back to article Linux boss Torvalds: Don't talk to me about containers and other buzzwords

Linux kernel maintainer Linus Torvalds isn't thinking about where his creation will be ten years from now – in fact, he claims he doesn't even think ahead one year. "I am a very plodding, pedestrian kind of person," Torvalds said during a Q&A session with Linux Foundation boss Jim Zemlin at LinuxCon in Seattle on Wednesday. "I …

  1. elDog

    This seems a very level-headed and straight forward discussion

    It's nice to have a few good points made without any sensationalism.

    Especially Linux's role in small embedded systems - difficult given kernel and app demands.

    I was a bit surprised that Linus didn't think that the OS could ever be truly hardened. Perhaps that is just a limitation akin to Godel's theorem?

    1. Gene Cash Silver badge

      Re: This seems a very level-headed and straight forward discussion

      > Linus didn't think that the OS could ever be truly hardened

      He's essentially saying the code can never honestly be bug-free, and where there are bugs, there are security holes.

      1. Ken Hagan Gold badge

        Re: This seems a very level-headed and straight forward discussion

        In the last week or so we've discovered that the x86 chips aren't (or weren't for a long time) actually as hard as we'd hoped, so depending on what you mean by "truly" hardened I'd say that no OS running on commodity hardware can be truly hardened.

        That doesn't mean we can't do a lot better than several popular OSes currently do.

    2. Martin Gregorie Silver badge

      Re: This seems a very level-headed and straight forward discussion

      I was a bit surprised that Linus didn't think that the OS could ever be truly hardened. Perhaps that is just a limitation akin to Godel's theorem?

      What Linus said.

      Bugs aside, it may be possible to formally prove that an OS can't be fully hardened unless the hardware fully implements hardware rings of protection as used by MULTICS and VME/B and that firmware, hypervisors, OS, and application code are partitioned to take full advantage of the security the rings of protection provide.

      Yes, I'm aware that MULTICS and VME/B are ancient OSes and that,of the two, only VME/B is still maintained, that current Intel chips provide a reduced set of rings of protection (4 instead of the 8 used by MULTICS and VME/B) and that the likes of Windows 7 only uses two of them. They could do better: VME/B ran user code at level 7 with user data at level 8 so a program could not write to its code or be made to do so and could not access inner rings except via secure system calls. This level of code protection is totally unknown to Windows 7 (where the kernel runs at level zero and everything else is lumped together in level 2. Dunno Windows 8 & 10 do, but I'd hope the answer is 'better than that'. The same hope applies to Linux, BSD and the Apple OSen.

      Can anybody point at current hardware with more rings of protection than Intel chips or at any OS that uses all the levels provided by its target hardware?

      Isn't it about time any OS worthy of the name got hardened by making full use of the hardware's rings of protection. Just doing that would reduce the attack surface by quite a large amount.

      1. Christian Berger

        Re: This seems a very level-headed and straight forward discussion

        Well additional security boundaries are a good thing by themselves, but experience has shown that those boundaries either have holes in them, or are irrelevant.

        One example is ChromeOS which tries really hard to prevent you from getting to the kernel... which is completely irrelevant as you are only running a browser. Crack the browser and you are exactly where you want to be.

        Same goes for Android where Malware can just ask the user to have access to all valuable data.

        The basic problem is that you cannot contain malware. Once you have malware on your system, your system is compromised. All you can do is reduce your attack surface and make it easier to clean your system.

      2. BinkyTheMagicPaperclip

        Re: This seems a very level-headed and straight forward discussion

        x64 doesn't have as many levels as x86. OS/2 used ring 2 in a limited number of cases, but generally it's not used. When XFree86 was ported to OS/2, and needed to do fast I/O from user level (ring 3), the IOPL 16 bit ring 2 DLL feature was found to be appallingly slow, so a special device driver was used instead.

      3. nijam Silver badge

        Re: This seems a very level-headed and straight forward discussion

        > Isn't it about time any OS worthy of the name got hardened by making full use of the hardware's rings of protection. Just doing that would reduce the attack surface by quite a large amount.

        That might have been true when the hardware was (a) actually hardware, not microcode, and (b) simple enough to validate. Now, it's just a completely different set of attack surfaces.

      4. jaime

        Re: This seems a very level-headed and straight forward discussion

        Guess you didn't read this article.

        Windows uses more rings now including one's most people probably aren't even aware of i.e. negative rings!

        http://www.theregister.co.uk/2015/08/11/memory_hole_roots_intel_processors/

    3. Anonymous Coward
      Anonymous Coward

      Re: This seems a very level-headed and straight forward discussion

      "It's nice to have a few good points made without any sensationalism."

