2016 was unequivocally Linux’s best year yet. It’s on more devices than ever before and more secure than ever before. Were there embarrassing moments along the way? Yes, I kept reasonably close to the news and watched a few of these evolve and get patched as quickly as they were found.
I’d also like to predict that 2017 will end being Linux’s best year yet. And I’ll even go one year further than other folks making predictions and say that 2018 will top them all.
For those of you who are glass half empty folks, let’s talk about a couple of the flaws found in 2016. LUKS looked pretty bad and Dirty Cow caused a few headaches, but the latter had a patch available within hours. And because it’s worth being redundant, let’s remember there was a patch within hours. While some would argue that the potential attack time for dirty cow was nine years, the published attack time was only a matter of hours. If you want to be a glass half empty type of person go ahead and set your clock for nine years. I still think that it was Linux’s best year ever and next year will be even better.
Why can I say this? Because Linux is honest. Honesty doesn’t mean perfection. It means openness. Linux’s faults are out there and ready for the world to see. Sometimes they’re caught early and sometimes they’re caught later.
2016 did burst the bubble on the narrative that in the land of a thousand eyeballs all bugs are shallow. It’s sounds nice, and I’m sure some projects run that way, but that’s not the way things are done anymore. I hope in 2017 we can make a better argument for open source security, and we can do it by talking about our talent management.
Outside of the honesty in the open source ecosystem, the open source talent management is our second greatest asset and every project lead knows how to leverage it. Jim Collins’ book Good to Great highlights business practices that if followed drastically improve a company’s performance in the long term. One of the most core principles is hiring the right talent, even if you have to wait for that talent to emerge. Linux’s talent management is unsurpassed because the power of that talent is published.
Want to know how good someone is? Read their code. Want to know how passionate they are? Read their posts. Bryan Lunduke has a full time job for being loud and passionate and remarkably entertaining while he flirts with a bit of rudeness. I know two project leads that recruit hires specifically from their volunteer pools. I’ve heard of Redhat and others doing the same. From what I can see, the researchers finding the bugs in the code aren’t locked behind ivory towers of corporate influence, they’re emancipated. They get hired to work on what they love and what they’re good at. They find the flaws and responsibly disclose what they’ve found. Because of their paycheck, they have the ability to research the technology that often doesn’t get looked at.
Yes these flaws get press. Shouldn’t they? Isn’t press good? Doesn’t it encourage us to audit more and improve? We’re doing that. Are the other guys? I’m confident that Redmond and Cupertino have areas that don’t gather much attention. I have a hiDPI screen and sometimes run Windows 10. I can see the areas they didn’t think anyone would notice. Not everything in Windows 10 has a hiDPI icon. I noticed. That same machine is a Lenovo. For the first time since 2009, it’s not a MacBook. Why? Because when I look at the MacBook, it’s easy to see there’s a whole division at Cupertino that isn’t getting much attention.
While our efforts may be more ad-hoc, our talent management program is better in the long term. My current employer hires only on the basis of certifications and I can see how that affects our workforce. Since they started enforcing certifications, we stopped innovating and instead merely executed. While I’m not knocking certifications, organizations who rely solely on certifications for hires often miss out on the right talent to take them from good to great. While the open source community has its share of certifications, it more importantly has an open repository of talent information.
How do we combat the glass is half empty people in the blogosphere and the occasional pessimistic podcast? Talk about our talent library. Our talent library created some of the most inventive and functional desktop interfaces ever dreamed of and only for 2% of the desktop market share. Imagine how good things will get as that percentage grows! We’re talking a lot about this year about Solus, but with a larger market share how many more Soluses are we going to see ahead? Our talent library brought us a great 2016, and it’s destined to bring us an even better 2017.