Last month at NGINX Sprint 3.0, I hosted a chat on open source ecosystems with three industry experts: Matt Butcher, CEO of Fermyon; Stephen Chin, VP of Developer Relations at JFrog; and Robert Sirchia, Sr. Technical Evangelist at SUSE. Given their brilliant insights, I could not resist a final question, namely: What technology should we pay attention to now because it will be incredibly important in the next three years?
Now, the question might seem a bit odd. Who has time to look three years ahead, given how hard it already is to keep up with the current, rapidly expanding open source ecosystem? But that’s the exact reason to do so. If you can catch a project in its early days, you can grow your knowledge gradually as the technology expands in scope.
The inspiration for many open source projects is to improve on a current solution that’s too complicated or manual for wide adoption or easy scaling in production. The first step toward the new solution is often to abstract away details that the current solution forces you to deal with. But as work continues, adjacent problem spaces are usually revealed and must be addressed for the solution to be complete. Greater complexity is almost inevitably the result, and by the time the new solution is on your radar it’s already too big to understand quickly and easily.
In short, abstraction may make life easier, but it doesn’t always make it simpler. A wonderful and important example is Kubernetes, now the container orchestration of choice. Kubernetes came to light in July 2015. It was based on a very successful internal project at Google (Borg) and rapidly took on a highly successful role in production systems. It might not have seemed important to learn Kubernetes in 2015 (there were several competing technologies) but today you have to understand it if you want to build and deploy modern apps.
So, what do Matt, Robert, Stephen, and I think is the next thing you need to learn right now? Our chat identified three candidates: OpenTelemetry, OpenSSF, and WebAssembly.
OpenTelemetry: Correlating Data Streams for Modern App Monitoring
OpenTelemetry (OTel) has been around since March 2019. It’s taken the observability world by storm and is one of the most active open source projects at the Cloud Native Computing Foundation (CNCF). You might be well‑versed in OTel, but you still can’t ignore a few major factors that will soon change how you manage your applications.
OTel started with distributed tracing, which is incredibly important to the new cloud‑native category of applications. But OTel’s developers rapidly realized that monitoring for modern apps requires aligning multiple data classes (traces, metrics, and logs) into a unified view, correlating them for you so you get a rapid and clear understanding of what’s going on in your app environment at any location and point in time.
Progress on each data class has proceeded on its own timeline. Tracing led the way, followed quickly by metrics. Now, the last of the triad is approaching its own stable release – logs, probably the most familiar source of application insights and one you’re already using in your work with any open source project.
As OTel incorporates logs into the unified view of observability data it provides, we need to understand rapidly how the resulting new world view will change the time scale for recognizing and responding to application problems, be they disruptions in service, incorrect results, or just request transaction durations that exceed the patience of users.
Dive into OTel and get up to date on their work on all three data classes. For helpful tips on adopting OTel in your modern app environment, read our blog about what we learned while incorporating it into the NGINX Modern App Reference Architecture (MARA).
OpenSSF: Securing the Future of Open Source
Security is a painfully necessary part of the modern application world. And as we create solutions that incorporate a multitude of separate projects, security can sometimes get lost in the shuffle. We’ve seen examples of security weaknesses that multiply and echo across projects. What should we do?
Fortunately, you don’t have to solve this problem alone. The Open Source Security Foundation (OpenSSF), part of the Linux Foundation, is bringing together communities, companies, and projects to advance security across all open source projects. OpenSSF is relatively new as foundations go (it formed in 2020). It’s still developing its focus, but it is going to impact every place that open source touches (and that is nearly everywhere). You are going to need to understand what a secure open source supply chain means, especially if you are responsible for day-to-day production operations. You need to dive into what OpenSSF recommends to secure the repos we depend on and your own projects in turn.
Because it’s early days for OpenSSF, not only can you learn about its projects while they’re still evolving – you can have a direct impact on their future. Bring your knowledge of how things work to guide the definition of best practices and to provide insight on how the OpenSSF’s security model might impact operations at organizations like yours. F5 is pleased to be an active member of OpenSSF, working on initiatives for securing open source supply chains and critical projects.
WebAssembly: Delivering the Next-Gen Web App
But why learn Wasm now? It might not be feature‑complete, but it is already widely used and highly functional. It will increasingly shape the design and delivery of web apps, be they cloud‑native microservices, serverless functions, or more traditional refactored applications. And it will change the nature of app development by making new features, new clients, new capabilities, and even new architectures available to your future projects. In a sense, we’ve saved the best for last. Of the three technologies we’ve looked at, we think Wasm is the most important for developers to understand, and soon.
TL;DR (Even Though You Did!)
So, there you have it, a short list of technologies that will impact you the most in the next few years and are available to you now. Depending on your unique role in the open source world, you might need to focus on one before the others. But we predict that all three will be even more important in three years than they are today.