Press "Enter" to skip to content

Dirk Hohndel: Linux, Linus, Licenses, and the Business of Open Source

In this interview, Hohndel opines about the mistakes some proprietary companies make when they attempt to go open, the recent spate of “source available” licenses, how he came to be the one to interview Linus Torvalds at Open Source Summit every year, and more.

Dirk Hohndel and Linus Torvalds at Open Source Summit 2021
Dirk Hohndel interviews Linus Torvalds at Open Source Summit 2021. SOURCE: Linux Foundation

You would be hard pressed to find anybody in open source circles who hasn’t heard of Dirk Hohndel, who’s been involved in open source since…well, since back before there was “open source”. He’s been involved with Linux almost from the beginning, and he’s the person who was hand-picked by Linux’s creator, Linus Torvalds, to interview him each year at Open Source Summit.

His resume would get him a listing in Who’s Who in Linux and Open Source, if there were such a thing. Just hitting the high points, he was the Chief Technology Office at SUSE from 1995-2001, brought open source to Intel as the chipmaker’s chief Linux and open source technologist from 2001-2016, and did the same for VMware as a VP and chief open source officer from 2016 until January of this year.

He’s been involved in other open source projects as well, notably as the maintainer of XFree86 for a while, and since 2012 maintaining Subsurface, a logging and planning software project for scuba divers created by his friend Torvalds.

When Hohndel suddenly announced in January that he was leaving VMware earlier this year because “I had completed the job I set out to do,” I immediately pinged him to see about an interview. He agreed, but wanted to wait until after he was officially gone from VMware, and in early March we sat down to a Zoom meeting for what I thought would be a quick, down-and-dirty 20 minute interview on the whys and wherefores of leaving VMware, and perhaps a little bit about Linux and open source.

We ended up talking for the better part of an hour, most of which is included here because he had a lot of really interesting things to say that I just couldn’t leave on the cutting room floor. Our talk has been lightly edited for readability, and starts with me questioning why he suddenly left VMware.

FOSS Force: Let’s start by talking about your leaving VMware. You spent the last five years there, and I think it caught a lot of people by surprise when you tweeted that you were leaving, because I think a lot of people assumed that you were going to be there for a long, long time. What brought you to the decision that it was time to move on?

Dirk Hohndel: I joined VMware five-and-a-half years ago and set out with a fairly specific set of goals. In the conversation with then CEO Pat Gelsinger, we decided what would be my goals, what I would be working on. Over the winter break I looked at the first slide deck from my first presentation to VMware’s executive staff and I felt, “Yeah, I’ve done that — great progress.” It felt like I had achieved the things I had set out to do, and it seemed like a really successful and really good run. In general, the recommendation is to to quit at the peak, right?

FOSS Force: A big change happened at VMware not long before you decided to leave. VMware became an independent company, with Dell letting it go. How was that going for VMware when you left? I imagine that’s been a good thing.

Dirk Hohndel: I obviously don’t speak for VMware anymore. While I was there, I felt there was a lot of excitement about being independent, and it was broadly viewed by both the executives and the teams as an important step. Being a truly independent software vendor with the ability to more effectively collaborate across a lot of partners was seen as a huge opportunity. So I would say, very positive from from the perspective of of VMware, both from employees and leadership.

From Proprietary to Open Source

FOSS Force: I think people were surprised when you were hired by VMware to a high level position focused on open source, because VMware was not seen, at that time, as being a particularly open source company. With your help, and I’m sure the help of others, that’s changed, and I think VMware, even though its primary product is proprietary, is seen as something of an open source company right now, or at least it has open source credibility. Would you like to speak to how they came about?

Dirk Hohndel: I think that’s really what I do for a living. When Intel hired me in 2001 it certainly was seen as part of Wintel, as a completely proprietary company. I was hired into Intel with the goal to help them build a strong open source presence, to shift their business model, and to take much more advantage of the innovation that was happening in open source. I think that worked out really well.

The idea was very much the same when I came into VMware — to help them build up processes, structures, teams, and the internal infrastructure that would allow VMware to be a successful leader in open source. As I said earlier, I really felt that that was hugely successful and that VMware has changed dramatically in the five-and-a-half years that I spent there, and in my opinion, for the better. Today, there is a very, very strong group of open source leaders at the company.

