At the annual LinuxCon event in Seattle, Linux creator Linus Torvalds revealed how he thinks about security. Torvalds was onstage with Linux Foundation Executive Director Jim Zemlin, who asked the Linux founder how he feels about being the boss of Linux.
“I love open source and how all the credit comes to me,” Torvalds said. “Realistically though, I only have the power to say no.”
Zemlin asked Torvalds how he sees security in Linux, which is a topic of increasing concern with multiple high-profile open-source vulnerabilities in the last year, including the Heartbleed and Shellshock flaws.
Torvalds said he’s sometimes at odds with the security community. In his view, many in the security community only see issues as black and white, right or wrong.
Torvalds stressed that it is not possible to ever entirely be rid of bugs in software and that some bugs will, in fact, be security issues. Given that bugs are inevitable, Torvalds said that security will never be perfect in Linux.
That said, Torvalds emphasized that, in the Linux kernel, the community is very careful and has strict standards on how to get code into the kernel.
“The only real solution to security is to admit that bugs happen,” Torvalds said, “and then mitigate them by having multiple layers, so if you have a hole in one component, the next layer will catch the issue.”
Torvalds added, “Anyone that thinks that we’ll be entirely secure is just not realistic; we’ll always have issues.”
Zemlin also asked Torvalds about Docker containers, a hot topic at LinuxCon and the broader technology community in 2015. Torvalds said he doesn’t really think much about containers as the Linux kernel tends to be fairly far removed from buzzwords.
“We’re an infrastructure play, and I only care about how people use the kernel,” Torvalds said.
Torvalds also talked about the emerging world of the Internet of things (IoT), where Linux is a major player today on embedded systems. A key concern about Linux on IoT devices, however, is the growing size of the Linux kernel.
“We’re trying to be a lean-and-mean IoT machine,” Torvalds said. “But it’s always hard to get rid of unnecessary fat.”
Realistically, the Linux kernel will not shrink down to the size it was 20 years ago, but it can still shrink to a certain degree, Torvalds said. “But if you do want to look at really small devices, you might need to look at other alternatives,” he said.
Zemlin also asked Torvalds about his vision for Linux and where Linux will be in 10 years. Torvalds responded that he doesn’t look all that far into the future. “I’m a very plodding, pedestrian person and look only about six months ahead,” Torvalds said. “I look at the current release and the next one, as I don’t think planning 10 years ahead is sane.”
Torvalds said that if he went back 10 years, there is no way he could have planned what has happened and landed in Linux today. While Torvalds himself isn’t looking 10 years into the future, that doesn’t mean there isn’t a vision for Linux.
“I think that with open source, you have companies that are trying to make the next 10 years happen, so those companies can push their own agenda in Linux,” Torvalds said. “They know what they need for the next 10 years, so even if I’m not forward-thinking, the whole process encourages forward-thinking behavior.
Originally published on eWeek
Beijing reportedly begins blocking the use of Intel and AMD chips in government computers, and…
Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…
Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…
Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…
Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…
While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…