Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024
sjvn/ZDNET
HONG KONG: At the Linux Foundation's Open Source Summit China conference, Linus Torvalds and his friend Dirk Hohndel, head of Verizon's Open Source Program Office, again delighted the audience by discussing Linux development and related issues.
As per usual, the two talked about the current state and future of the Linux kernel, especially various aspects of Linux development such as the release process, security, Rust integration into Linux, and the role of AI in software development.
And the Linux security team publishes 60 CVEs a week, but don't worry about it – do this instead.
First, Torvalds is disappointed that sched_ext, an extensible scheduler for creating scheduling policies using eBPF, will not be included in the next Linux kernel release, but he is literal knock on wood and hopeful that it will be included in the next Linux 6.12 release.
Thinking about future releases, Hohndel asked Torvalds about his plans for the Linux kernel, specifically, “At the current rate of kernel releases, Linux Kernel 8.7 should be released around your 60th birthday, but what are your thoughts on what that might contain?” Torvalds responded, “I have no idea.”
Torvalds continued that he focuses on the short term: “Real development is about getting all the details right, and that means not looking five years out, but one or two releases out.”
And how open source can put AI on the right path
Of course, Torvalds added, “Some features will take longer than that. Later this year the Real-time Linux project celebrates its 20th anniversary. This project was literally started 20 years ago, and the people involved feel that it's finally finished… No, it's almost finished. There are still finishing touches, but we hope to have it ready for full integration into the upstream kernel by the end of this year.”
At the same time, Torvalds said that even though Linux has been around for 33 years, “you'd think all the fundamentals would have been fixed a long time ago, but that's not the case. We're still working through fundamental issues like memory management.” The work is never done.
The development process for the Linux kernel these days is very structured and rhythmic. Despite its complexity, the process has been very reliable over the years. Torvalds says they aim for a release every nine weeks, which wasn't the case before.
At the beginning, the process was very chaotic: Torvalds recalls that everyone laughed at him when he first said that they were going to do smaller releases every six weeks, rather than major releases every year or two.
As for release numbers, Torvalds again reminded everyone that release numbers don't mean anything. Hohndel said, “We usually change the major number around 19 or 20 because we get bored of it.” Torvalds responded, “No, it's because when you can no longer count on your fingers or toes, it's time for the next 'major' release.”
Also, Nvidia has finally open-sourced some of their GPU drivers. How to find out what's under the hood
The two then moved on to the topic of security. Hohndel noted that the Linux kernel has a ton of Common Vulnerabilities and Exposures (CVEs), but that this isn't because Linux is insecure. Torvalds responded that “bugs happen, and anything can be a security bug if someone is clever enough to figure out how to exploit it.”
Torvalds continued: “One of the reasons I emphasize that all security issues are just bugs is because there is a tendency in the IT industry to treat security issues as something very special, which ends up hurting everyone.”
So what should we do about the security bug fixes that are released for Linux on a weekly basis? Greg Kroah-Hartman, the maintainer of the Linux stable kernel, believes that we should always update to the latest, most secure stable Linux kernel. Torvalds agrees, but he also understands the argument that it would be better to stick with an older kernel and backport security patches less frequently.
Also, 10 Things to Do After Installing Linux – and Why You Should, Too
“Older kernels have a certain degree of stability, and we do backport patches and fixes, but some fixes get missed because they're not considered important, and then later turn out to be important,” Torvalds said.
Furthermore, using an old kernel for a long period of time could make updating to a newer kernel a huge pain when it eventually becomes necessary. So, “to all of you Chinese embedded Linux vendors who are still using the Linux 4.9 kernel,” Torvalds said, wagging his finger, “please stop.”
Additionally, Hondel said that if you're patching a really old kernel, the Linux kernel team can only say “sorry, we can't help you with that. It was so long ago that we don't even remember how to fix it.”
On a more contemporary topic – the introduction of the Rust language into Linux – Torvalds is disappointed that its adoption has not progressed more rapidly: “I would have thought the update would have been more rapid, but part of the problem is that the old-school kernel developers are used to C and don't know Rust. They're not very keen on having to learn a new language that's very different in some ways. So there's been a backlash against Rust.”
Plus: 5 Top Linux Distributions for Power Users (or Anyone Up for a Challenge)
Additionally, Torvalds commented, “Another reason is that the Rust infrastructure itself is not that stable.”
In general, Torvalds isn't interested in new technologies like the cloud or Kubernetes: “The only thing that matters is the kernel.” Hohndel countered, “That's definitely being taken out of context.”
Torvalds responded that he knows these are all very useful, but “clusters, clouds, Kubernetes are not an issue for me. The great thing about open source is that everyone specializes in their own area of interest.”
The two then discussed AI, the hottest technology topic of our time, and while Torvalds is skeptical of the current AI craze, he is hopeful that AI tools will eventually be useful for code review and bug detection.
And whether we like it or not, this open source definition of AI is a big step forward.
But Torvalds is also happy about some of the side effects of AI. For example, he said, “When AI came out, it was great because it got Nvidia more involved in the kernel. Nvidia went from being on my list of companies that were bad to now being on my list of companies that were doing a really good job.”
Hohndel concluded the discussion by saying that he had compiled 10 questions using ChatGPT to ask Torvalds. The first question was, “What do you think the future of open source software is, especially with the rise of cloud services and proprietary software?”
“I've never had a vision. I don't want one. I see myself as a hardworking engineer,” Torvalds groaned, and the interview ended to applause from the audience.