FOSS Force: I think that open source tends to have that effect on companies if they really embrace it, and it appears from where I sit that VMware is nothing like the company it was before it began opening up to open source. They used to be a typical “keep your distance, we’ll feed you whatever information we want to feed you” company, and now they seem to be very open and much easier, at least from a press angle, to deal with than they were before.

Dirk Hohndel: I’m obviously not an unbiased observer, so my answer to that question is likely to be a little self serving, but I think so. I think the company has changed a lot and I think the company has changed for the better.

A lot of the of the open source energy that you you will see at VMware is driven by people who view themselves first and foremost as open source developers, advocates, and community members. That really should be the goal whenever a company tries to be successful in an open source ecosystem. This is not something you can do as an afterthought, as a little side thing. This needs to be part of your culture, part of your mission, and part of the way your people think.

FOSS Force: We’ve seen that happening a lot with previously big proprietary enterprises and vendors over the last five or six years.

Dirk Hohndel: I think we’ve seen a lot of attempts to do that, and I think the various companies have had different degrees of success. I think there are companies out there who will tell you that they are very pro-open source, but what they’re doing is much more similar to strip mining projects than to being productive and well respected members of the community.

Being a good open source citizen is not about how much money you can spend on marketing to tell everyone that you’re good at open source. It is very much in your actions; it’s in what you do; it’s in how you engage. How are you part of the projects? How are you interacting with the other people in the projects? How are you pushing for open and transparent governance? How well do you live up to the the promises that you make?

A lot of companies love to talk about their love for open source, but the nice thing about open source is that it’s actually not all that hard to go in, look at the projects, look at their contributions, look at what they’re doing, what they’re not doing, and build your own opinion.

One of the key litmus tests here is always: who is engaging in the non sexy parts of open source software development. Who is looking at the build systems, at the technical debt, at the infrastructure? Who is trying to figure out how to deal with supply chain security issues? Who is trying to figure out how this ecosystem can thrive and who is just trying to get a quick hit, get a few commits in their name, give a couple of paid keynotes, and then do something else? That’s really easy if you are willing to spend a few minutes to figure out who is whom.

Advice and Consent

FOSS Force: On LinkedIn, I see that under the name DH Consulting you’re listing yourself as a “strategic adviser” to both the Linux Foundation and CIQ, which is Rocky Linux founder, Gregory Kurtzer’s, startup. I’m assuming these are your first clients?

Dirk Hohndel: These are the first clients who actually said that I can list them, which is an important distinction. I decided that I could spend some time trying to interact with a lot of companies in this space who feel like they could benefit from from my insight and my experience in how to be successful in and around open source.

This was really driven by events more than by planning. When I left VMware and talked about this in public, a lot of companies came to me and said, “Hey, Dirk, we have questions,” and at some point I looked at myself and realized I’m giving free consulting to a lot of different companies and maybe that isn’t the smartest thing I could do. That’s where the whole idea came from. I said, OK, I’ll set up a little company and I’ll tell people sure, I’m happy to help you, but here are the terms, here’s how I’m willing to do this.

Reception has been surprisingly good. This has turned into a real business and into an interesting challenge for me. I’m not sure if this is what I want to do permanently — I’m not sure if I have the mentality to be a freelancer for the rest of my life — but right now I will say I’m enjoying it tremendously. It comes with crazy hours. I was on a call until almost midnight last night, so I’ve noticed that when you work for yourself that work/life balance becomes an interesting challenge. But I’m really enjoying the conversation and the opportunity to learn a lot more about a lot of different companies.

I think that there are kind of two levels to this idea of what I do. On the one level there is the advice, and this is why I list myself as a strategic advisor. There is this very simple component of here are the obvious things, here are some of the rules, here are some of the ways to think about your problems, here are the obvious opportunities, here are the pitfalls, and here are the things not to do. So there is this very high level strategic set of advice that someone from the outside who can look at what you’re doing can give you to help steer you in the right direction. Then the company needs to find ways to implement that and to be successful.

