The architecture of AI is different from all of the computing that came before it

In an interview with Jonathan Bryce, Executive Director atCNCF, he offers a comprehensive look at the intersection of open source, cloud-native technology, and the rise of AI. The conversation delves into how foundational infrastructure and modern applications are converging to create robust production environments.

Bryce provides unique insights into the profound impact of AI on open source projects, the surprising financial sustainability of a free software model, and the critical role of digital sovereignty and sustainability in shaping the future of technology.

We are seeing that AI is becoming central to the industry. How does this trend change the fundamental requirements of an open source project?

AI is interesting because it is capturing so much attention now, far more than most of the technologies that we talk about in open source. Most mainstream people have probably not heard of Linux or Kubernetes. They are well known in the tech industry, but not outside of it. Everyone hears about AI constantly every day because it has such a mainstream impact. I think some things are the same, and there are some things that are different. The things that are the same are that AI applications are complex applications that need to be scaled, monitored, and managed for performance and reliability, just like a banking application or other applications. The differences come in the way that AI applications operate.

 AI applications, a lot of times, depend on special hardware like GPUs that we did not see deployed at large scale until just the last few years. If a company had 10 or 20 GPUs 10 years ago, that was considered a lot. Now we have companies that are building out hundreds of thousands of GPUs. That is a huge shift, and a GPU is a really interesting computing system. If you think about a standard computer, it has a processor, it has memory, it probably has a disk drive, and it has a network system. When you think about a GPU, it shifts all of those components into a completely different configuration. Our software has to adapt to that, and our open source software has to adapt to that as well. I think there are some things that are the same in terms of the key requirements, but the way that those requirements are met is radically different because the architecture of AI is different from all of the computing that came before it.

What is your perspective on the financial sustainability of such products, and also for the companies that are building around them?

Open source is confusing to a lot of people because of the financial aspect of it. If you look at something like Kubernetes, Kubernetes is one of the largest open source projects in history in terms of the number of people who contribute to it and the amount of code that gets generated every year out of it. And yet, you can access it for free through this open source license, Apache 2, and not pay anything.

So, how does that work? Why are all of these people contributing code? Well, it enables a massive ecosystem of companies to be able to make money. In some cases, it is a much bigger accelerator for revenue and for financial success than proprietary systems because it opens it up to new markets and new organisations faster than proprietary technology does. If I create a proprietary piece of technology and I want to spread it around the world, I have to do all of that myself, or I have to find partners, and I have to drive all of that activity myself. If I open source it, I enable people to create value in regions all over the world. I think that is counterintuitive for people, but it works when you find the right problem to solve with open source. Linux solved the problem of an operating system kernel, and it is many billions of dollars that are generated through commercial products built around Linux. OpenStack solved the cloud operating system problem. It is USD 30 billion a year of revenue from cloud software through Red Hat and Rackspace, and all of these companies. Kubernetes solved application management, and it is generating billions of dollars of revenue through Infosys, Google, and Amazon, among others. It is an enabler for financial success because it lets people move faster and with fewer restrictions to go out and build products and sell them in the market.

How can these companies align with the regulatory prospects, like the European Union’s Cyber Resilience Act or India’s DPDP?

In a lot of cases, those regulations are looking at products, like something that actually gets sold and implemented. It becomes a very similar process for these companies as if they were writing all the software themselves, except that now they just get a head start because a large portion of the software is written by other people. The things that they do to meet those regulations, around testing and security patching, are the same kinds of things that they would be doing anyway, whatever the product is. So, it frees up resources from their company to focus on meeting those regulatory requirements because they do not have to build 100% of the technology. They do not have to build 100% of the technology and meet the regulatory requirements. If you look at Kubernetes, most of the companies that contribute to it are contributing less than 2% of the overall software, which means they are getting 98% of it from the community. That frees up a lot of resources to go out and actually focus on the other requirements their product needs to meet, like regulatory requirements.

Beyond AI, what are the other trends that are shaping the open source industry?

You mentioned regulation, and I think that is one aspect of a bigger trend, which is digital sovereignty. If you go back a few years, the tech world and the tech industry were still very, very open and kind of a wild west type scenario. I think what we have seen is that governments are realising that we need to have a better handle on technology, as it has become so embedded in our lives. We have our phones that know where we are at all times, and we have discovered how much data some of these applications are collecting about us and how they are selling it and these kinds of things. Rightfully, I think governments want to protect their citizens, and that has led to this movement of digital sovereignty, where there are laws around where your data can go and who can access it. That, in turn, has changed how companies build their applications and manage all of that. I think of digital sovereignty as three things: where is my data, who has access to it, and what laws apply to it. Those are great questions that we should all think about and know about. While it has been triggered by governments and regulations, I think it is a good mindset for all of us to have, just for protecting ourselves and our families.

Does sustainability also play a role in this?

I think that there are different aspects to sustainability. Again, this is something I think the tech industry at times has not had a great track record with, whether that is a lot of high-tech components that use materials that are toxic if not treated properly and recycled and handled. Energy consumption is huge for data centres. I think, yes, this is something where we need to be more mindful of this, especially as we head into the AI era, which is going to be the biggest workload that we have ever had as humans. It is going to consume a lot of resources, but we need to make sure that we are managing it efficiently. This is where I think some of the cloud-native technologies are really great because one of the key principles they have is making sure that you get the maximum usage out of your infrastructure components. For a long time, the average utilisation of a server was 8%. Isn’t that crazy? We spend billions of dollars on hardware, and then it is only 8% utilised. A lot of times, it is because there was no good way to make sure that you are getting that to 50% or 60% on an average basis. That is what things like Kubernetes do. I think the sustainability of the tech industry is something that has always had room for improvement, but that is one of the great things about modern applications and these types of architectures.

Seeing this rapid growth of this community, how can organisations like CNCF have a strategy to encourage more contribution rather than consumption in this particular region, like the Asia-Pacific region?

Contributor growth is a key part of what the foundation tries to do. There are a lot of programs that we have. There is a program through LFX, which is a broader Linux Foundation initiative for mentoring. It is a way for people to get one-on-one guidance and help to become more of a regular contributor to a project. The CNCF runs periodically a program called Zero to Merge, which is how you can go from never having contributed to a project to actually getting into that first contribution and getting over those initial steps. We are looking at doing something to take you from that point to being a more regular contributor or even a maintainer on projects. Those are programs that we have, and we try to make sure that those are especially available to areas of the world where there is a lot of potential. India is absolutely one of the key areas for growth that we see, and that is not just a dream; it is happening right now.

What are the more important factors to maintain a community that is independent and relevant for the industry while not being influenced by the competition itself?

When you look at open source, there are a few different ways of doing open source. In some cases, there is open source that is really closely controlled by a company, a single vendor type of open source project. In some cases, they may open source part of their product and then keep certain components commercially licensed and not open source those. That is not what we do. We build very broad coalitions of companies, and often there are two or three or four companies that contribute more code than the rest of the companies combined. The way that we set up our governance and our structures, they do not get special treatment because of that. You have to earn your influence in the community by contributing consistently. One of the things that you see in healthy open source communities is that you will see developers who move from one company to another and continue working on the same project.

In a lot of cases, people here who are longtime contributors often identify themselves as a Kubernetes maintainer and contributor versus an employee of company X. This is an interesting thing that open source can do: it shifts some of that power from large companies to the community overall. That happens when you have good governance and good community structures around a project, and that is one of the things that the CNCF is very dedicated to doing.