This August, Linux turned 30. That single decision to open source the Linux kernel meant that hundreds of thousands of developers and operators have directly and indirectly contributed to it — making it, perhaps, the single most significant codebase. Its dominance is so great — from Linux desktops to Windows OS to Android devices to the edge — that it’s estimated about half the world’s population is considered a Linux user, even if most of them don’t even realize it.
What makes Linux the backbone of modern software? Why, at a geriatric age for tech, is its reach and scalability only growing? How is it the future of not only legacy systems, but Kubernetes, edge computing and the Internet of Things? And how can it grapple with security across increasingly distributed systems?
We talked to two Linux-philes and SUSE colleagues: Alan Clark from SUSE’s Office of the CTO, working in emerging technologies and open source, and Matthias Eckermann, SUSE’s director of product management for Linux Platforms. They reflected on their careers working with Linux and why it is the future of open.
How are modern technology trends like cloud native and Kubernetes dependent on the Linux operating system?
Eckermann: There were a lot of things built on Linux from the beginning, which we are now using. If you say everything is cloud native, that is only half of the game, because there are billions of Linux systems installed and used that are not cloud native. What I see is a continuum of very traditional workloads, up to extremely cloud native. And the funny thing is that all of this can be served from the basis of one operating system that has the capacity to scale into multiple directions. Scaling Linux is not only meant in terms of memory size or CPU size. It is scaling different architectures, with respect to the number of systems that you can put together and with respect to the number of people that you are serving.
And Linux allows for completely different use cases, from a network device up to the bare-metal container host that Linux might be providing. There is a lot of functionality in this container host — security, isolation of workloads, isolation of containers, providing storage capacity, doing the right scheduling for all these millions of containers on top. This is all shared between traditional and cloud native workloads.
If there are potentially 3.5 billion Linux users, how far abstracted are people getting from the Linux kernel at this point?
Clark: It depends on who they are.
An operator very much wants to know what’s under the covers; they want to know, but they want it to be simple to manage. They know that they’re running Linux, they know what version, which patches, but they want operating to be simple. So, we want to simplify their lives. And, as Matthias said, we want to simplify that across architectures and sizes and so forth. We want to bring in consistency. That’s how we simplify their lives.
One of the ways we’re doing that today, of course, is with these containerization models in Kubernetes. That’s why Kubernetes has been so successful. It enables me to have that consistency across all those environments, and it gives me that simplistic view of my world, so I can orchestrate and manage that.
From the developer perspective, I want my code to run anywhere. I don’t really want to have to know the details of that environment. Let the operator deal with that. Then I deal with the simplicity of writing my code, getting my service or my application to run, and deploying that. So, give me an easy development deployment model. Let the operator figure out the orchestration of where and how it handles. The operator has abstracted that away from me so that I can make my life simple. And we’ve simplified the operator’s life on both sides. So it’s a win for both.
Eckermann: Even if Linux is unseen, is unknown to the higher levels that are on top of it, the benefit of Linux is that it is so configurable on the one side. But on the other side, you have so many people working on it with different interests that all these different workloads can be implemented on top of it or using it or developing it further.
Open source often has this notorious issue with security because it’s usually up to the user to run patches, and they often do not run them soon enough. How has the Linux community grown to address this?
Eckermann: The problem is the user and the behavior of people. And unfortunately, this did not necessarily become better with containers, even if the containers provide more abstraction. From a Linux perspective — and I’m taking the Linux communities and putting all reasonable, free and commercial Linux distributors into the same bucket here, as we are working together behind the scenes — everybody works very concentrated on providing updates as quickly as possible, as reasonable as possible, with coordinated responses. The patches are available in time, and they are available in a way that it is consumable for all of these users. And this is true for all major distributions.
So the question of patching is a question of the operations of customers. And here we have a real difference between the old world and the cloud native worlds. And that comes down to abstraction.
In the traditional world, you have a very tight interconnection between the operating systems: the low-level applications, the mid-tier and the high level. If you have properly established systems management, companies manage that in a way that they update once a week or once a month. You have systems that need to run a year or longer; those you can have a little less live patching and still be secure.
In the cloud native world, I think there is an opportunity — that from my perspective is one of the big promises of the cloud native approach — in that you have really clear separations. First, the host, which provides your hardware abstraction, security, scheduling, isolation of containers and workloads on the one side. The mid-tier levels, or the Kubernetes and Kubernetes management level, is on the second tier. The third tier is the application level. I’m absolutely not concerned about the host, because that’s where Linux is, where Linux is good and where you can use a minimal, highly secure, and very focused Linux operating system. Then you have the mid-tier layer of all the capabilities and the stack, including Kubernetes cluster management. And then you have the third tier. This is where all the applications are.
“I see a deterioration in quality over time with these containers, because nobody has thought about the life cycle of containers.”
The big challenge I currently see is in this third tier, because we have a huge amount of containers being produced every day. And as long as the container and the approach is new, it is very easy, everything is secure. But I see a deterioration in quality over time with these containers, because nobody has thought about the life cycle of containers. And I think that is the biggest problem that we are facing today, that the life cycle of containers faces the same challenges that we have seen in the past in the traditional world on an operating system stack. This is what everybody implementing containers needs to be aware of and needs to fix. This means tools for CI/CD having proper source code management. A proper integration with your container and Kubernetes management is essential.
So Linux is old enough to run for the U.S. Senate. Matthias, what is the future of Linux?
Eckermann: I don’t see it becoming old because there are many ideas. And specifically what we see is with edge, there is a lot of new technology and new thoughts, new hardware coming in, new requirements with respect to scaling up and down, new requirements with respect to networking capabilities.
The other thing is security. Software supply chain is a challenge for everybody, and we need to think how Linux in the future can give customers the trust that it is really produced with security in mind, as well as how Linux — as a distribution or as a package or as a host or as a guest or as a container — is produced and consumed in a way that is visibly secure. And we do that with the security certifications we have, like Common Criteria. We do that with even our processes, how we produce the Linux distribution is certified.
The other side of security is how Linux itself — the Linux kernel, and the ecosystem of Linux — develops. In the edge, we will see things like secure devices onboarding as an immediate priority. This means companies like SUSE working together with hardware partners on bringing the notion of the hardware about the OS, and the OS about the hardware, closer together in a way that it is manageable from a secure perspective.
On the other hand, we will have more technologies like eBPF, the enhanced Berkeley Packet Filter, which give us much more flexibility in terms of security and other aspects in the Linux kernel itself. I foresee that we [will] see another level of applications being developed on top of this capability in the Linux kernel, which boosts Linux into the next level of performance, of monitoring, of even more things — while it is running toward a new capability.
Alan, where do you see Linux heading in its fourth decade?
Clark: We’re now 30, and Linux is not dead — just the opposite, it’s growing, and it’s changing. And if you listen to all the things that Matthias described, it tells you that it’s extremely active. The number of people that are contributing to it, that are injecting new ideas into it, tells me that it’s extremely vibrant, and it continues to grow dramatically in its use and proliferation.
The future is wide open. All the new ideas and places it’s going to be used — the future is extremely bright for Linux.
To learn more about Linux and other cloud native technologies, consider coming to KubeCon+CloudNativeCon North America 2021 on Oct. 11-15.
Photo by Ivan Samkov from Pexels.