Linux Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

7 months ago 57
BOOK THIS SPACE FOR AD
ARTICLE AD
Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

sjvn/ZDNET

SEATTLE -- At The Linux Foundation's Open Source Summit North America, Linus Torvalds and his good friend Dirk Hohndel, Verizon's Head of the Open Source Program Office, once more had a wide-ranging conversation about Linux development and related issues. 

Their chat started with briefly mentioning tabs vs. spaces in source code. No, seriously. In programming circles, this is a big deal. A developer had proposed replacing a tab with a space character to help Kconfig parsers read files. No, sorry, that was a bad move.

Also: Don't like your Linux desktop? Here's how to install an alternative

As Torvalds explained, Kconfig adds hidden tabs on purpose to catch mistakes in kernel config parsing tools. Now you and that developer know. 

Moving to issues that matter more to mortal users than kernel programmers, Torvalds was happy to report that all is "calm and steady and boring" with the forthcoming Linux 6.9 kernel release. That's as it should be with an over-30-year-old software project. If something is exciting, then that probably means something's gone wrong.

This led to a conversation about the ongoing problem with hardware errors, which can lead to security issues. It's frustrating, said Torvalds, "because we can often react quite quickly in software, but then the hardware people are saying, 'Oh, we have five generations of hardware that we can't fix after the fact, and it will take another couple of years before the actual new hardware [arrives]  that can help you work around the problem.'"

With the rise of open hardware such as RISC-V, you might think that wouldn't be a problem for new generations of hardware. Not so, said Torvalds.

"My fear," confessed Torvalds, "Is that RISC-V will make all the same mistakes that everybody else did before them." Why? Well, first, "hardware people are different from software people. There's a fairly big gulf between them." In addition, hardware developers reinvent old ways of doing things and only learn by making all the same mistakes that have been made before. It's sad, but true. 

Also: 5 reasons why desktop Linux is finally growing in popularity

Still, he expects things to go faster this time. As Hohndel also pointed out, Linux has gotten better at smoothing out the differences between hardware platforms for users. "Ten years ago, moving away from x86 to a different platform was still incredibly hard,"  Hohndel said. "Today, most people don't even know whether you're running on an AMD or an Intel chip. It's in the cloud, and everything looks exactly the same." 

One problem that some open-source projects have encountered recently is villainous developers who resemble normal, helpful ones but are in fact malicious. The tiny Linux XZ Util program had a security backdoor placed within it that came within a cat's whisker of spreading into mainstream Linux distributions. 

Also: XZ Utils might not have been the only sabotage target, open-source foundations warn

It was stopped in time, and it wasn't a Linux problem, but it's still worrisome. As Torvalds recalled, "There was an attempt in 2021 by graduate students to push bad patches into Linux. They failed, and that didn't end well for them. Linux's maintainers caught the bad patches and were really upset about it. It ended up being a very personal matter, and our maintainers were very pissed off about it."

But the Linux community is unique. It has over a thousand developers, many of whom have worked together for decades. A hacker trying to trick his way into planting bad code into the kernel faces an almost impossible task. That's not the case, though, with most programs. 

Even so, Torvalds pointed out, "When the bad actor finally took advantage of becoming a maintainer, it was found within weeks. That open-source projects have found these kinds of attacks implies a fairly strong amount of stability so that these things do get caught. A healthy community is the best defense."

Alas, that doesn't translate for 99% of open-source projects, which tend to be tiny. Torvalds continued: "It's a wake-up call." We need to know whom we can trust. In the kernel, Torvalds said, we have PGP [Pretty Good Privacy]  as the foundation for a network of trust. "But, I think we're going to see a lot of work being put into some kind of trust model where people say, 'Oh, this is a new person,' or 'This is a person that is acting differently from usual.'"

Also: Do you need antivirus on Linux?

Hohndel agreed but added that the industry needs to support these smaller projects -- and not only with money. "Companies need to engage with these projects. Have your company adopt a couple of such projects and just participate. Read the code, review the patches, and provide moral support to the maintainers. It's as simple as that."

And don't expect AI to be the answer. 

Neither of these senior open-source leaders buy into AI hype. Torvalds snarked, "It's hilarious to watch. Maybe I'll be replaced by an AI model!" As for Hohndel, he thinks most AI today is "autocorrect on steroids."

Torvalds summed up his attitude as, "Let's wait 10 years and see where it actually goes before we make all these crazy announcements."

That's not to say the two men don't think AI will be helpful in the future. Indeed, Torvalds noted one good side effect already: "NVIDIA has gotten better at talking to Linux kernel developers and working with Linux memory management," because of its need for Linux to run AI's large language models (LLMs) efficiently.

Torvalds is also "looking forward to the tools actually to find bugs. We have a lot of tools, and we use them religiously, but making the tools smarter is not a bad thing. Using smarter tools is just the next inevitable step. We have tools that do kernel rewriting, with very complicated scripts, and pattern recognition. AI can be a huge help here because some of these tools are very hard to use because you have to specify things at a low enough level."

Also: The best Linux laptops 

Just be careful, Torvalds warns of "AI BS." Hohndel quickly quipped, "He meant beautiful science. You know, "Beautiful science in, beautiful science out."

I think Torvalds meant something else.

Hohndel's final question was whether Torvalds saw himself doing another big project after Linux and Git. Torvalds hopes not. 

He replied, "I hope it never happens. I say that because every single project I've started has always started from me being frustrated with other people being incompetent or money-grabbing. The reason I started Linux was that I couldn't afford the real thing. And I said, 'How hard can it be?' The answer is it can be pretty hard because here I am, 33 years later, and I'm still working on it."

Also: RebornOS is a beautiful, user-friendly take on Arch Linux

Then, Torvalds continued, "I made the same mistake 20 years ago when I said, 'Hey, I really don't think source control management is very interesting, but all these people before me -- they clearly got it completely wrong. So I need to do my own. How hard can it be?' So, I'm hoping never to be in that situation again."

Torvalds continues to work on Linux and Git today because "others came around and said, 'Hey, I need this.' Without them, I would not have continued. So while my products start with something that I need, the things that actually keep them going is that they're actually useful to other people."

So, as long as we find Linux useful, Torvalds and company will continue to work on and improve it. 

Read Entire Article