Then there is the second level, and this is something that has become really obvious to me in even these early conversations that I’ve had with these companies, where you need someone inside whose job it is to derive that, and where the question becomes at which level do you want to install this? Do you want to have a an open source program office manager, whose job is to implement things that somebody else thinks of and whose job is very transactional and just about keeping the lights on, or does the company think they want to have a strategic role that uses the advantages of open source, that uses innovation, technology, collaboration, and all these things that we can get from open source as a strategic tool to transform the company, to grow the company, to change their engagement with their customers and partners and whatnot. So are you looking for that open source office manager, or for a Chief Open Technology Officer.

This is like saying, do we call an accounting firm to do our books, or do we need a CFO who puts our finances on a solid basis and has a strategy on how we’re going to use capital, because I think this is an example that a lot of companies will understand. Very few large companies do all of their accounting with an outside service. It’s a strategic function, and every company for which software is important should have an executive open source function.

Interestingly enough, today the number of companies for which software isn’t important is actually fairly small, whether you talk to investment banks, retailers, pharmaceuticals, logistics companies, manufacturing companies, or car makers. If you look at how many software engineers the average Fortune 500 company has, it is a stunning number. All of them use open source software all the time, and very few of them really think about the strategic implications of what they do, the security implications of what they do, and the legal implications of what they do. That is something where I see a huge opportunity.

FOSS Force: One of the big problems might be learning license compliance and the issue of borrowing code. I’m sure a lot of people think that if it’s open source I can just put this code in anything, and you have to explain to them that the facts of life are that you can’t even put code under certain open source licenses in other open source licenses.

Dirk Hohndel: The license compliance is kind of the table stakes basic level that a lot of companies actually do try to follow, or I should say most companies hopefully do track. This is the typical manager level, somewhere in the legal department or open source program office.

But to me that really is just scratching the surface. Yes, absolutely, you have to do this, and that is always part of the role of a chief open source officer. But what you really need to think about is, what are my security implications? What are my reproducible build implications? How am I actually creating the software that I’m using? Do I actually know what the components are that are being built into this product? Are my engineers effectively downloading random crap from the internet and shipping it to my customers?

If you look at the way a typical Docker build works, you download binaries from random people and you have no idea who they are, where they’re from, and what their intentions are. There is a huge potential issue in the way people build software using open source components, but we are still thinking about this passively.

Everything that I’ve said so far is about how you conceptualize your use of open source software, but there is this huge other part of it. How do you use it strategically? How does open source software impact your ability to drive your business and to provide your services? What are your interdependencies from third party projects? Can a competitor who is very influential in one of the projects that you desperately rely on suddenly impact your business by changing things that you need? Do you have the ability to get changes, bug fixes, new API’s into these projects? Are there new features that would help grow your business and would bring more people to use your services? Are there new layers in that stack that if they were available would make a difference to your customers, and at the end of the day, to your bottom line?

This whole strategic analysis of what are my opportunities here, what are my risks here, how do I use this incredibly complex field to my advantage — that’s something that very few companies spend enough time thinking about.

FOSS Force: When I’m looking at a vendor who’s moving into the open source area, one of the things I pay attention to as a journalist is how successful they’re being in building an open source community around their project.

Dirk Hohndel: Yeah, and I think a lot of companies maybe don’t pay enough attention to that, and this is part of what I just talked about. How do you engage with the other people that are working on this project?

A lot of people think about open source software in the context of licenses or in the context of a software development methodology. I always try to lead the conversation saying this is a social sciences experiment.

You have a group of people that have no other interdependency. They don’t work for you; you don’t pay them; there is no hierarchical relationship; they are potentially your competitors. So you have this diverse group of engineers, and you’re trying to get something done in this environment. All of your decision making, all of the ways you get change done, is through influence. This is very much a social experiment, and it’s an incredibly successful social experiment that has created billions and billions of dollars of value.

It is very different from in-house software development and it’s very different from how a lot of people think about community. They think about the block party and the donation to the food bank, which are all great things, but if you think about the open source community and how to work with it, you have to have a clear understanding of how this works, how governance works, how influence happens in these spaces, and how change happens in open source projects.

