Dear DNG'ers

this summer I wrote a small critical post about what I believe to be a
dilemma for anyone using GNU/Linux at scale for mission critical
operations.

I'm curious about your opinions here and if it can spawn an interesting
thread, there is so little discussion about these topics online and I
guess this is a good place for it given the experience gathered in this
community.

The article is pasted below and a link to it is provided for those who
prefer the web with links and animated gifs.

     Lead or follow? this decade’s dilemma for GNU/Linux based ICT industry

    Online version with links and gifs:
    https://medium.com/think-do-tank/lead-or-follow-the-dilemma-of-ict-industry-for-the-coming-decade-4f83ee1851bc

I’m writing this post prompted by the disclosure of yet another bug on
systemd, this time a “nasty security bug” as journalists at ZDNet defined
it that has been granting all this time local privilege escalation through
an excessive memory allocation.

Nasty Linux systemd security bug revealed | ZDNet

Systemd, the Linux system and service manager that has largely replaced init
as the master Linux startup and control…

This is very bad news for people running most GNU/Linux desktop or server
installations with multi-user environments: it means that for the past 5
years or so their systems may have been compromised, with a few
exceptions.

But this post goes beyond these obvious considerations: I argue this is
just the tip of an iceberg passing almost unnoticed.

     I’ll share some reasoning about the present and future challenges that
     are defining a turning point for most of us using and developing
     GNU/Linux based systems.

                                    Context

     The major event I like to focus is not a bug, but the landmark
     acquisition of RedHat by IBM for 36 whopping billions of dollars just 2
     years ago.

This event shall not go unobserved when debating about the future of
GNU/Linux. It is plausible to think that the enterprise strategy of
companies dealing with GNU/Linux technologies will evolve well beyond the
business on certifications, and make bold steps into more aggressive
exploitation of their huge “market”, something once was a community and
has lost that status.

Even the temporal context has a major role in this equation as this is all
happening during the troubled beginning of a decade marked by pandemic: we
are witnessing a boost in usage of ICT infrastructure due to COVID with
growing investments from both public and private sectors into this market.

                                    Strategy

     The big and ever-growing conglomerate of the IBM/Linux armada aims to
     seize the market with renewed dependencies.

The strategy to form and consolidate dependencies around the needs of
clients makes sense for an oligopoly that wants to keep its dominant
position. For a big technology provider today the business of support and
certifications is marginal when compared to the opportunity to lead
research, standardization and the pace of innovation according to own
interests.

The one who can lead standards can also confine risks where he may please,
and accelerate testing of own developments no matter how experimental. For
example systemd builds a lot of dependencies with new untested software
whose risk is delegated to… anyone using Linux.

This is precisely what is happening as the big-tech industry establishes
new core standards for its sector— systemd being a too-big-to-fail example
— it offloads the risk of innovating strategies on user communities and
small clients.

     Right after a successful trial on communities, the big-tech industry is
     now turning small clients into guinea-pigs to externalize risks attached
     to innovation strategies.

This is evident through the strategic changes applied by this new RedHat,
now lead by IBM, as we come to another landmark event for the ICT
industry: the so called “death of CentOS”.

CentOS Is Dead, Long Live CentOS

On Tuesday, December 8th, Red Hat and CentOS announced the end of CentOS 8. To
be specific, CentOS 8 will reach end of…

The end of life of RHEL 8 and CentOS 8 has been announced, to be
substituted by new “stream” releases that have de-facto buried CentOS
original mission as a stable distribution and resurrected it as the new
guinea-pig to join Fedora in the gratuitous “downstream cage” of
experimentation.

     Lets be aware now that what comes “free as in beer” comes at a high cost
     in priorities and control.

                                  Opportunity

     All things considered this is the perfect storm. We may free ourselves
     from the big and ever-growing conglomerate of the IBM/Linux armada
     before they entangle us with ever growing dependencies.

Thanks to courage, a vibrant community of experts and some investments and
donations today I can tell systemd has not been a problem for me, but an
opportunity. To develop an alternative and facilitate a community around
it took us about the same time required to adopt any new system imposed by
RedHat or IBM in our operations. By choosing to lead rather than follow we
gained not just superior security and efficiency for the past 5 years: we
bootstrapped a community of valuable leaders as we all dared to fork of
Debian. Today we rank #2 worldwide by user reviews on Distrowatch.

Welcome to devuan.org | Devuan GNU+Linux Free Operating System

Devuan GNU+Linux is a fork of Debian without systemd that allows users to
reclaim control over their system by avoiding…

But lets not look at the finger pointing at the moon: this is not just
about the technical choice of an init system or a system administration
framework. this dynamic will repeat in many forms and there will be gains
for those who have the courage to lead rather than follow. Far from the
systemd debacle, at the end of CentOS as we knew it, one of its founders
started Rocky Linux to continue the original mission of delivering a free
and stable enterprise grade distro based on RPM packaging.

Rocky Linux

Rocky Linux is an open enterprise Operating System designed to be 100%
bug-for-bug compatible with Enterprise Linux.

What do we in common is that we are seizing the opportunity to develop an
alternative or, even better, we are sharing an opportunity with everyone
out there who dares to differ. The investments are coming and the market
is growing: the space is there for those who dare to take it and the risks
aren’t so high all things considered.

     Now is the time to break the chain of growing dependencies with
     IBM/Linux before it turns SMEs and public sector institutions into
     security nightmares.

What we will soon need for this alternative to be established is the trust
from bigger players in public and private sectors, to rely on these
efforts and fund them: this is in everyone’s interest, I argue, since our
efforts will provide better quality and will lower costs and complexity of
ICT infrastructure.

     The opportunity is in the hands of decision makers across the ICT
     industry: now is the time we can invest on the talent and future growth
     of alternatives.

Early good signs are there: grants like DECODE (EU flagship project) have
funded the development of Devuan for its deployment in decentralized
networks, as well NLNET funding Maemo-leste a fantastic port of Linux (not
Android) for embedded devices and mobile phones. Rocky Linux seems to
catch up quickly with the enterprise market it aims at and has established
a small round of SMEs adopters.

I believe the opportunity is there for new players to take their place as
leaders. Too-big-to-fail conglomerates have shown in the past to be a
rather toxic presence for the ease of maintenance and reliability of
systems.

     Paradoxically we aren’t even the alternative: we are the conservatives
     in a declining world of “fail fast fail often”. We are those who intend
     to ship stable systems to let all users enjoy a life made of less risks
     and more free time.

For more background information about Devuan, see:

     • The Debian fork original announcement
     • Coverage by The Register
     • Coverage by Heise
     • My Ph.D thesis chapter about Devuan
     • Devuan presented at FOSDEM 2019

Devuan® is the registered trademark of the Dyne.org foundation.
Linux® is the registered trademark of Linus Torvalds.

   Dyne.org Think &Do Tank 
    — we are free to share code and we code to share freedom

No (C) - Public domain.

--

  Denis "Jaromil" Roio      https://Dyne.org think &do tank
  Ph.D, CTO & co-founder    software to empower communities
  ✉ Haparandadam 7-A1, 1013AK Amsterdam, The Netherlands
  𝄞 crypto κρυπτο крипто क्रिप्टो 加密 التشفير הצפנה
  ⚷ 6113D89C A825C5CE DD02C872 73B35DA5 4ACB7D10