Why hasn't it become the norm to inhibit repeated password guesses?
I'd like to challenge your assumption that this isn't being done.
[warning: wild approximations to follow]
Remember that a successful brute-force attack will require millions or billions of guesses per second to do the crack in a reasonable amount of time (say, a couple hours to a month depending on the strength of your password). Even a rate-limit of 100 password attempts per second would increase the crack time from a month to hundreds of thousands of years. Maybe my standards are low, but that's good enough for me, and no human user legitimately trying to get into their account will ever notice it. Even better if the rate-limit was by IP rather than by username just to prevent some kinds of Denial-Of-Service attacks.
Also, I don't know which Linux distribution you're using, but on my Ubuntu and CentOS systems, when I mistype my password at either the GUI or terminal login screens, it locks for 1 second before re-prompting me.
Even if the server isn't actively rate-limiting login attempts (which they really should be), just the ping time by itself is enough to slow you down to millions of years. You'll probably DDOS the server before getting anywhere close to 1 billion guesses / second. The real money is in getting a copy of the hashed passwords database and feeding that into a GPU rig where billions of guesses per second are possible.
TL;DR: if you are going to put effort into hardening your login server, you'll get more bang for your buck by improving your password hashing, and making your database hard to steal than by implementing rate-limiting on your login screen.
UPDATE: Since this went viral, I'll pull in something from the comments:
This logic only applies to login servers. For physical devices like phones or laptops, a "3 attempts and it locks" or a "10 attempts and the device wipes" type thing still makes sense because someone could shoulder-surf while you're typing your password, or see the smudge pattern on your screen, or know that a 4-digit PIN only has 10,000 combinations anyway, so the number of guesses they need to do is very very much smaller.
There's one significant problem with locking people out after repeated invalid attempts - it actually becomes an attack vector for a type of Denial of Service attack. Think about what might happen to a support desk or customer service site if a couple hundred thousand accounts all end up locked on a consistent basis by someone trying to disrupt a service.
There's even a web site I use that sends me a physical piece of mail every time I change my password - someone particularly nasty could really create problems by finding a list of accounts and suspending them repeatedly.
There's definitely a judgement call to be made between security and usability, and I personally don't believe there's a fixed or pat answer.
Enough complexity makes it technologically impractical to bruteforce, slowing it down wouldn't do much more.
"But that simply increases the number of needed attempts" is a weird way if saying billions of years longer.