Because if you use open source software, and everyone does, then change in these projects affects how you use them and what you can do. The obvious big examples for that are large projects changing licenses; we have that. Every few months a project says, “Oh, we no longer have this license. We’re now under that license.” Have you planned for that? Do you know how to respond to that? Are you part of the community that made the decision? Have you gotten your voice heard while the decision was being made? All these parts of living in an open source ecosystem, way too many companies ignore.

The Source Available Three-card Monte Game

FOSS Force: You kind of segued into something I was meaning to hit on. We’ve seen a lot recently, especially from different open source databases, of companies trying to move to change licenses to protect themselves from cloud companies or others that might want to monetize their database as a SaaS platform, with licenses the Open Source Initiative says don’t meet the Open Source Definition. I’d like to hear your thoughts on that.

Dirk Hohndel: This is a very complex topic and there are no easy answers here, because there are conflicting interests where both sides of the conversation actually have very good reasons for acting the way that they act.

I very much believe in the original OSI definition where there are no restrictions for the purpose of use. That is one of the requirements to be considered open source. You cannot say this is open source software but you can’t use this in a nuclear power plant or you can’t use this in the military, but you can use this in the following way. This is the part of the of the definition of open source software that some of these licenses stumble over when they say you can’t provide this as a service over the internet, which is part of the language of the SSPL [Server Side Public License], which is one of the licenses that I think you were alluding to.

I understand the the desire of the projects to prevent a certain type of use, and I understand the argument from the other side that can be bluntly paraphrased: “Well, if you didn’t want me to use your software, you shouldn’t have made it open source.” The exploitative nature of some of these relationships is, of course, super frustrating.

This was obviously predictable. As you released your software under the Apache v2 license, you should have understood what that means, and you should be OK with other people using your software. If you aren’t, then maybe you shouldn’t have released it.

The bigger question is how can an ecosystem work in which you’re trying to limit certain types of use of your software, especially if you didn’t start out on that license but started out on a different license and you got a lot of people engaged in your project, you made your project successful using that license, and then you change the rules. That’s bait and switch, and that’s something that I personally find pretty challenging. I would stay that some of these large projects that have done that recently, had they started out under the SSPL, they would never have become large projects.

There’s a lot of complexity in this topic and as I said in the beginning, there is no easy answer. The reality is where we are today, and the question for every company is, if my lawyers read this license text do they believe that we can comply with this license? I would invite everyone to really, really, really carefully read the SSPL, because as a nonlawyer I actually am reasonably certain that you cannot comply with that license and therefore, maybe you should consider not using the software. But I’m not a lawyer. You should talk to your lawyer. You shouldn’t take my advice or view.

FOSS Force: What about a company releasing a new product under the SSPL as sort of a permissive proprietary license with no pretense of openness? I’m thinking of a company that recently decided to release their IT infrastructure software under the SSPL because they wanted to give their enterprise clients the ability to download it, install and use it internally, and even distribute it, but they did want to stop somebody like Amazon Web Services from stealing the platform.

Dirk Hohndel: There are many different business models around software that you can create and there are many valid reasons for not going open source. There are a lot of valid reasons for saying we want to make our sources available, so that from a security perspective or from a compliance perspective, people can can look at the sources, but at the same time, we don’t believe in the underlying value of open source; we don’t think that we can create a healthy community around that; we don’t want open governance.

That’s all absolutely legit and there’s nothing wrong with that. Look, I worked for a proprietary software company that didn’t release the sources of most of their products, right? To me, it gets oversimplified when people try to say it’s either/or, because it is a spectrum. There are a lot of different ways in which to create software and in which to interact with your ecosystem.

The thing that I dislike, on principle, is going out and creating an ecosystem under one license and then pulling the rug out from under the people who have made you successful, because the people who send you their contributions and who have written code, added features, and fixed bugs for you, did that under the assumption that the code is under a certain license and would continue to be under the license.

