Linus and Dirk chat about AI, XZ, hardware, and more

One of the mainstays of the Linux Foundation's Open Source Summit is the "fireside chat" (sans fire) between Linus Torvalds and Dirk Hohndel to discuss open source and Linux kernel topics of the day. On April 17, at Open Source Summit North America (OSSNA) in Seattle, Washington, they held with tradition and discussed a range of topics including proper whitespace parsing, security, and the current AI craze.

Calm and boring

It has been a number of years since the Linux kernel was the exciting new technology. That seems to suit Torvalds just fine. Hohndel opened the discussion by asking where things stand with kernel development right now. Torvalds responded that the kernel was at 6.9-rc4 and that things seemed to be "calm and boring," which is as it should be for a 30-year-old project. Those seeking excitement, he said, should seek out "one of the hype areas".

But Linux does have a lot of drama and high-stakes discussions, Hohndel said. "A really important topic that has once again reared its head is tabs versus spaces." Torvalds rolled his eyes at this and muttered, but he was unable to resist taking the bait.

The topic was Torvalds taking exception to a patch that replaced a tab with a space character to make Kconfig files easier to parse. He showed his displeasure by purposely adding a few more tabs to a different Kconfig file that would trip up unwary programs. In the commit message, he wrote that it wasn't clear what tool failed to parse tabs correctly but it was in need of fixing: "Because if you can't parse tabs as whitespace, you should not be parsing the kernel Kconfig files".

Naturally, this got widespread attention. This, Torvalds said, "is the kind of excitement you get in the kernel community". Hohndel agreed, and said that the reason this garnered attention is because there's "not enough other drama" to focus on.

Hardware bugs

With that the discussion sailed on to more substantive topics, such as hardware bugs. Torvalds said that the security bugs in hardware have been very frustrating. He wasn't complaining about the work required to address hardware vulnerabilities, however, but the secrecy that comes into play when working to fix the issues. That, he complained, was not how he liked to work.

I love the development model where you can talk to people and work on interesting stuff, and the security issues we've had over the last decade have kind of destroyed that for me.

If it weren't for the secrecy, said Torvalds, "the challenges would otherwise be pretty interesting".

Another frustration for Torvalds is how long it takes to address a bug in the hardware itself. "We can react quite quickly in software", he said, "but then the hardware people are saying, oh, we have five generations of hardware that we can't fix after the fact". And, because the next couple of generations of hardware are already designed, it will take a few more years before new hardware can work around it.

Hohndel asked whether RISC-V, an open hardware platform, was going to be an improvement. Torvalds said that his fear was that RISC-V would make all the same mistakes that we've seen a decade earlier with x86. They'll be fixed more quickly, he predicted, because "by now people have learned something". But looking into a future with RISC-V being widely deployed, he expects to see the same problems that x86 and Arm have had.

Hohndel noted that the RISC-V work will be done in the open, providing an opportunity to come in early and say "we've tried this, and it doesn't work". Torvalds dismissed the idea that open hardware meant flaws would be caught in development, though, and said that there's a "big gulf between software and hardware people" that is hard to work across.

The XZ incident

The XZ backdoor was a dominant topic in presentations and hallway conversations at OSSNA this year. Naturally, Hohndel steered the conversation from hardware security to that topic.

Open source, Torvalds said, relies on "a certain amount of trust". Trusting people around you to do the right thing. Not only open source, he noted, but proprietary software as well. Communities and companies must depend on trusting people, and that trust can be violated.

Torvalds is no stranger to violations of trust. He gave the example of the University of Minnesota (UMN) sending patches with intentional bugs as part of an experiment. Kernel maintainers caught the bad patches, and were really upset about being experimented on. That study was interesting, he said, but "they didn't do it very well".

While the study was poorly executed, most people would agree the UMN incident was not malicious. The XZ backdoor was malicious, and Torvalds pointed out that "nobody had any explicit gates in place to try to catch this". Despite that, though, "it was caught fairly quickly". Not because of procedures or processes, but because it was found randomly when a developer noticed something wrong. But random is good, Torvalds said. It's not possible to always have specific rules in place to catch everything, and when there are rules in place, attackers can try to work around them. The fact that XZ was caught, and quickly, "does imply a fairly strong amount of stability".

However, he did say that this event is a wake-up call, and there are now "a lot of people looking into various measures in the kernel". The biggest defense, said Torvalds, is "a healthy community". The Linux kernel community is that, with an "incredibly big, incredibly entwined and connected community where there are multi-year and multi-decade relationships", he said. It is also, he was quick to point out, an outlier. Many open-source projects are run by just a few people, or just one, whereas "we have 1,000 people that basically participate in every single release every couple of months". So what the kernel does can't apply to 99 percent of other projects.

Here, Hohndel called on the audience to get involved. "Each of you works for a company, have your company adopt a couple of such projects and just participate." Every bit helps, he said, read the code, be part of review, "provide moral support to the maintainers".

But while the bad actors are out there and draw attention they're not the main problem, according to Torvalds. The main problem is that there will continue to be bugs because no one is perfect, and those need solving as well.

AI

To bring the topic back to something "fun and entirely uncontroversial", Hohndel decided to steer the chat in the direction of AI. If you want to double your salary, he said, just add "AI" to your title. Until it takes all the jobs. "What I find so interesting is this idea that [generative] AI is going to be the end of programmers, the end of authors", Hohndel said. Even Torvalds would be replaced by an AI model.

"Finally!", Torvalds joked. "I hate the hype", he said, but he does find the technology interesting. It has also had some positives, like bringing companies to the table for kernel development. "For example, a company like NVIDIA—who is not exactly famous for being great at interacting with the kernel community—has been much more active". Suddenly, he said, they started caring about Linux. So it has had a positive impact.

However, he cautioned that people should take a wait-and-see approach. And he was optimistic about the technology making it easier to catch kernel bugs. "Making the tools smarter is not a bad thing", he said, but warned against "gloom and doom" or over-hyping the technology.

What's next

Torvalds is no stranger to making tools. A little project called "Git" has also had an enormous impact on the industry. But that, Hohndel pointed out, was more than a decade ago. People want to know "what's next"? When will we see another major project?

If Torvalds has his way, the answer to the question is never. "I say that because every single project I've started always started from me being frustrated with other people being incompetent." Or, he added, with their money-grubbing. So he hopes that he doesn't find himself in that situation again, or "that there will be somebody else who solves my problems".

Right now, Torvalds said, "I don't have any huge problems, Linux for me solved all the problems I had way back in '92 or '93". If others hadn't found it useful, "I would not have continued".

By this time, the pair had run out of time. Hohndel said he had many more questions, but they would have to save them for Hong Kong, where the next Open Source Summit will be held in August.

[Thanks to the Linux Foundation, LWN's travel sponsor, for supporting our travel to this event.]