Published in


Lead or follow? this decade’s dilemma for GNU/Linux based ICT industry

I’m writing this blog prompted by the disclosure of yet another bug on systemd, this time a “nasty security bug” as journalists at ZDNet defined it that has been granting all this time local privilege escalation through an excessive memory allocation.

This is very bad news for people running most GNU/Linux desktop or server installations with multi-user environments: it means that for the past 5 years or so their systems may have been compromised, with a few exceptions.

But this post goes beyond these obvious considerations: I argue this is just the tip of an iceberg passing almost unnoticed.

I’ll share some reasoning about the present and future challenges that are defining a turning point for most of us using and developing GNU/Linux based systems.


The major event I like to focus is not a bug, but the landmark acquisition of RedHat by IBM for 36 whopping billions of dollars just 2 years ago.

This event shall not go unobserved when debating about the future of GNU/Linux. It is plausible to think that the enterprise strategy of companies dealing with GNU/Linux technologies will evolve well beyond the business on certifications, and make bold steps into more aggressive exploitation of their huge “market”, something once was a community and has lost that status.

Even the temporal context has a major role in this equation as this is all happening during the troubled beginning of a decade marked by pandemic: we are witnessing a boost in usage of ICT infrastructure due to COVID with growing investments from both public and private sectors into this market.


The big and ever-growing conglomerate of the IBM/Linux armada aims to seize the market with renewed dependencies.

The strategy to form and consolidate dependencies around the needs of clients makes sense for an oligopoly that wants to keep its dominant position. For a big technology provider today the business of support and certifications is marginal when compared to the opportunity to lead research, standardization and the pace of innovation according to own interests.

The one who can lead standards can also confine risks where he may please, and accelerate testing of own developments no matter how experimental. For example systemd builds a lot of dependencies with new untested software whose risk is delegated to… anyone using Linux.

This is precisely what is happening as the big-tech industry establishes new core standards for its sector— systemd being a too-big-to-fail example — it offloads the risk of innovating strategies on user communities and small clients.

Right after a successful trial on communities, the big-tech industry is now turning small clients into guinea-pigs to externalize risks attached to innovation strategies.

This is evident through the strategic changes applied by this new RedHat, now lead by IBM, as we come to another landmark event for the ICT industry: the so called “death of CentOS”.

The end of life of RHEL 8 and CentOS 8 has been announced, to be substituted by new “stream” releases that have de-facto buried CentOS original mission as a stable distribution and resurrected it as the new guinea-pig to join Fedora in the gratuitous “downstream cage” of experimentation.

Lets be aware now that what comes “free as in beer” comes at a high cost in priorities and control.


All things considered this is the perfect storm. We may free ourselves from the big and ever-growing conglomerate of the IBM/Linux armada before they entangle us with ever growing dependencies.

Thanks to courage, a vibrant community of experts and some investments and donations today I can tell systemd has not been a problem for me, but an opportunity. To develop an alternative and facilitate a community around it took us about the same time required to adopt any new system imposed by RedHat or IBM in our operations. By choosing to lead rather than follow we gained not just superior security and efficiency for the past 5 years: we bootstrapped a community of valuable leaders as we all dared to fork of Debian. Today we rank #2 worldwide by user reviews on Distrowatch.

But lets not look at the finger pointing at the moon: this is not just about the technical choice of an init system or a system administration framework. this dynamic will repeat in many forms and there will be gains for those who have the courage to lead rather than follow. Far from the systemd debacle, at the end of CentOS as we knew it, one of its founders started Rocky Linux to continue the original mission of delivering a free and stable enterprise grade distro based on RPM packaging.

What do we in common is that we are seizing the opportunity to develop an alternative or, even better, we are sharing an opportunity with everyone out there who dares to differ. The investments are coming and the market is growing: the space is there for those who dare to take it and the risks aren’t so high all things considered.

Now is the time to break the chain of growing dependencies with IBM/Linux before it turns SMEs and public sector institutions into security nightmares.

What we will soon need for this alternative to be established is the trust from bigger players in public and private sectors, to rely on these efforts and fund them: this is in everyone’s interest, I argue, since our efforts will provide better quality and will lower costs and complexity of ICT infrastructure.

The opportunity is in the hands of decision makers across the ICT industry: now is the time we can invest on the talent and future growth of alternatives.

Early good signs are there: grants like DECODE (EU flagship project) have funded the development of Devuan for its deployment in decentralized networks, as well NLNET funding Maemo-leste a fantastic port of Linux (not Android) for embedded devices and mobile phones. Rocky Linux seems to catch up quickly with the enterprise market it aims at and has established a small round of SMEs adopters.

I believe the opportunity is there for new players to take their place as leaders. Too-big-to-fail conglomerates have shown in the past to be a rather toxic presence for the ease of maintenance and reliability of systems.

Paradoxically we aren’t even the alternative: we are the conservatives in a declining world of “fail fast fail often”. We are those who intend to ship stable systems to let all users enjoy a life made of less risks and more free time.

For more background information about Devuan, see:

Devuan® is the registered trademark of the foundation.
Linux® is the registered trademark of Linus Torvalds.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store