Now, a fair point that a lot of people make in this argument is, “Well, then just use the old version and continue to develop that.” And we have seen a number of hostile forks of these projects for exactly that reason, where the last version under an Apache 2 license is then maintained by somebody else. But the bigger picture is that is, of course, extremely unhealthy for the community, and it’s, in my mind, always the least desirable outcome.

FOSS Force: What you just said reminded me of an answer that Mr. Torvalds gave you to a question on stage about why he decided on the GPL instead of the BSD license. He said it was because he wanted to promise developers that the software they were working on would always be free and open and not owned by anyone.

Dirk Hohndel: This is one of the major strengths of the copyleft ecosystem. A lot of the industry today has switched to the permissive licenses, because they are perceived as easier and more industry friendly, but one of the interesting things that the copyleft ecosystem ensures is that it becomes a lot harder to simply take rights away from your user base. Of course, now we get into the question of what about CLAs [contributor license agreements]? What about copyright assignment? What about some of the license changes that we’ve seen, where not all copyright holders were actually asked if they’re agreeing with the license change? So we’re drifting into a very legal discussion and into an incredibly complex topic that has a lot of emotions running high among people.

I think that Linus’s choice to release the Linux kernel under the GPL is one of the key reasons for the success of Linux and for jumpstarting an industry that has created tremendous value. So to me, this is a poster child of a great license choice that really helped implement the vision that he had when when he started out, and by the way, the vision that he had was much, much smaller than what actually happened.

The vision that he had was about collaboration, about bringing people together and ensuring that everyone could continue to work together on this project, and that there wasn’t a company that would just take this, do their own thing, make that own thing indispensable, but not return it to the community.

Software Freedom

FOSS Force: Back in the ’90s, before open source took over the enterprise, most open source or free software users were “enthusiasts” who were playing around with Linux and free software at home. That community still exists, with many or most now working in IT, but still using Linux and open source at home. What would you say to these users? What would you say about the state of open source for them right now?

Dirk Hohndel: I think when when we started 30 years ago, more than 30 years ago at this point, things were a lot simpler, because systems were much smaller, software stacks were much smaller, and so forth. I like telling the story about when I started working on the Linux kernel, the first thing that I did was to print-out all the sources, and the first computer that I worked with had two megabytes of memory.

But many of the underlying values of the things that we were excited about back then are still absolutely true. You still can actually build the complete software stack that runs on your hardware from source, and you can still experiment and learn and use software, and make this software do the things that you want it to do.

What has changed is the amount of complexity around you, and what has changed is kind of the default set of expectations that people apply to their software stack. If I were to show a person who has recently joined the open source community the infrastructure that we worked on in the early ’90s, they would certainly not recognize it and they would not think of it in the same way they think about their laptop today.

I mean, we’re doing this on a Zoom meeting right now. We’re having a video call here that you’re recording and we’re having a conversation where we see ourselves.

FOSS Force: And I don’t know about you, but I’m running the meeting on a Linux machine on a native Linux Zoom client, which literally would have been unthinkable even 15 years ago.

Dirk Hohndel: I am actually running this on a Mac. As a person who spent many, many years trying to make desktop Linux successful — I maintained XFree86, the X Window System for Linux for a while, as I am sure you know — I will admit that most of the time these days I’m on a Mac, because it just works. Any piece of hardware, any piece of equipment, anything I want to do, it’s just there and I don’t need to learn about, research it, or spend a lot of time on it, I can just use it.

The work that I do on open source software, whether it’s Linux, Subsurface, or whatever, I then simply do on a virtual machine, where of course, I run Linux. So most of my development work is done on Linux, but from from a simple convenience perspective, I typically use a Mac.

I mean, behind me the the underwater photography… I think it’s fairly well known that I’m an avid scuba diver and photographer, and having access to the Adobe tools to work on makes it much easier. And yes, I do have friends who do this with the Lightroom clone, Darktable. They use the open source tools and every time I look at them do this, I’m like, “Sure, this works, but it seems pretty dang hard.”

For me, this is just a trade-off of time versus freedom, quite literally. Software freedom in the sense of no, I don’t control the software stack; yes, I do have to pay a subscription fee for it. But on the flip side, with my hobbies, with the things that I do, that often is simply the trade-off that allows me to spend more time on the things that I love doing, like scuba diving.

