• United States




Linus Torvalds, the UNIX Wars and history repeating itself

Sep 24, 20189 mins
LinuxOperating SystemsRisk Management

Linus Torvalds, the creator and maintainer of the Linux Kernel, announced on a mailing list that he was taking time off to address behavioral issues that have caused negativity in the Linux community. This presented business risk and a potential to cause forking of the Linux kernel and history repeating itself with the Unix Wars yet again.

Linux security
Credit: Thinkstock

Over the past week, news came out that Linus Torvalds, the father of Linux, is taking time off to address his behavior issues. For those of us who know Linus, he is known for speaking his mind and being very condescending toward people, often erupting into insults and personal attacks on mailing lists. His attacks on Intel for their Spectre patch were only one example of many. The culture created by the top leader has caused several top developers, specifically Sage Sharp, who maintained the USB 3.0 drivers, to leave.

Why is this important?

Linux is no longer the operating system that you downloaded from a Bulletin Board System (BBS) in 1992 at 9600 baud onto a stack of 3.5 inch floppies and were really careful to not accidentally blow away your DOS/Windows 3.1 install with. Unlike almost every other single operating system, however, there has been one person at the top, Linus himself. 

The world has completely changed, and Linux has too. This is the operating system that now powers most of the major cloud providers such as Amazon, Google and Rackspace. Even Microsoft, a much-avowed enemy of Linux in the past, now utilizes it. The competitors from when it began, except for FreeBSD, Windows, and AIX, are mostly either dead (Digital UNIX, IRIX) or on life support (Solaris, HP-UX, VMS, OS/2, etc.). 

No operating system out there has had a successful run like it. No operating system out there in such wide use has had the same person at the top for 27 years that I can think of. Linus Torvalds is the Gordie Howe of kernel development. The late Gordie Howe, for those of you who do not know, besides being the best hockey player not named Wayne Gretzky, played long enough to play professionally with his children in games with the New England Whalers.

Linux is also the same OS that many hobbyists moved to when their platforms ceased development. A vast number of the hardcore Linux users started out on Commodores, Amigas, Ataris, Spectrums and Apples, and skipped Windows entirely. The Do It Yourself (DIY) ethic and hackability attracted many of them. The development talent that once got home computers to do things their engineers never anticipated moved to where they could fully take advantage of their talents.

The Raspberry Pi series of hobbyist and educational mini-computers also runs Linux as a primary OS. Millions of these devices have been sold, and it has become the Commodore 64 of this generation because it is inexpensive, lends itself to tinkering, and is easy to use.

As I was explaining to someone earlier this week, you have something running Linux in your house and don’t even know it. It has become pervasive.

What has changed?

Linux is no longer just a platform that is restricted to those who can successfully install it without blowing away their DOS partition, manually compiling kernels to get device drivers they need, or understanding why a Realtek 8139-based network card was the best one to have. It’s the core operating system behind a number of multi-billion-dollar businesses such as Amazon, Facebook, Oracle and almost every single Fortune 500 company. 

With this comes the need for additional professionalism. Many of the articles that I have read on this subject focus on either the Contributor Covenant or the perceived takeover of Linux by “Social Justice Warriors.” What they don’t focus on is the business risk and how that can be a major driver toward Linus’s decision.

Business risk and the UNIX Wars

I’ve spent 10 years as a technology executive in health care. During that time, I spent four years helping run a technology group and coordinating multi-million-dollar purchases of hardware and software. Most of my time is spent assessing and addressing risk. Large purchases of hardware or software go through entire teams of people, including teams of attorneys from both sides. Everything is looked at through a risk lens with appropriate contract language and service level agreements. Nobody wants to be the one to cause undue risk.

I have seen many deals and companies get nixed because of behavior like Linus’s. I actively block companies whose leadership shows the same attitudes from doing business. If you are going to base the core of a multi-billion-dollar business on a platform, everything about it will be examined by a team of people before it gets implemented. Attitudes like his have driven talent away and are generally looked at by decision makers as unprofessional and negative. Executives are judged by the talent they grow and hire, and people who act like tech gods and insult people who they perceive as lower than them lower credibility in the eyes of the C-suite.

This is where the difference between the Linux community that grew up hacking things to work and the Linux community now stands. Many of the kernel contributors are now from major corporations, many of which didn’t exist in 1991 when the first message went out on USENET, such as Google. Behavior that was right at home on a BBS in 1992 is no longer the norm.

