As this essay went to press, IBM joined the Open Source world, and the venture capital community is discovering Open Source. Intel and Netscape have invested in Red Hat, a Linux distributor. VA Research, an integrator of Linux server and workstation hardware, has announced an outside investor. Sendmail Inc., created to commercialize the ubiquitous Sendmail e mail delivery program, has announced six million dollars in funding. IBM's Postfix secure mailer has an Open Source license, and another IBM product, the Jikes Java compiler, has a license that, at this writing, tries but doesn't quite meet the intent of the Open Source Definition. IBM appears to be willing to modify the Jikes license to be fully Open Source, and is collecting comments from the community as I write this.
Two internal Microsoft memos, referred to as the Halloween Documents, were leaked to the online public. These memos clearly document that Microsoft is threatened by Open Source and Linux, and that MS will launch an offensive against them to protect its markets. Obviously, we are in for some interesting times. I think we'll see Microsoft use two main strategies: copyrighted interfaces and patents. Microsoft will extend networking protocols, including Microsoft-specific features in them that will not be made available to free software. They, and other companies, will aggressively research new directions in computer science and will patent whatever they can before we can first use those techniques in free software, and then they'll lock us out with patent royalty fees. I've written an essay for the webzine Linux World on how to fight Open Source's enemies on the patent front.
The good news is that Microsoft is scared! In the second Halloween document, a Microsoft staffer writes about the exhilarating feeling that he could easily change part of the Linux system to do exactly what he wanted, and that it was so much easier to do this on Linux than it was for a Microsoft employee to change NT!
Efforts to hurt us from inside are the most dangerous. I think we'll also see more attempts to dilute the definition of Open Source to include partially-free products, as we saw with the Qt library in KDE before Troll Tech saw the light and released an Open Source license. Microsoft and others could hurt us by releasing a lot of software that's just free enough to attract users without having the full freedoms of Open Source. It's conceivable that they could kill off development of some categories of Open Source software by releasing a "good enough," "almost-free-enough" solution. However, the strong reaction against the KDE project before the Qt library went fully Open Source bodes poorly for similar efforts by MS and its ilk.
We've escaped Trojan horses so far. Suppose that someone who doesn't like us contributes software that contains Trojan horse, a hidden way to defeat the security of a Linux system. Suppose, then, that this person waits for the Trojan-horse software to be widely distributed, and then publicizes its vulnerability to security exploits. The public will then have seen that our Open Source system may leave us more vulnerable to this sort of exploit than the closed system of Microsoft, and this may reduce the public's trust in Open Source software. We can argue that Microsoft has its share of security bugs even if they don't allow outsiders to insert them, and that the disclosed source-code model of Open Source makes these bugs easier to find. Any bug like this that comes up on Linux will be fixed the day after it's announced, while a similar bug in Windows might go undetected or unrepaired for years. But we still need to beef up our defense against Trojan horses. Having good identification of the people who submit software and modifications is our best defense, as it allows us to use criminal law against the perpetrators of Trojan horses. While I was manager of the Debian GNU/Linux distribution, we instituted a system for all of our software maintainers to be reliably identified, and for them to participate in a public-key cryptography network that would allow us to verify whom our software came from. This sort of system has to be expanded to include all Open Source developers.
We have tremendous improvements to make before Linux is ready for the average person to use. The graphical user interface is an obvious deficit, and the KDE and GNOME projects are addressing this. System administration is the next frontier: while linuxconf partially addresses this issue, if falls far short of being a comprehensive system-administration tool for the naive user. If Caldera's COAS system is successful, it could become the basis of a full solution to the system administration problem. However, Caldera has had trouble keeping sufficient resources allocated to COAS to finish its development, and other participants have dropped off the bandwagon due to the lack of progress.
The plethora of Linux distributions appear to be going through a shake-out, with Red Hat as the perceived winner and Caldera coming in second. Red Hat has shown a solid commitment to the concept of Open Source so far, but a new president and rumors of an Initial Public Offering (IPO) could mean a weakening of this commitment, especially if competitors like Caldera, who are not nearly as concerned about Open Source, make inroads into Red Hat's markets. If the commitment of commercial Linux distributions to Open Source became a problem, that would probably spawn an effort to replace them with pure Open Source efforts similar to Debian GNU/Linux, but ones more directed to the commercial market than Debian has been.
Despite these challenges, I predict that Open Source will win. Linux has become the testbed of computer science students, and they will carry those systems with them into the workplace as they graduate. Research laboratories have adopted the Open Source model because the sharing of information is essential to the scientific method, and Open Source allows software to be shared easily. Businesses are adopting the Open Source model because it allows groups of companies to collaborate in solving a problem without the threat of an anti-trust lawsuit, and because of the leverage they gain when the computer-programming public contributes free improvements to their software. Some large corporations have adopted Open Source as a strategy to combat Microsoft and to assure that another Microsoft does not come to dominate the computer industry. But the most reliable indication of the future of Open Source is its past: in just a few years, we have gone from nothing to a robust body of software that solves many different problems and is reaching the million-user count. There's no reason for us to slow down now.