Linus Torvalds on Containers, IoT, Security
There was a Linus Torvalds sighting this week in Seattle.
The father of the Linux kernel that underpins the open source movement showed up at the annual Linux conference to briefly address issues ranging from application containers and the future of the Internet of Things (IoT) to coding more secure software.
Some have compared Torvalds and the open source movement he helped spawn as an economic powerhouse equal to what Henry Ford did for automobiles. "I love open source and how all the credit goes to me," he told Jim Zemlin, executive director of the Linux Foundation during a brief question-and-answer session on Wednesday (Aug. 19). "The only power I really have is [the option] to say 'no'."
Topic A at LinuxCon is the dizzying pace of development around applications containers, particularly Docker. Torvalds punted on the question of where he sees the technology headed. "I'm so happy that the [Linux] kernel tends to be fairly far removed from all these issues, all the buzzwords and all the new technologies. We end up being in a situation where …we only care about how people use the kernel."
Referring to the standards spats revolving around container technologies that have threatened to fragment the movement, Torvalds added: "I don't get involved with the politics of all the different groups and all the infrastructure that goes on top" of the Linux kernel. "And I'm really happy I don't have to."
As for the IoT, Torvalds acknowledged "the pressure to shrink the kernel" to fit onto more and smaller devices. "It's something that everyone has always wished for." He noted that the Linus kernel started with perhaps a few megabytes and has since grown to tens of megabytes in size. "I'm trying to get back to being a lean, mean IoT machine," Torvalds said.
Meanwhile, the Linux Foundation has initiated a major push into secure coding as vulnerabilities are exploited in a steady stream of high-profile security breaches. Torvalds warned that security remains an uphill battle.
"The security community tends to be very black and white," he argued. "Security is [about software] bugs." Most of the security issues related to open source development have been "completely stupid bugs that no one really would have thought of as having security issues."
"You're never going to get rid of bugs [and] security is never going to be perfect." Given that it is virtually impossible to eliminate software bugs, the alternative is trying to "mitigate them by having multiple layers of security so that if you have only one component [with a bug] the next component will catch it," Torvalds added.
"Anybody who thinks that we will be entirely secure is just not being realistic. We will always have issues."
Torvalds cited networking approaches like random packet testing as another possible security approach. "What I'd love to see is that anybody who does network connections [employs] just random packet testing."
Ultimately, Torvalds concluded, being aware of security issues and "thinking about them occasionally is the first step" toward more secure open source code.