The “UNIX Wars” of the 1980s happened because a number of UNIX vendors, all of whom based their products on divergent versions of the original Bell Labs UNIX, had slightly different products, and caused significant competition. Linux is at risk of going down the same path because technology executives aren’t going to risk dealing with someone with a bad attitude who drives people away. 

It’s not a far stretch to see the major Linux vendors fork the kernels and create divergent products that they maintain to protect their brand. 

Linux is no longer just a hobbyist platform. It’s part of our infrastructure. Forking kernels and getting teams of lawyers involved in the process is going to cause us to repeat history. There were a lot of duplicate efforts that went to waste in the 1980s due to the “UNIX Wars” that set technology and innovation back. We have a chance to move forward.

How does this affect security?

Back in 1992 if you found a security hole you were expected to fix it yourself and explain why. UNIX distributions were full of security issues, and a little bit of hacking around could get you around it on most variants, especially with parameter fuzzing. Linux comes from the dawn of the security era, back when networking was a licensed option on many UNIX platforms and didn’t come standard.

There was a general dislike and distrust of end users, mostly called “Lusers.” Simon Travaglia published a very popular article series called the “Bastard Operator From Hell” (BOFH) that many considered an escapist fantasy of what systems and network administrators (BOFHs) wanted to do to the end user community and management. It is still published today.

Security is prevalent these days. Linux has had to adjust and has done so incredibly well. The kernel is much more secure, and there are developers continuing to adjust it and make changes.

Hostile attitudes do not do well for security. The tech community has generally been generally unwelcoming of people willing to prove themselves at a technical level, and very protective of their culture and club, and have been since the 1960s. While there are many people and companies that have evolved, the legend of the BOFH still stands. Linus’s behavior before the change reinforces that.

This has a threefold effect. First, people who would like to contribute don’t, because they don’t want to put up with the poor attitudes and lack of empathy and communication. In the past 25 years, people have changed dramatically. Whereas someone would persist and deal with the hostile behavior back then, they are much less willing to do it now and will just move on to another option.

Secondly, it leads people to not want to report issues in. Why bother reporting something in if Linus or one of his deputies is going to flame you? Why bother if you’re going to be attacked?

Third, we have a lot of people learning computer science now and starting very young.  We’ve managed to make computers so inexpensive that $75 gets you a Raspberry Pi with all the necessary tools to start Linux development. If this is the attitude we show these kids, we’re going to turn them off to technology as developers. 

People aren’t going to report issues in if no one takes them seriously, or if they get blown off. The lack of empathy many people in the tech community show makes people walk away. Many cyberattacks happen because of this disconnect in communication, because people don’t feel comfortable reporting these issues in, or thinking that the anomaly they discovered is going to be ignored. If we don’t improve the people skills, we’re going to continue to have the skills gap, because we’re going to continue to turn people off to tech, despite the heroic efforts of many.

Why is Linus’s change good?

Linus Torvalds is a reluctant and yet powerful leader. He went from putting out a hobby OS over the nascent Internet and BBSs to leading development of the most-used operating system in the world, one whose changes have wide-ranging consequences.  With that comes a need for additional skills. Part of this is the realization that leaders set the tone for communication and how others act. Flaming and insulting people might have been OK on a BBS or in the tech community, but it’s not acceptable when major companies base their business on your product, or when you can affect the stock prices of multiple public companies with your comments.

The tech community needs to continue to evolve to address the major cybersecurity issues affecting people and businesses daily. As part of my job, I develop a significant amount of collateral to help our community better understand what they can do to improve security. When I have interviewed top executives and customers in the field as part of my research, the communication gap has always come up as a major risk.  When I round and speak with my customers, this has come up repeatedly. 

If Linus can make this change, and we see one less cyberattack because of it, then this is a positive change. If we see more people developing for Linux, this is a positive change. If we see more bugs reported in and fixed, this is also positive.

More importantly, if Linus can make this change, so can others. We need to make this change so that we can focus our effort on addressing issues and building a better community, not starting Unix Wars II.


Mitchell Parker, CISSP, is the Executive Director, Information Security and Compliance, at Indiana University Health in Indianapolis. Mitch is currently working on redeveloping the Information Security program at IU Health, and regularly works with multiple non-technology stakeholders to improve it. He also speaks regularly at multiple conferences and workshops, including HIMSS, IEEE TechIgnite, and Internet of Medical Things.

Mitch has a Bachelor's degree in Computer Science from Bloomsburg University, a MS in Information Technology Leadership from LaSalle University, and his MBA from Temple University.

The opinions expressed in this blog are those of Mitchell Parker and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.