Of course, that all falls apart when we then talk about the fact that I maintain Subsurface, an open source divelog. While there are proprietary divelogs out there, I would flat out state that they’re all terrible, and that we, Linus and I, were able to significantly move the state of the art forward with what we can do with Subsurface. So while in many cases what I’m talking about (at least for me) applies, in that particular instance, it doesn’t.

But of course, Subsurface runs on a Mac, if that’s what you want to do.

The Linus and Dirk Show

FOSS Force: Every year when you and Linus Torvalds meet on stage at Open Source Summit, you guys have such a fabulous rapport. I’ve often wondered, do the two of you get together ahead of time and decide what you’re going to talk about, or do you surprise him with questions?

Dirk Hohndel: One of the key rules is that Linus does not want to know what I’m going to ask him, which is what makes these conversations so interesting. I spend a couple of weeks trying to figure out what I think the conversation is about, and so I have questions, and I, of course, make assumptions about what he’s going to say. You know, Linus and I know each other fairly well, so often I think I know what his answer is going to be.

Some questions I’ve asked him before, and I use them to kind of move the conversation along. I remember a few years ago when we were in Beijing and I had a series of questions lined up, and if you look at the video, you can see that very moment when I asked him a question where I thought I knew exactly what he would say, important because the following questions all were building on that answer. He said the exact opposite of what I expected, so the rest of that sequence of questions made no sense at all any more.

So no, this really is me asking him questions and he answering what he feels at that moment. After that keynote, we went and had a coffee and I told him, “Like, you completely threw me. We’ve talked about this before.” He says, “Yeah, I changed my mind.”

FOSS Force: That’s a great story. I think almost everybody in open source looks forward to that talk every year. I was wondering how that tradition got started?

Dirk Hohndel: There are actually multiple Genesis stories for that. Linus does not like to give presentations; he does not like to be a public speaker. He hates having slides and giving a talk. So, quite a few years ago the idea came up that maybe just having someone asking him questions on stage would be a way for him to have a presence at the event and be accessible to the community, without him having to give a presentation. A decade or so ago, a couple of different people were tapped to do that and not all of these Q & A sessions went especially well.

At some point, I think it was 2011 in Brazil, if I’m not mistaken, I was asked if I would do that. This worked really well, because Linus and I have been friends for forever, since the early ’90s, so there is a good trust relationship which makes him relax and actually just answer the question without trying to figure out if there’s a trap built in or if this is a loaded, leading question; we had one instance where the interviewer really tried to make him look stupid, which is not what I want to do. I want to have an interesting conversation that is entertaining for the audience and shows what’s going on in his mind.

So that went well, and he said, “Oh, let’s do this again.” As a result, we have since done this, I want to say 21 times, pretty sure, and this has become a tradition at the Linux Foundation events. It’s something I really enjoy. It’s really fun to do that.

FOSS Force: I know that every year it’s the one streaming tech thing that I made sure to find the time to watch, and I’m sure I’m not alone in that. As a last question, do you have any advice for people who are now working and playing in open source?

Dirk Hohndel: This is this is hard, because every situation is different, and very few questions actually have universal answers that will always be useful and right and helpful.

I think: always question your motives. Always ask yourself, “Why am I doing this? What is it that I want to get, and my company wants to get, out of my actions?” Once you have figured that out and you can articulate this, then turn the table around. Put yourself into the situation of whatever open source community you’re interacting with and ask yourself, “How will my actions be perceived by that community?”

By looking at both of these and trying to be honest with yourself and trying to create not an “Oh, I wish they would see me such and such,” but “how are they going to see my actions?” By looking at it from these two perspectives, very often it becomes much easier to understand which paths, which directions, are fraught with peril and with conflict and with sadness, and where, hopefully, you’re creating a win-win situation that will be successful and will grow a company or community and will hopefully grow your company.

**********

On Wednesday, the Linux Foundation announced that Hohndel will be interviewing Linus Torvalds again this year on stage at Open Source Summit, which will be held in Austin, Texas, June 20-24.

Latest Articles