Linux Core

LinuxCon North America [1] met from August 17 to 19 in Seattle, Washington. The event kicked off in typical fashion, with Jim Zemlin, executive director of the Linux Foundation sharing a video, "Distributed Genius: Advancing the Growth of Linux," that showcased how Linux has popularized the culture of collaboration that "can change the world."

In the past few years, the Linux Foundation (LF) has become much bigger than just a body to sponsor the work of core kernel developers like Linus Torvalds. It is now home to many other projects, and the number continues to grow. Zemlin said that in the last few months LF has launched some big projects, including the Node.js Foundation, R Consortium, Cloud Native Computing Foundation, The Open Container Initiative, "… and we are just getting started." In his presentation, he announced two new projects: Kinetic Open Storage, which is backed by Seagate, and the IO Visor project, which aims to advance modern I/O in networking applications.

Zemlin continued, "We have added 64 million lines of code just in the last few years from the projects we are hosting here at Linux Foundation, and this is not the code that these projects started with; that's been added since they started as a collaborative project, … and this doesn't even include Linux, which blows all these numbers out of the water." He pointed out that these projects are creating value and powering real products and services that the world depends on.

The Foundation is also playing a major role in projects that go beyond open source and touch almost everyone who depends on the digital economy. "We are funding the timekeepers of the Internet – literally – the people who keep the clocks on the Internet," he said about LF funding of some of the core developers of the NTP project [2].

Zemlin went on to describe other points of emphasis for the Foundation: "We are helping to improve the security, reliability, and stability of the entire Internet through our Core Infrastructure Initiative."

Zemlin continued, "We have a multimillion dollar fund that we're using to identify and fund projects that are critical to all our security and stability of the Internet – projects such as OpenSSL, OpenSSH, GnuPG, and many more. These projects have been underfunded, and we have created an entity that will help them get the kind of resources that's commensurate with the role these open source projects play in society."

He then invited IBM onstage to announce their LinuxONE systems, bringing Linux-only mainframes to the market. Mark Shuttleworth, who made a surprise appearance at the event, shared the stage, as Ubuntu made its debut on IBM mainframes; previously, only Red Hat and SUSE have been supported on z Systems.

Shuttleworth revealed he was there to support the LinuxONE launch, and Dustin Kirkland of Canonical said that engineers from Canonical and IBM are working together to bring Ubuntu to the mainframe, with a 2016 target for the release of these systems.

The first day also saw talks by Robin Chase, co-founder of Zipcar and founder of Buzzcar; Marianna Tessel of Docker; Ibrahim Haddad, vice president of R&D and head of Samsung's Open Source Lab, who talked about open source at Samsung; and Jon Corbet, who gave a preview of Kernel 4.2.

Security

On day two, Zemlin again took the stage to announced the Badge Program, which will deliver an automated tool to measure best practices for security in open source projects.

The Foundation is working with companies like Microsoft, Qualcomm, Bloomberg, and others to collaborate on the program. Although it's a work in progress, a first draft of the program is available on GitHub [3].

Later that day, renowned security expert Bruce Schneier gave a keynote via Google Hangout, where he talked about the state of online security and the severity of attacks. He talked about how all online attackers use the same tools, so it's difficult to tell whether you've been hacked by a government or some guy sitting in a basement.

One of the most interesting sessions I attended was by Aimee Maree Forsstrom, who talked about open source in government, including how the Australian government is using more and more open source technologies.

A Pleasant Surprise

Day two had come and gone with no sign of Linus Torvalds. I have been attending LinuxCon since 2009, and I have never missed seeing him, so his absence was surprising.

The morning of day three, Zemlin took the stage to a Microsoft advertisement on screen, and he quipped, "That's how all our future events will start." After a round of applause, he then invited Torvalds to the stage in one of the best kept secrets of LinuxCon.

Zemlin read an excerpt from a Bloomberg Businessweek article in which the author compared Torvalds with Henry Ford: "Torvalds has, in effect, been as instrumental in retooling the production lines of the modern economy as Henry Ford was 100 years earlier. It's absurd that so much power has collected in one man."

The humble Linus responded: "It does feel absurd. I am not sure about the power, but I love open source and how all that credit goes to me. Realistically, the only power I have is to say no, and sometimes I do that in a somewhat colorful manner. Because I don't write code anymore, I get a lot of kudos these days for just being a maintainer and manager of a lot of very productive people."

When asked by Zemlin, Linus showed little interested in buzzwords like Docker and said, "I am so happy that the kernel tends to be fairly far removed from all these issues, all the buzzwords, and all the new technologies."

When discussing security, he admitted he has been at odds with the security community, because he thinks they treat everything as black and white. He said, "What I see is security means bugs, and most of the security issues we have had in the kernel, and happily they haven't been that big – well some of them were big, but that doesn't happen that often – most of them have been just completely stupid bugs that nobody really would have thought of as security issues normally, except for the fact that some clever person comes around and takes advantage of that."

Torvalds made it clear that Linux and other software will never be bug-free and, as a result, fully secure: "The thing is, you are never going to get rid of bugs. If you think of it that way, then you just know that bugs are inevitable; security is never going to be perfect."

When asked about where he sees Linux in the next 10 years, he said that's not how he works. "I am a very plodding, pedestrian kind of person. I look six months ahead; I look at this release and I know what's coming up in the next one. I don't think planning 10 years ahead is necessarily very sane."

However, that doesn't make Linus backward thinking. He said the very nature of open source actually encourages and drives forward thinking, because companies and players have a vision and know where they want to go in the next 10 years. These players push their own agenda and take the project forward, so even if he himself is not forward thinking, the open source model of Linux keeps it forward thinking.

Endgame

In a few one-on-one conversations on the last day of the conference, I spoke with Michael Miller, Vice President of Global Alliances and Marketing for SUSE, who told me that SUSE now has more independence under Micro Focus, who acquired them in 2014, and they are concentrating on core areas for SUSE's growth.

Miller told me "The three main areas we are focusing on are: enterprise Linux, which is our historical area of strength; OpenStack private cloud for the enterprise; and then software-defined distributed storage, building on Ceph as the upstream project. There is great opportunity to bring those three things together in a very interesting way, and then partnering with both hardware vendors and software vendors to create a variety of choice of solutions for our customers."

Nithya Ruff, head of Open Source Office at SanDisk, talked about how they are increasing their involvement with projects like Ceph, Nithya told me that they are on the top 10 list of contributors of the project.

They are also maintaining the SCST SCSI project, and they also open sourced an Android storage library that allows application developers to use external storage such as SD cards or microSD cards.

Sam Ramji of Cloud Foundry talked about topics such as the governance of the Cloud Foundry, it's evolution, the penetration of open source in enterprise, and their involvement with the Linux Foundation as a Linux Foundation Collaborative Project. He said that Foundry borrows some best practices from LF on managing the business and also a lot of common capabilities like human resources, finances, web marketing, and so on.

The next LinuxCon will be in Toronto, Canada, and I am determined to be there. Hope to see you, too.