Linux creator Linus Torvalds talks about the 'XZ Utils issue,' 'open source development,' 'RISC-V,' 'the rise of AI,' and more


the Open Source Summit North America held by The Linux Foundation from April 16 to 18, 2024, Linus Torvalds, the creator of Linux and known as the benevolent lifelong dictator of Linux kernel development, held a public discussion with Dirk Hoendel, head of Verizon's open source program office, on Linux development and related issues.

Linus Torvalds on Security, AI, Open Source and Trust - The New Stack

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype | ZDNET

Today's AI may just be 'autocorrect on steroids' but it's made Linus Torvalds mellow out over Nvidia | PC Gamer

Linus Torvalds Discusses AI and Nvidia at Open Source Summit

In his conversation with Horndel, Torvalds praised the way software developers reacted to errors during development, but he also criticized the slow pace of hardware fixes. 'This is very frustrating for software developers,' Torvalds said.

In response to this current situation, Horndel said, 'Is using open source hardware the key to breaking through this situation?' 'In recent years, RISC-V , an open source instruction set architecture, has been on the rise,' Torvalds said, 'I don't think so.' Torvalds pointed out, 'As RISC-V grows into a larger, more widely deployed platform, it will have the same problems that ARM and x86 have. And it will take several generations for RISC-V developers to realize that they never thought of that.'

'There's a pretty big gap between the standard hardware description language, Verilog , and the kernel,' Horndel said. 'Basically, software developers are working so far away from the hardware developers that they have no idea how the actual hardware works. So it's very hard to work across that gap.'


TED Conference

In recent years, open source projects have been plagued by problems where developers who appear to be normal developers have actually embedded malicious code into their code. In fact, the compression tool XZ Utils was found to have a malicious backdoor installed by a person named Jia Tan.

Summary of the timeline leading up to the backdoor attack on XZ Utils - GIGAZINE

Regarding this issue, Torvalds said, 'The XZ Utils backdoor was discovered just one month after the attack began. The fact that an open source project was able to discover such an attack is proof that the project has a healthy community with strong stability.' On the other hand, Torvalds speculates that the attack was discovered because it was a large project like XZ Utils, and points out that it is impossible for small open source projects, which account for 99% of all projects. Therefore, 'This incident was a good opportunity to learn which developers can be trusted. The kernel has a cryptographic software called ' PGP ' as the basis of the network to gain trust, but in the future, a model will be built that will immediately tell you that 'this developer is new' or 'this developer is behaving differently than usual.''

Both Torvalds and Horndel have previously expressed disapproval of the growing hype surrounding the current state of AI, with Torvalds previously calling AI chipmaker Nvidia 'the worst company we've ever seen.'

However, in the conversation, Torvalds said, 'Linux is becoming necessary to efficiently run the large-scale language models used in AI. Therefore, NVIDIA has been in dialogue with Linux kernel developers, and as a result, Linux memory management work has improved dramatically.' He also said, 'We are looking forward to the development of tools that can find bugs in programs with AI. It is not a bad thing to use AI to make tools smarter. Some of the traditional tools are very difficult to use, so AI will be a great help.'

in Software, Posted by log1r_ut