs a booming training business. For example, says Zemlin, hundreds of thousands of aspiring admins take Linux courses offered by the Foundation on edX for free.
With 150 employees working in new offices next to Lucasfilm in San Francisco, the Linux Foundation is growing at a rate that tracks with the ascent of open source overall. As Zemlin says, “There’s just too much software to be written for any company to write it by themselves these days and win.”
An incubator for infrastructure
The productive capacity of a broad, code-sharing community is a powerful creative force. But establishing a successful project and/or foundation and building that community isn’t easy. Zemlin explains that, as an umbrella organization for collaborative infrastructure projects, the Linux Foundation provides help in the form of organizational guidance, intellectual property management advice, and more:
We developed best practices for how to run an effective open source project over a decade. What’s the cost of adding a new contributor to a project? How do you lower that cost by making it easier to sign up, allowing for better mentorship within the project, allowing for more organizations to train people in order to get them up to speed to do that joint development? How do you train people on how to submit a patch to an open source project so that it can be peer reviewed?
Although the Linux Foundation provides plenty of assistance, it has no powers of enforcement over its loose federation of projects. As Zemlin quips, “My job is to persuade people to do what’s in their best interest already.” But he does offer incentives, particularly in the crucial area of software security:
We have a program that says if you want your code shared you can indicate that you take security seriously by getting a badge. The badge requires you do threat modeling and have a security mailing list and do testing of your code -- linting and fuzzing and so forth.
The Linux Foundation employs technical staff, but experts from the community -- many at the architect level -- do most of the security vetting. “Think of us as sort of a coordinator -- we just bring all this expertise to the table,” says Zemlin.
Security has been a sticking point, one that emerged in sharp relief with OpenSSL and the Heartbleed flaw. I first interviewed Zemlin nearly a year ago not long after the Linux Foundation established the Core Infrastructure Initiative, a collaborative project to shore up such underresourced projects as OpenSSL and NTPd. OpenSSL is coming along fine, says Zemlin, but the NTPd remains a work in progress.
Though his influence over collaborative projects has limits, Zemlin has twice played peacemaker recently, helping to heal a high-profile rift between Docker and CoreOS and to reel in the short-lived spinoff io.js from the Node.js project.
Hot bits coming up
As Zemlin notes, open source has not only infiltrated closed-source juggernauts like Apple and Microsoft, but also cloud providers -- from the top to the bottom of the cloud infrastructure stack. When asked to identify the most exciting new projects, Zemlin says:
I’m particularly fond of the Open Container Project, only because right-once, run-anywhere … we’ve tried so hard. Come on. Let’s get it right this time. So if you can really create portability across these different cloud service providers, I think it’s a huge game changer.
The Open Container project is flanked by the Cloud Native Computing Foundation, which intends to lead the development of a standardized, open source platform for managing next-generation clouds of containers.
Ultimately, though, Zemlin thinks networking will be the biggest growth area in 2016. Part of this may arrive in the form of new offerings from the OPNFV (Open Platform for Network Function Virtualization) Foundation, whose members include AT&T, Cisco, Dell, HP, IBM, Intel, Juniper, and a dozen others. Plus, there’s the infamous SDN foundation many were cynical about:
OpenDaylight has definitely proven the naysayers wrong in many ways. That project has succeeded. They’re doubling the development community every year. There are 20 products out in the market based on OpenDaylight. But that’s just the beginning. Look at projects like Open Switch from HP. I think you’re going to see more management and orchestration projects in networking.
One measure of OpenDaylight's authenticity is the fact that Cisco has proposed OpFlex -- the protocol central to Cisco's groundbreaking approach to SDN, Application Centric Infrastructure -- as an IETF standard and as part of OpenDaylight.
Trends for the year ahead
Zemlin says the Linux Foundation will be focusing on three initiatives in 2016.
One will be to support the emerging role of what Zemlin calls the "open source professional" -- that is, the point person in any enterprise who is charged with managing "external R&D" in open source software projects. Support for this new role will take the form of training, tools, and certification programs. This position already exists in many Silicon Valley companies, says Zemlin, but he wants to help extend the model to "the next 1,000 companies" that have no idea where to start.
A related initiative is to help organizations manage the increasing overlap between open source code and code developed in-house. This confluence goes hand in hand with what Tim O'Reilly has termed "inner-sourcing," where collaborative, distributed open source development practices are applied within organizations. When inner-sourcing takes hold, inside and outside development have the potential to become part of the same endeavor. But blurring that line also raises a fresh set of challenges, which Zemlin says the Linux Foundation will address:
How do we track who is contributing to a project inside a company and one that is potentially contributing to a project being consumed outside the company as well? How do you track that person’s identity inside and outside of the corporate wall in order to maintain cohesion? How do I build development processes so that as I’m releasing code internally, I’m applying changes to the external project in order to not have to maintain that by myself -- and then re-consuming that code for the next version of my product? We want to just erase those lines and make it clear through intellectual property management and open-source license compliance that I’m going to share what I want to share and keep what I want to keep.
Finally, Zemlin wants to help blur the lines in another area: between open source development and standards development. Many would say that open source bits have already assumed the role standards once had -- and few want to return to the bad old days of industry committees that take years to grind out specifications. Zemlin agrees, but still sees a need for "a certain kind of protocol" around standards. He looks toward open models where there’s an implementation in bits, but also an agreed-upon baseline of interoperability, citing the Open Container Project's work as an example.
These are ambitious goals for a nonprofit foundation, yet this sort of leadership seems necessary. Open source has grown beyond its free software roots to become a vast ecosystem from which our software-defined future will emerge. Neither the Linux Foundation nor any other organization can control how that evolution will proceed. But providing ample resources, training, guidance, and nudges here and there can only have a positive influence on the outcome.