Key takeaways from Linux Foundation Member Summit 2023
- Posted on December 6, 2023
- Estimated reading time 10 minutes
At the end of October, I attended the Linux Foundation Member Summit - every year, technical and business leaders from Linux Foundation member organisations working with open source gather to share best practices. It is a great opportunity to share and learn from others how they incorporate open source in their organisations and their business strategy, what new innovations they have worked on in open source and how to work together with other companies/organisations across industry in open source for mutual benefit. As Avanade’s involvement in both adoption and development in open source continues to expand, attending this summit provided me with crucial insights and ideas for the future.
So, what actually went down at the Member Summit? Here is a rundown of some of the keynotes and a few select talks worth sharing.
Summit highlights and key points
The keynote sessions were recorded and are available online on YouTube.
- State of the union
During the keynotes, Jim Zemlin (Executive Director of LF) highlighted the profound importance and impact of open source and its role in changing markets and improving lives. He then explained why it's important that an organisation such as Linux Foundation exists - out of the millions of open source projects that exist, it gathers and supports thousands which have collectively the biggest impact. To back up his claims he shared some tangible examples of such impact, such as:
- Linux Operating System - the kernel powering 85% of smartphones (IDC, Gartner), it is used in a sizeable portion of world’s servers, embedded devices, and supercomputers.
- In Education and Training - certifications and trainings provided by LF provide good skills and knowledge about Open Source technologies and practices. In 2023 over 1000 people took an LF exam every week, reaching a total of over three million people enrolled in LF courses!
- In Networking and Edge - AT&T’s First Responder Network uses the Open Network Automation Platform (ONAP) and saw 40% reduction in Operating Expenses.
- In Embedded - All Chromebooks ship with Zephyr as the default EC firmware, and all Oticon hearing aids run on Zephyr.
This shouldn’t be a surprise: from 2015 where 1 in 4 Azure Virtual Machines were Linux based, Linux usage now surpasses Windows as the power behind enterprise cloud computing.
- Azure’s Radius - A new open application platform for the cloud
Azure CTO Mark Russinovich along with Ryan Umstead (Senior Engineer, BlackRock) and Ryan Nowak (Principal Software Architect, Microsoft) introduced Radius, a cloud-native application platform, which promises to make the development of microservices across various cloud environments more seamless.
One of the key benefits I saw from Radius was the ability for software development teams to separate their efforts from operator tasks (configuring cloud platform and infrastructure) while designing distributed systems on Kubernetes. The key idea is for the operators to design “recipes” for different cloud providers/environments (production/development) which describe and configure services needed for the app to function (e.g., different recipes for a Redis cache on Azure, AWS and GCP). Ryan Nowak showed a demo of a Kubernetes containerised application using a Redis cache within the cluster both for Azure and AWS. Radius used the different “recipe” definitions to generate Kubernetes pod definitions for each of the environments.
To check this and more demos out yourself, see: https://docs.radapp.io/getting-started/.
- Panel discussion on AI and the future of open-source development
Given the current trends in technology, it is important to not ignore the impact of AI on technology development, especially in open source. This is reflected not just by this panel discussion and other talks at the summit, but also by the numerous conversations I have had with members of the open-source initiative, Microsoft, and Linux Foundation. The panel itself touched upon different applications of AI within the open-source space and was very thought-provoking.
During the panel, thought leaders like Erica Brescia, Jono Bacon, and Beyang Liu explored AI’s role in content creation and community building. Application of AI in community building intrigued me, as I have not considered NLP being used in this field. Jono explained how open-source projects have a plethora of available valuable experiences of hundreds of people in QnAs or project documentation. AI chatbots can take on some routine community management tasks such as answering common support questions based on this data.
However, all panellists agreed that there is a dangerous pitfall here, of AI generated content flooding community discussions/Q&As. This is a hard to manage issue, since AI is a great accelerator for processing unstructured data (summarising various forms of text and even images), but the speakers highlight that it should be used alongside creative work (blogging mentioned as an example), but not replacing it.
Beyang then went down another remarkably interesting and, considered by some, controversial topic – use of AI in software development. He shared his pains on software development and that these tasks could be done in part by AI. For example, looking for a piece of code that is responsible for specific functionality, or doing a code review. He also mentioned that in modern software development, certain pieces of software infrastructure no longer need to be written by humans.
Jono did not fully agree with this, sharing that - although we as humans rarely look at machine code (apart from compiler and low-level system developers) and compilers abstracted that away from us, it will take some time for developers to entrust AI with generating larger code pieces. This is especially true given the security issues of AI generated code.
A final, but interesting application of AI in software development discussed was using it for cross-platform code translation - AI being a “bulldozer for cross platform translation” (Beyang) and a human only needing to verify it at the end/stitch it together.