      Since I haven't seen a video its hard to know for sure, but I suspect the audience also didn't start hooting and clapping like a bunch of deranged seals and have a virtual orgasm every time Linus mentioned some trivial new feature or idea, which is what happens at Apple and MS events, or basically any large corporate event that can hire shills to sit in the audience or dangles the prospect of freebies to people who don't know the meaning of self respect or maturity.

      1. Stevie Silver badge

        4 Boltar: Shills

        You are aware of the difference between a tech conference and a marketing junket, aren't you?

        1. Destroy All Monsters Silver badge
          Big Brother

          Re: 4 Boltar: Shills

          It's the same as the difference between honest diplomacy and wargasm lies being pumped out by Judith Miller types, now being produced courtesy of AP.

    4. jaime

      Re: This seems a very level-headed and straight forward discussion

      He's a smart and pragmatic guy but even he knows there will always be someone smarter or at least more clever as he put it to get around any bulletproof hardening they might keep adding to Linux!

    5. beavershoes

      Re: This seems a very level-headed and straight forward discussion

      Godel's incompleteness theorem? That there are some truths that can never be proven? I see your logic if that is what you are talking about. Interesting analogy.

  2. chasil

    Pinky Pie

    "Most of the security issues we've had in the kernel – and happily they haven't been that big, or some of them are pretty big but they don't happen that often – most of them have been just completely stupid bugs that nobody really would have thought of as security issues normally, except for the fact that some clever person comes around and takes advantage of it."

    I believe that Pinky Pie, Geohot, Verizon, and AT&T would beg to differ.

    http://androidandme.com/2014/06/news/towelroot-can-root-most-samsung-phones-with-the-press-of-a-button/

    1. phil dude
      Megaphone

      Re: Pinky Pie

      I'll play. Samung screws with Android which is based on *a* linux kernel. But nearly all the bugs are due to crufty software that runs on top. If there's a kernel bug exploited, where is the update mechanism that addresses this within a reasonable amount of time? There isn't one you say....

      Still I have a great deal of respect for Linus, if for no other reason is that he keeps the focus on the technical matter and doesn't give way to politics...

      P.

  3. sisk

    Hold on a second

    Are you telling Linus Torvalds actually got through an interview without a single curse word or flipping anyone the bird? I didn't know he had it in him.

    1. jaime

      Re: Hold on a second

      It is a known fact that most people mellow with age so not surprising really. Think it has something to do with testosterone levels.

    2. sisk

      Re: Hold on a second

      One day I will learn to add the joke alert icon even when I think it obvious I'm joking...

  4. jonnycando
    Thumb Up

    Good talk.

    Linus may be ever so terse and gruff sometimes, but darn it, he makes sense!

  5. FozzyBear

    Wow, No sensationalist claims, a fair degree of honesty, a realistic view of the future direction (who knows what will happen in 5-10 years). No obviously empty promises. Considering the other IT related conferences I have been to lately I think I have woken up in a parallel dimension.

    1. sisk

      Nah. It's Linus. For all his personal flaws (and there are many, which he freely admits) he's always been fairly pragmatic and honest. That's one of the reasons he still has widespread respect despite the fact that a lot of people find his frequent tirades somewhat immature.

  6. frank ly

    The IoT Crowd

    Could a 'fork' of Linux be developed that went back to the basics of IoT system requirements and thus produced an IoT OS kernel that was small, well understood and had the advantages of years of bug clearouts?

    1. Esme

      Re: The IoT Crowd

      Isn't it something of the sort that the GNU Mach/Hurd kernel is trying to achieve, ie: keep the kernel as small as possible, and put all of the drivers etc outside it?

      1. Francis Vaughan

        Re: The IoT Crowd

        Given that the Gnu/Hurd predates Linux, one suspects that we will be waiting rather a long time. There is nothing magic in the Mach kernel's size. Putting things inside or outside of kernel mode execution doesn't really help the overall system size. It is the overall minimum system needed to operate that matters. After all, look at Mac OSX. Darwin is also a Mach kernel. Apple's chief scientist was for a long time Avie Trevannian - they guy who probably had the most to do with Mach's architecture and development (although it had some roots in Rick Rashid's Accent OS, and Rick was the guy who drive the Mach team. Ironically Rick vanished into MS years ago.)

    2. Anonymous Coward
      Anonymous Coward

      Re: The IoT Crowd

      The source is there so the short answer is 'of course'; it's never easy but always possible. If you didn't want to pay someone to strip down a current kernel you could still pay someone to backport lots of ARM stuff to 2.4 or even 2.2 and run with it.

    3. Christian Berger

      Re: The IoT Crowd

      Well the point is, for IoT systems you don't need the complexity of a full blown embedded Linux system. Linux is only used there because it's rather easy to use and gives you quick results.

