Time and again I run into the belief that the open source community has an infinite amount of energy to spare for its galaxy of projects. It's not true, and we need to stop acting like it is.
What I mean by this is simple, and was in fact given form by yesterday's column about the folks who are working on an extension to the Linux kernel that will allow Windows binaries to run natively. As an engineering feat, it's impressive. As a strategy, a way to make Linux into that much more robust of a software ecosystem, it's troubling, because it reinforces the unspoken assumption that the only way Linux can get anywhere is by being Windows's cousin once removed.
Most people I have talked to have responded this way: It's their project, let them do what they want with it, something good is likely to come of it, and hey -- there's a lot of programming fish in the sea, it's not like we're losing them. And my response has been: No, it's "throwing good code after bad", to put a turn on another common phrase. It diverts the attention of very talented people into something they tell themselves is worthwhile, but is borne out of a premise that doesn't really lift all the boats with its tide.
I have to balance this against a couple of other insights. One, nobody likes to be told that they're wasting their time with something they love -- especially not programmers, who can grow very attached to their pet projects of choice. I should know; I've gotten attached to a few of my own, and I wouldn't think much of someone who thought I was wasting my time.
The other is the simple fact that it's not always possible to predict what will come of any given software project. A software project that from the outside looks like a bumptious failure might yield up something truly revolutionary and transformative. There's an argument to be made that Linux itself was a product of just such a happy accident.
But I'm not convinced that either of these are justification to sit by and smile and pat people on the head when they throw a great deal of time and energy into something that seems to defeat the purpose of some of their other, best work. And when enough programmers all start running in that direction, the end result is a net drain of people who could be creating things people really need.
Black Hat is like no other security conference. It happens in Las Vegas, July 25-30. Find out more and register.