- Linus Torvalds: After 30 years, Linux is not a dead project
- Share this:
- Like this:
- Related
- Post navigation
- Endpoint Cybersecurity
- IT Security auf Deutsch
- Daily Summary
- Categories
- Top Posts & Pages
- Linus Torvalds: After 30 years, Linux is not a dead project
- Event
- How the ‘boring’ Linux kernel development process works
- Rust is coming to Linux
- Open-source security will never be 100%
- Linux Isn’t Dead. GNU Just Killed Itself.
- Tivoization Ignores Hardware Constraints
- ARM with Linux is Getting Smaller and Smaller
- We Don’t Need No Stinking Network
- GPLv3 Software Libraries are at Greatest Risk
- Unethical License Naming and Release
- GPLv3 is Bad for Linux
- See Also
Linus Torvalds: After 30 years, Linux is not a dead project
At the Open Source Summit event today, Torvalds discussed the state of Linux, open-source security and new technology and the impact of the pandemic on Linux development.
Read the original article:
Share this:
Like this:
Related
Post navigation
Endpoint Cybersecurity
— Consulting in building your security products
— Android security software
— Pentests and Security tests for applications
— Cybersecurity Management Systems for Automotive(ISO 21434, WP.29)
— Support in TISAX audits
IT Security auf Deutsch
- heise-Angebot: Sichere Softwareentwicklung: Jetzt noch Frühbucherticket zur heise devSec buchen July 17, 2023
- Zuckerbergs Twitter-Klon sorgt für Ansturm auf völlig unbekannte Threads-App July 17, 2023
- Konkurrenz für Dall-E und Stable Diffusion: Meta zeigt neue Bild-KI July 17, 2023
- Bedrohung aus dem Untergrund: Wie WormGPT Phishing-Angriffe automatisiert July 17, 2023
- Was leistet das neue Data Privacy Framework? July 17, 2023
- PHP: Schwachstelle ermöglicht Offenlegung von Informationen July 17, 2023
- Bouncy Castle: Schwachstelle ermöglicht Offenlegung von Informationen July 17, 2023
- Lednerb IT-Security GmbH – Externer IT-Sicherheitskontakt (security.txt) (365 Tage) July 17, 2023
- Windows: RAM-Geschwindigkeit anzeigen July 17, 2023
- Oracle Java SE: Mehrere Schwachstellen July 17, 2023
Daily Summary
Categories
Top Posts & Pages
Copyright © 2023 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.
Linus Torvalds: After 30 years, Linux is not a dead project
After 30 years of working on Linux, Linus Torvalds is still enthusiastic about the open-source operating system he created and its future prospects for innovation.
Today, the Linux operating system is at the foundation of cloud, edge, embedded and internet of things (IoT) technologies that enable the operations of billions of devices. Linux is developed by an open community of contributors with new versions of the core, known as the Linux kernel, released every six to ten weeks. Each of those new major kernel updates are released by none other than Torvalds himself.
At the Open Source Summit event today, Torvalds discussed the state of Linux, in a fireside chat with his longtime friend Dirk Hohndel, who currently is the chief open-source officer at the Cardano Foundation. The conversation ranged from the state of open-source security, to new technology and the impact of the pandemic on Linux development.
Torvalds noted that undoubtedly the COVID-19 pandemic impacted many people in the Linux community negatively. The negative impact, however, did not carry forward to development.
Event
Join us at the leading event on applied AI for enterprise business and technology decision makers in-person July 19 and virtually from July 20-28.
“In the first few months in various lockdowns, our productivity actually went up, because we’ve always worked over email and most people were already working from home,” Torvalds said.
How the ‘boring’ Linux kernel development process works
The Linux kernel development process has remained relatively unchanged for at least the last 15 years, according to Torvalds.
In 2005, Torvalds created the open-source Git version control system to help enable a faster and more optimized approach to development. Git today is one of the primary technologies behind all open-source development, powering the GitHub code service, among others.
“We’ve had the same process and the same release schedules and in that sense kernel development has been very calm and not exciting from a process standpoint, and that’s actually exactly what I think you want,” Torvalds said. “You want to have a stable process so that people don’t get upset about how all the infrastructure is changing.”
While the development process is boring and predictable, Torvalds said that after more than 30 years of working on Linux he’s still surprised and pleased that there are many new things coming into the kernel with no shortage of innovation.
“One of the things that I, personally, enjoy the most is that we’re not a dead project,” Torvalds said.
Rust is coming to Linux
In the physical world, when rust appears on metal it’s usually a sign of age and decay, but the same isn’t true for the inclusion of ‘Rust’ into Linux.
Among the changes coming to Linux is the inclusion of code written in the open-source Rust programming language. Torvalds said that Rust might be included in the next Linux kernel release, which drew a large round of applause from the Open Source Summit audience. Linux is mostly written in the C programming language.
Rust is different from C in that it provides better utilization and protection of compute memory resources. Torvalds said that the Linux kernel was going to try out Rust in a very limited way. He reminded the audience that 25 years ago, the Linux kernel tinkered with the idea of using the C++ programming language, in an effort that ultimately ended up failing.
“Technical people want to do something new and fun, and I think rest makes a lot of technical sense,” Torvalds said.
Open-source security will never be 100%
Security is a key theme in the open-source community recently and especially at the Open Source Summit event.
The Linux Foundation’s OpenSSF (Open Source Security Foundation) recently revealed that it will cost $150 million in a multi-year effort to secure open-source software. Just this morning, a report was released noted that there is an overall lack of confidence in open-source security.