- Cybersecurity and AI
Legislation in open source and open-source AI is yet another topic shaking the open source world. Two of the keynote sessions (“Keeping Open Open”, Bryan Che, CSO Huawei and “Navigating the Intersection of Open Source and Responsible AI”, Katharina Koerner, AI Education Network) touched on this. Bryan voiced his worries on the recent unsettlements in the open source world, namely HashiCorp adopting a Business Source License leading to a fork of the Terraform project into OpenTofu, communities voicing their concerns that Meta’s LLaMa 2 is not Open Source and other unsettling shifts. His worries also extend to the Cybersecurity Resilience Act in EU, and how they might impact companies and non-profit organisations developing open source software, for more information see this informative blog from the Linux Foundation.
These are not the only cybersecurity regulations which software and open source software developers should be aware of, in 2021 the US Government released an Executive Order on Improving the Nation’s Security, requiring Software Bills of Materials (SBOMs) from software products. Open-Source Security Foundation has been working on this issue prior to this, developing the Software Package Data Exchange project (SPDX), to support exchanging SBOMs. You can find more information here on how OpenSSF and open source communities enable the required security measures.
More recently, Cybersecurity & Infrastructure Security Agency (CISA) published their Open Source Software Security Roadmap, found here.
During her talk Katharina introduced responsible AI principles and the challenges and concerns at the intersection of AI and open source. She explained how currently we are exploring the relationship between the two fields starting at the basics – creating definitions (such as the Open-Source AI definition driven by OSI). She then shed some light on the upcoming EU AI Act and how under the current draft wording it has a potential of impacting open-source AI components. You can find more up-to-date information on the state of AI legislation summarised in this LF AI & Data blogpost
Enabling UN Sustainable Development Goals: Zephyr project contributions
Zephyr Real-Time Operating System is an incredibly fast-growing system for embedded applications and IoT devices, with incredibly high flexibility and customisability, designed with security in mind. It is basically a system that is designed to be used where Linux does not fit (literally, in terms of physical memory as well as in terms of low power consumption). It is one of the fastest growing open-source projects at the moment, not only in the embedded systems space – averaging at 2 commits per hour (for comparison, Linux kernel has on average 9 commits per hour), with over 500 contributors participating in the latest release (3.4 at the time of writing)!
Kate Stewart (Vice President of Dependable Embedded Systems, Linux Foundation), apart from introductions to the project, shared how many Zephyr based projects are being developed and shared out in the open, many of which having small (but real!) contributions towards the UN Sustainable Development goals.
Here are a few of the projects, but you can find more info on this here:
- SDG 2 Zero Hunger: IoT Greenhouse Monitor
- SDG 3 Good Health and Well Being: Oticon Hearing Aids, Intellinium Safety Pods
- SDG 7 Affordable Clean Energy: Sodaq TRACK Solar, Bl!xt Zero, Vestas Wind Turbines, Golioth AC Power Monitor, Golioth DC Power Monitor, the Libre Solar Project
The Linux Foundation also launched the LF Sustainability Initiative, which as one of its goals looks at how LF Projects are contributing (or can be contributing) towards the UN Sustainable Development goals. Find the latest report (September 2023) here: https://www.linuxfoundation.org/research/open-source-sustainability
A decade of open-source networking - What have we learned and what to expect in the next decade?
Ranny Haiby began with an overview of the networking industry's unique aspects such as regulation, licensing, and the need for reliability, resilience, and sticking to the co-developed standards. He traced the history of open source in networking, noting significant developments like the Berkeley CSRG's TCP/IP stack in 1989, and the rise of projects like XORP, Quagga, OpenWRT in the 2000s, and the networking renaissance of the 2010s with Software-Defined Networking (SDN) and virtualisation technologies.
Haiby discussed why open source is vital in networking, highlighting collaboration (sharing the burden of solving tough problems), the misconception of open source as a cost-saving measure (although he acknowledged it can be in the long run), and the importance of building secure networks.
Key lessons from his experience in open-source networking include:
- Collaboration often outweighs the importance of the code itself, creating a platform for diverse communities to work together.
- Open source and standards complement each other, with open source providing reference implementations for standards (e.g., OpenRAN) and a feedback loop between the two.
- Open source doesn't replace commercial products – there is work required to bring external code to production networks.
- Recognising strengths and weaknesses, especially in resource allocation for R&D in telecommunications and understanding that not everything needs to be built from scratch.
- The strength of a network depends on its weakest link, implying that a robust open-source ecosystem can manage vulnerabilities more effectively.
Haiby closed his talk by looking at the future of open source in networking, space being the next frontier of non-terrestrial networks, building AI-native networks and network-aware applications.
The Linux Foundation Member Summit was an incredible experience, offering a plethora of insights into the ever-evolving world of open source. From the strategic implementation of open source in AI and cybersecurity to the exploration of new business models and the challenges faced by technical leaders, the summit provided valuable knowledge and networking opportunities.
As Avanade continues to deepen its engagement with open source, explore how we are making a genuine human impact in collaboration with the Green Software Foundation, a Linux Foundation project - and join the effort.