After his announcement drew enthusiastic applause from the summit audience at downtown Austin’s J.W. Marriott hotel, he cautioned, “Don’t get too excited. We know who you are.”
The Linux kernel project, he told interviewer Dirk Hohndel, chief open source officer at the Cardano Foundation, has grown more careful about how it makes changes, in light of how many users worldwide depend on it.
“We were more freewheeling 30 years ago,” he told Hohndel, an early Linux contributor. “It was more like the Wild West: Someone would send a patch and it would just get merged, and why not? But now we can’t afford to do that.”
Some attempts to incorporate new languages into the Linux kernel, Torvalds noted, haven’t succeeded: “We tried C++ 25 years ago. We tried it for two weeks. And then we stopped trying it.”
The caution, he said, is a cornerstone of the Linux project. “I tell my sub-maintainers and developers all the time, ‘You can do anything, but we can’t break people’s workloads.’ We can’t break what people do.”
He added, “If you upgrade the kernel, it should do what it’s supposed to. And if it doesn’t, you should scream at us. In the end, it’s really the users that matter.”
A ‘Staid’ Development Process
The Linux project, Torvalds told Hohndel and the audience, is something of an outlier in the open source world.
“If you look at the average open source project, they are often very small,” he said, with few maintainers. “There are a lot of projects that have five people and the occasional drive-by patch. And then you look at the kernel. I have about 50 people I interact with for every release. And every release is, like, 1,000 developers.”
Herding all those cats requires a “calm, let’s say ‘staid’” development process, Torvalds said.
“We were more freewheeling 30 years ago. It was more like the Wild West: Someone would send a patch and it would just get merged, and why not? But now we can’t afford to do that.”
—Linus Torvalds, Linux creator
However, he added, “The idea that we have a boring and staid development possess doesn’t mean we have a boring and staid project. I’m actively encouraging people to try new things,” as with the Rust initiative.
He recognizes, he said, that many users will need to be educated once the programming language is part of the Linux kernel: “I see that people don’t understand Rust. We will have maintainers for the Rust parts. Just as we have maintainers for the other parts.”
Security and Hardware Headaches
When the conversation shifted to software’s hottest topic, security, Torvalds told the audience, “Anyone who thinks you can be 100% secure is living in a dream world. This is not reality.”
He urged the crowd to accept bugs as an inevitability and use layers of security to keep their entire stack safe.
A factor in security that’s out of the control of software developers, he said, is insecure hardware. He pointed to the Spectre and Meltdown exploits on Intel x86 microchips, from January 2018, as a turning point.
“Over the last five years, people are much more aware that sometimes even if you write very secure software – which is rare, and very hard – the hardware winds up really screwing you over anyway,” Torvalds said.
“The good news is, it’s much better than it was. The hardware issues have gotten much more esoteric and much more rare.”
Dealing with hardware bugs that affect the Linux kernel remains ”my least favorite subject ever,” he said. “But over five years, you grow inured to the pain.”
Have the vendors gotten more responsive to the needs of the kernel? Hohndel asked.
“Over the last five years, people are much more aware that sometimes even if you write very secure software – which is rare, and very hard – the hardware winds up really screwing you over anyway.”
—Linus Torvalds, Linux creator
Yes and no, Torvalds suggested. The crux of the issue is a cultural difference between software and hardware producers.
“Hardware companies aren’t used to the idea that you release something and have incremental patches every month,” he said. “You release your hardware and your customers don’t know for three or four years that they have a problem.”
When the Linux kernel project discovers a bug, Torvalds said, maintainers fix it within a week and make the patch public.
By contrast, he said, sometimes when hardware vendors are informed of a defect in their product and must produce a fix for it, “They go, ‘The release date for this is 12 months from now. And you just go, shoot me now.”
Too Much Credit for Git?
When asked by Hohndel what he does for fun, Torvalds confessed to tinkering with a bit of hardware himself, a small electronics board he designed early in the pandemic. He also mentioned that he loves scuba diving — and works on an open source project intended to log his dives.
He took the opportunity to correct the record about another open source project he’s been associated with: Git, the widely used version-control system created in 2005.
“My daughter went to college for computer science. I didn’t push her,” Torvalds said, holding up his hands in protest. She told him that, in her CS department, he is solely credited with the creation of Git.
“I only worked on Git for six months,” he protested.
The Linux Foundation is a sponsor of The New Stack.
Featured image by Heather Joslyn.