Torvalds doesn’t expect that open-source software, including the Linux kernel, will ever be 100% secure and bug free.
“Bugs will happen, if they don’t happen in hardware, they will happen in software and if they don’t happen in your software and they will happen in somebody else’s software,” Torvalds said. “The only way to try to do security right is by having layers of security.”
Torvalds emphasized the Linux kernel is just one layer of an overall application stack. Inside the kernel, he explained that there are already multiple layers of security for different parts of the process. He said that for developers that are building a whole application stack, every single layer in the stack needs to have some concept of what to do if there is a security bug and what happens if there’s a bug in a layer above or below the application code the developer is working on.
“Anybody who thinks you can get to 100% security is living in some dream world that is just not this reality,” Torvalds said.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.
Linux Isn’t Dead. GNU Just Killed Itself.
The GPLv3 license placed on all GNU software — that was originally intended to cover the Linux kernel as all previous GPL licenses had done until Linus Torvaldz vetoed it — has destroyed the reputation of the GNU project and indirectly a lot of interest in Linux as well. Software projects and organizations are fleeing GNU as fast as they can. But Linux will remain alive as the short-sighted, over-reaching GNU project and unethical FSF organization slowly die the death they deserve.
Tivoization Ignores Hardware Constraints
The Tivoization clause is poorly-conceived, overreaching, and limits freedoms rather than promoting them by going completely against the original intent of the GPLv2 license that was mostly about giving back any changes made to any software. GPLv3 forces hardware makers to provide some way to update the software without any consideration or concern for what a specific user needs related to that hardware.
ARM with Linux is Getting Smaller and Smaller
The FSF’s draconian decision to force upgrades of GNU software ignores the reality that devices running GNU software are getting smaller and smaller.
Perhaps this oversight is because some FSF members don’t use modern devices like mobile phones, or they are too old or isolated to understand their value.
“But you don’t need devices that size and you should give up your ‘Smart’ phones like me!”
ARM chips have become something of a standard in the IoT world and Linux is usually the pick. But as ARM and RAM chips continue to shrink and microcontrollers further fall out of favor due to their limitations compared to a full operating system it seems obvious Linux will continue to be installed on smaller and smaller devices. Eventually any physical interface will be impossible. Imagine a lapel pin, baseball cap, belt, conference credential, or door key running Linux.
We Don’t Need No Stinking Network
Many of these devices do not need network connectivity at all. In fact, allowing network access to such a device would be a gross and unnecessary security risk, as is the case with most microcontrollers included in consumer products today. Assuming all devices running any GPLv3 software will have network access is not just short-sighting, it’s fucking idiotic. GPLv3 stops anything licensed with it from being used on any modern or future device that does not have an interface.
The “smallest Linux computer in the world” right now is still huge compared to what is possible without providing any network or upgrade interface.
GPLv3 Software Libraries are at Greatest Risk
GPLv3 software libraries lose the most.
Most of the GNU Core Utilities affected by GPLv3 are wasted bloat when the size of the computer running Linux reaches the size of a door key. But who cares about interactive GNU tools at that point. A product designer can create Linux From Scratch and leave all the useless GNU “utilities” out of it.
Most GNU “core” utilities are ancient boomer tech full of ancient technical debt in need of a safer and more maintainable rewrite anyway at this point. Many of them have already been superseded by better alternatives like k3os which is based on Alpine Linux that contains zero GNU code, not even glibc . It’s just a matter of time before the entire GNU core library has a plug-n-play replacement, which will probably be written in Go and/or Rust. Most of k3os and OSes like it are almost entirely in Go these days (except for the Linux kernel, of course).
However, when the product designer begins to choose or develop software for that tiny, no-interface device anything licensed under GPLv3 is automatically ruled out since it’s illegal. Doesn’t matter how good it is. It’s out.
Software engineers choosing to release under GPLv3 have permanently banned themselves from many modern and future Linux devices too small to have an interface.
Stay relevant. Release your software under GPLv2.
Unethical License Naming and Release
The Free Software Foundation’s dirty treatment of the GPLv3 license roll-out, which should have clearly required a new name, was completely unethical and sought to undermine the rights and freedoms of those who had already decided to use GPLv2 “or later” software already installed. Linus Torvaldz and many others rightfully abandoned any work or association to the FSF and GNU and now actively seek software written without the GPLv3 license at all.
GPLv3 is Bad for Linux
What and how software is to be installed and upgraded on hardware is not an FSF decision. Hell, it has more to do with hardware than software. You know, the S in FSF. No doubt the issue of corporate control over devices is a very real concern but the resolution and debate is not related to the software at all. It is a separate issue that needs attention. Forcing a software license to suddenly reduce the freedoms of hardware manufacturers is not the way to resolve it. In fact, it forces the GPLv3 into a hardware licensing space where it simply does not belong — at all.
Maybe the Free Software Foundation should be legally required to change its name to Free Software and Hardware Foundation instead. They are operating way out of their original charter at this point.
All of this means many more device designers are overlooking Linux entirely, not just Apple and Google. This is really too bad because it is happening at the same time the capacity for smaller devices to run an entire Linux OS is increasing. GNU licenses were already problematic for most companies, big and small — including those which aren’t as evil as others — but now GNU is simply not an option, and too often they will continue to throw Linux out along with it.
Linux is not dead. GNU just killed itself.