      However there's lots of competition in the "smaller than Linux" "market". FreeRTOS/OpenRTOS is just one example of such a system.

      The real challenge we are facing right now is to prevent the Linux ecosystem from descending to ever higher levels of complexity. The kernel is already doing rather nicely in that regard, the problems are more in user space.

    4. Dave 126 Silver badge

      Re: The IoT Crowd

      >Could a 'fork' of Linux be developed that went back to the basics of IoT system requirements and thus produced an IoT OS kernel that was small, well understood and had the advantages of years of bug clearouts?

      You might, but in many cases you might choose to use an OS that already satisfies your requirements.... QNX, for example, is roughly a tenth of the size of the Linux kernal and has been used in industrial control for decades. VxWorks has been used in aerospace, industrial control and medical applications for a similar period.

      So, having been used for decades and being small makes these OSs more likely to be 'better understood'. And, unlike most flavours of Linux, they are also 'Real Time OSs' which is essential for some embedded applications.

      Linus was being sensible and honest when he suggested that trying to squash Linux to resemble these existing OSs is largely a waste of time.

      [ I have used proprietary OSs as my examples]

      1. billse10

        Re: The IoT Crowd

        working on a project where we've discussed doing exactly that, but the customer (who, after all, pays the bills) won't even discuss supporting anything that is not available from at least two commercial sources. Weirdly - annoyingly - Microsoft is an exception to that as "everyone uses it"; any ARM-based Linux variant that we do has to be a derivative and able to inherit security patches from a distro that PHBs have heard at a conference.

        Squashing Linux to resemble the stuff Mr. 126 mentions is, as he says, probably a waste of time, just like trying to bughunt every last one out of existence: trying to do both at once will probably result in despair.

    5. Tom 7 Silver badge

      Re: The IoT Crowd

      It really depends on what the Things are. Most of them wont need anything as powerful as the current Linux kernel - you'd be amazed what you can do with a PIC.

      As for things with slightly more demand if this Micro:bit thing works - well there's room for a kernel on that IIRC. Then it may not be long before someone makes a SOC of the Pi and that is more powerful than the average desktop of just a few years ago.

    6. CFWhitman

      Re: The IoT Crowd

      You could pare Linux down, but there's no good reason to do so. For certain applications you can just leave all the unnecessary modules out, and the kernel will be a lot smaller than it is in general purpose Linux distributions. When you need it smaller than that, there are alternatives, including open source ones like FreeRTOS, and in applications like that, a kernel that was designed for real time applications usually makes more sense anyway.

  7. Robert Grant Silver badge
    Happy

    Should've asked about microkernels

    Wouldn't that be a better architecture for Linux, Mr Torvalds?

    1. Esme

      Re: Should've asked about microkernels

      What would be the point? As I pointed out above the GNU Mach/Hurd kernel is doing that, and there is even a version of Debian that can be run on top of it. If Linus tried to replicate that he'd be reinventing the wheel. I suspect he might express his displeasure at the thought of doing so, were he asked :-}

      What'd be grand would be if the Mach/Hurd team got more support, so far as I can see. (NB: I am not a programmer, and have no idea if the Mach/Hurd team even want any more help at this juncture.)

    2. Destroy All Monsters Silver badge
      Holmes

      Re: Should've asked about microkernels

      Should have, could have.

      I remember that idea was rejected because there was Hurd going nowhere fast, microkernels were starting to go out of fashion (sometimes someone dowloaded the Mach manual), and Linus wanted to have something situated in a known technical domain at useful levels of functionality fast. Hence, monolithic kernel.

    3. Robert Grant Silver badge

      Re: Should've asked about microkernels

      Good grief downvoters, this was a joke. Don't you know anything about Linux? (And if not, don't you know what a smiley is?)

  8. Anonymous Coward
    Anonymous Coward

    Why would you need to shrink the kernel? Would you not just have a main hub running a kernel doing all the controlling and processing for all the IoT devices? The whole idea is that it's wireless so putting a kernel on a device would be pointless or am I missing something?

  9. Herbert Fruchtl
    Happy

    bugs

    Every program contains at least one bug.

    Every program can be made one line shorter.

    => Every program can be reduced to one line, and this line contains a bug. Or possibly zero lines, which makes it definitely wrong.

  10. saif
    Linux

    Salesmanship not required

    When one is not trying to persuade people, sell something, it is easier to be honest and frank. When something of value has zero cost, it is not necessary to load your conversations with hype. What is clear is that enough credit goes to the huge community that supports Linux.

  11. Anonymous Coward
    Anonymous Coward

    (In)Sane planning

    Planning years ahead might not be sane but sometimes must be done.

    (BTW, Darwin is a Mach kernel.)

  12. Herby

    Remember, Linus does pretty well...

    Considering his task to to "heard cats".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021