[TUHS] 3 essays on the ujnix legacy

steve jenkin via TUHS tuhs at tuhs.org
Sun Nov 2 13:41:17 AEST 2025 

Ted Tso is IMHO a definitive commentator for the Linux kernel.
I’m not qualified to comment on the kernel or its development.

ESR, RMS & the FSF haven’t addressed or publicly reimagined
the Open Source model for the modern world.

Money matters.
In the long term, all, not just the best talent, needs to be paid decent wages.

Most democracies don’t rely on Churches & Charities to provide all their Social services. 
It’s seen as a ‘Public Good’ to feed & house people when in need.

Short term unpaid volunteerism is fine - a little altruism isn’t invasive.

Open Source has turned out to be a marathon, not a sprint,
and the original simple unpaid volunteer model is failing.

Here are three gaps I think need to be urgently addressed:

 - paying wages gives large commercial players control of features

 - multiple unfunded critical projects exist with few new maintainers 

 - supply chain & other security attacks need to be countered

> On 2 Nov 2025, at 13:13, Theodore Tso via TUHS <tuhs at tuhs.org> wrote:
> 
> On Sat, Nov 01, 2025 at 12:45:14PM -0400, Clem Cole via TUHS wrote:
>> Hrrmph. IMO: This is trying to fit the data over the graph you want.
>> 
>> I never agreed with ESR's model.  Linux was (and continues to be) a
>> Cathedral.  It just has different master builders than BSD, SunOS, SVR4,
>> VMS, and NT did.
> 
> Speaking as someone who was working on Linux from the beginning (I was
> the first North American Linux kernel hacker,

> and the first US FTP redistribution site for Linux
> was my desktop workstation at MIT
> (a Vaxstation 3100 M38 running Ultrix),

> I never agreed with ESR's model either,
> and I agree that Mr. Garcia's graph is also... not reflective of reality.
> 
> First of all, ESR never spoke for the Linux community;
> certainly not all of it.

> <snip>
> 
> It's complicated(tm).
> 
> On Sat, Nov 01, 2025 at 10:05:47AM -0700, Alan Coopersmith via TUHS wrote:
>> On 11/1/25 07:42, A. P. Garcia via TUHS wrote:
>>> Linux took the opposite path. Its ecosystem is messy, distributed, and
>>> loud, a bazaar where competing ideas coexist until one wins by survival,
>>> not decree. It doesn’t import technologies wholesale. It reinvents them
>>> from first principles.
>>> 
>>> That’s why instead of adopting DTrace, Linux built eBPF, a programmable
>>> virtual machine for tracing, networking, and observability. It’s more
>>> complex, less elegant, but more adaptable.
>> 
>> Except of course, Linux built eBPF on top of BPF, a technology imported
>> wholesale from BSD.  The difference between how Linux looked at Dtrace &
>> BPF is one of license terms, not philosophy - they were willing to accept
>> BSD-licensed imports, but not CDDL-licensed ones.

> 
> Absolutely.  Linux is quite willing to take ideas and code from
> everywhere, so long as (a) it's good, and (b) the copyright license is
> compatible.  For example, Read-Copy-Update (RCU) was a technique that
> was created and patented by Sequent, and after IBM purchased Sequent,
> IBM donated the patent to Linux, and had former Sequent engineers
> (working for IBM's Linux Technology Center) implement RCU for Linux.
> 
> We'll take code and ideas from whereever we can get them. 
> 
> If Oracle hadn't outbid IBM to purchase Sun Microsystems (and some of
> us believe that some executives at Sun leaked details of the
> negotiation to the Wall Street Journal to draw competitors such as
> Oracle to bid on Sun; certainly IBM had no incentive to leak what came
> out in the press), it is very likely that I would have been on the
> teams sent to Sun, and we would have tried to relicense DTrace and ZFS
> from the CDDL to the GPL or some GPL-compatible license.
> 
> It's interesting to consider what the alternate history might have
> been if we could have merged the best of the Solaris technology into
> Linux, and if we could have welcomed some of the Solaris team into the
> Linux community.  I certainly had nothing but respect for them, and I
> always thought that they had been badly let down by their management
> and sales teams.   They deserved better.
> 
> My personal belief is that Oracle's acquisition of Sun Microsystems,
> while it may have represented a better deal for Sun's shareholders,
> was ultimately a tragedy for the industry as a whole.
> 
> Cheers,
> 
> 					- Ted

——————

1. the Copyleft / GPL / LGPL were a major innovation,
   it’s allowed the Linux kernel to become what it is,
   by enabling many large commercial firms
   to pour money & ‘resources’ (people) into it,
   and to fund the Boring but Essential Bits like testing.

  Open Source isn’t a ‘Commercial Project’,
  people do what they want not directed, by definition.

  Uninteresting stuff doesn’t get done, no matter how useful
  And He Who Pays Wages decides what is done. 

   I don’t believe either ESR or RMS foresaw
   the role of commercial firms & 
   the size of the Linux code base ( 40M LoC, Feb 2025 )

	<https://www.linuxtoday.com/blog/linux-kernel-source-code-surpasses-40-million-lines-january-2025-update/>

——————

2. ESR / RMS never came up with a model to collect ‘donations’ and pay volunteers,
    immortalised in XKCD ‘Dependency’. 
    Unpaid volunteers works at very small scale, but doesn't scaled very large codebases.

	<https://xkcd.com/2347/>
	<https://imgs.xkcd.com/comics/dependency.png>

	Lists multiple examples
	<https://xkcd.wtf/2347/>

Alt-text description:
	Someday ImageMagick will finally break for good 
	and we'll have a long period of scrambling 
	as we try to reassemble civilization from the rubble.

Image text:
	A project some random person in Nebraska 
	has been thanklessly maintaining since 2003

	Google AI claims "XKCD ‘Dependency’: 25 July 2013, 1354th comic”, 
		but I can’t confirm that claim.

——————

3. OSS doesn’t have a good security model across all products,
    assumes all those random volunteers are ‘good faith’ actors.

    Supply Chain Attacks are a live threat that has to be managed / mitigated.

    Since 2013, when Mandiant published details of “APT1”,
    it’s not been theoretical that patient, skilled, well-funded Actors
    could & would target commercial organisations.

    The almost successful XZ utils attack, under a GPL,
    demonstrated that ‘bad faith’ patient & skilled actors
    are a real risk to Open Source.

	<https://en.wikipedia.org/wiki/XZ_Utils_backdoor>

Project:
	<https://tukaani.org/>

——————

--
Steve Jenkin, IT Systems and Design 
0412 786 915 (+61 412 786 915)
PO Box 38, Kippax ACT 2615, AUSTRALIA

mailto:sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin

More information about the TUHS mailing list