Programmers love to write code. But what about debugging it, writing test suites, and tracking down security bugs? Not so much. To help address these problems in Linux, Shuah Khan, a noted Linux kernel developer, is becoming -- after Linus Torvalds and Greg Kroah-Hartman -- the Linux Foundation's third Linux Foundation Fellow.
How Khan got her start
Khan, who grew up in India, picked up her computer science master's degree in operating systems and graphics. After working at AT&T Bell Labs and Lucent, she spent over 13 years at HPE, where she worked on open-source projects. While there, she decided: "I really wanted to contribute to Linux kernel, and I started looking for ways to get involved."
She started to work in 2011 on the mainstreaming of Android code back into Linux in her spare time. Unlike some people, she found the Linux kernel developer community to be very welcoming. "I thought that it's the right place, the right fit for me," Khan told ZDNet.
At that time, Kroah-Hartman was looking for help with the Linux stable releases. "I liked that initiative, partly because it's across the broad scope of Linux and it helped to stabilize the kernel," Khan explained.
Today, she's still working with Kroah-Hartman on the stable kernel.
She then joined Samsung, where she became a full time Linux kernel developer.
"Greg was looking for someone to help with testing. I started working on Linux kernel self testing. What I like about that is, again, it's a foundation piece of the software and ecosystem," Khan said. It was about this time that she also became a member of the Linux Technical Advisory Board.
Bridging the gap
Now, as the Foundation's third Linux Foundation Fellow, Khan will continue her kernel work -- while adding a new job as the person bridging the gap between the Linux kernel developer community and the new Linux Foundation CommunityBridge program.
CommunityBridge was introduced at the Open Source Leadership Summit in Half Moon Bay, Calif. Its purpose is to empower open-source developers and organizations, which need them to advance sustainability, security, and diversity in open-source technology.
CommunityBridge is a follow-up to the Linux Foundation's Core Infrastructure Initiative (CII). CII enabled technology companies to identify mission-critical, under-funded, open-source projects that needed help such as OpenSSL, OpenSSH, and NTPd.
CommunityBridge goes well beyond simply keeping a roof over developers' heads. The Linux Foundation recognizes that many essential open-source projects simply don't have enough resources.
CommunityBridge will do far more than help fund vital programs, which don't have a major company behind them. It provides companies and communities with three critical tools:
- CommunityBridge Funding: Enables developers to transparently raise and spend funding.
- CommunityBridge Security: Provides transparency into potential vulnerabilities and fixes.
- CommunityBridge People: Enables easy connections of mentors and prospective mentees interested in getting involved in projects and advancing diversity.
Developers want to be paid
The idea behind this is quite simple: Open-source developers want to be paid. As a young software developer, Jim Zemlin, the Linux Foundation's executive director, once put it: "What hobbyist can put three years into programming, finding all bugs, documenting his product, and distribute it for free?"
The wet-behind-the-ears developer named Bill Gates had a point.
Open-source developers two generations later want to make a living from their work and companies want to have open-source software they can count on to run their businesses.
Sure,"large open-source projects are often well-resourced, many smaller projects require more funds, talent, security, diversity, and resources to thrive," Zemlin said. "CommunityBridge is the platform to solve critical challenges and fuel open-source innovation and sustainability by empowering people -- all in one place."
There is no cost for maintainers and developers to access and use CommunityBridge. As an incentive for open-source projects to get involved in the CommunityBridge early access program, the Foundation will absorb the cost of any platform and payment processor fees for the first $10 million raised through CommunityBridge.
Zemlin also said CommunityBridge will improve code. According to a 2017 Forrester report, 80 percent to 90 percent of developers use open-source components as their foundation. CommunityBridge provides rich security features such as a scanning service to provide maintainers with relevant information about upstream dependencies, security vulnerabilities, usage reports, and licensing details. It also includes a bug bounty service to provide replicable defects as well as a backlog of actionable data that maintainers can easily use to improve the security and robustness of their projects.
- These are five high-paying programming jobs right now (TechRepublic)
- Robotics Engineer Barbie builds robots, teaches kids to code (CNET)
Making the community more diverse
For Khan, CommunityBridge is a natural progression to the work she has already been doing in the Linux kernel. It's a way for contributors who have found a place in the community to encourage newcomers. For new would-be Linux developers, it gives them a pathway into Linux. "I realized lots and lots of talented developers are apprehensive to take that first step into Linux. It 's very difficult for an outsider to know where to get started. Linux is complex. Some subsystems are more complex than others. You need an anchor, a project to get your teeth in and a mentor," she said.
Moving forward, Linux will use CommunityBridge to help get new developers feet wet with the Linux kernel. "It will be a tool that will bring all the players there. Newcomers will apply; they'll be paired with a mentor."
The end result will be to make the community more diverse, while improving the code and making Linux more secure. Khan expects, if all goes right, "We'll open it up in the first week of April. So, my rough timeline right now is that the internship program will probably start either mid-May or early-June and run for three months."
After that, new projects will start up several times a year.
CommunityBridge is not just Linux by any means. It will be used throughout the Linux Foundation's open-source universe for many projects. The project started with $500,000, and Zemlin announced the Linux Foundation would match funding for any organization that donates funds to CommunityBridge projects. GitHub immediately said it was donating an additional $100,000 donation and that it would participate in the program. Zemlin hopes by the end of the conference the start-up finds for CommunityBridge will be in the millions.
As for Khan, she feels "honored to be in the same room as Torvalds and Kroah-Hartman." Kahn's also looking forward to bringing in more Linux developers and improving its code.