Check out all the on-demand sessions from the Intelligent Security Summit here.
After 30 years of working on Linux, Linus Torvalds is still enthusiastic about the open-source operating system he created and its future prospects for innovation.
Today, the Linux operating system is at the foundation of cloud, edge, embedded and internet of things (IoT) technologies that enable the operations of billions of devices. Linux is developed by an open community of contributors with new versions of the core, known as the Linux kernel, released every six to ten weeks. Each of those new major kernel updates are released by none other than Torvalds himself.
At the Open Source Summit event today, Torvalds discussed the state of Linux, in a fireside chat with his longtime friend Dirk Hohndel, who currently is the chief open-source officer at the Cardano Foundation. The conversation ranged from the state of open-source security, to new technology and the impact of the pandemic on Linux development.
Torvalds noted that undoubtedly the COVID-19 pandemic impacted many people in the Linux community negatively. The negative impact, however, did not carry forward to development.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
“In the first few months in various lockdowns, our productivity actually went up, because we’ve always worked over email and most people were already working from home,” Torvalds said.
How the ‘boring’ Linux kernel development process works
The Linux kernel development process has remained relatively unchanged for at least the last 15 years, according to Torvalds.
In 2005, Torvalds created the open-source Git version control system to help enable a faster and more optimized approach to development. Git today is one of the primary technologies behind all open-source development, powering the GitHub code service, among others.
“We’ve had the same process and the same release schedules and in that sense kernel development has been very calm and not exciting from a process standpoint, and that’s actually exactly what I think you want,” Torvalds said. “You want to have a stable process so that people don’t get upset about how all the infrastructure is changing.”
While the development process is boring and predictable, Torvalds said that after more than 30 years of working on Linux he’s still surprised and pleased that there are many new things coming into the kernel with no shortage of innovation.
“One of the things that I, personally, enjoy the most is that we’re not a dead project,” Torvalds said.
Rust is coming to Linux
In the physical world, when rust appears on metal it’s usually a sign of age and decay, but the same isn’t true for the inclusion of ‘Rust’ into Linux.
Among the changes coming to Linux is the inclusion of code written in the open-source Rust programming language. Torvalds said that Rust might be included in the next Linux kernel release, which drew a large round of applause from the Open Source Summit audience. Linux is mostly written in the C programming language.
Rust is different from C in that it provides better utilization and protection of compute memory resources. Torvalds said that the Linux kernel was going to try out Rust in a very limited way. He reminded the audience that 25 years ago, the Linux kernel tinkered with the idea of using the C++ programming language, in an effort that ultimately ended up failing.
“Technical people want to do something new and fun, and I think rest makes a lot of technical sense,” Torvalds said.
Open-source security will never be 100%
Security is a key theme in the open-source community recently and especially at the Open Source Summit event.
The Linux Foundation’s OpenSSF (Open Source Security Foundation) recently revealed that it will cost $150 million in a multi-year effort to secure open-source software. Just this morning, a report was released noted that there is an overall lack of confidence in open-source security.
Torvalds doesn’t expect that open-source software, including the Linux kernel, will ever be 100% secure and bug free.
“Bugs will happen, if they don’t happen in hardware, they will happen in software and if they don’t happen in your software and they will happen in somebody else’s software,” Torvalds said. “The only way to try to do security right is by having layers of security.”
Torvalds emphasized the Linux kernel is just one layer of an overall application stack. Inside the kernel, he explained that there are already multiple layers of security for different parts of the process. He said that for developers that are building a whole application stack, every single layer in the stack needs to have some concept of what to do if there is a security bug and what happens if there’s a bug in a layer above or below the application code the developer is working on.
“Anybody who thinks you can get to 100% security is living in some dream world that is just not this reality,” Torvalds said.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.