The ups and downs of life with Linus

The ups and downs of life with Linus

Summary: FOSDEM: He may be the saint of the Linux community, but it sounds like Linus Torvalds - with his secret security fixes - could still be a challenge to work with

SHARE:

Linux kernel maintainer Alan Cox has given an insight into the experience of working with Linus Torvalds, the founder of Linux who maintains its development kernel.

During a talk last weekend at the Free and Open source Software Developers European Meeting, FOSDEM, on the challenges of maintaining a stable Linux kernel, Cox revealed that although Linus is good at developing code, he does not enjoy some of the other jobs that go along with software development such as bug fixing and beta testing.

"Linus is a good developer, but is a terrible engineer," said Cox. "I'm sure he would agree with that."

Cox explained that he and Torvalds sometimes have different approaches to fixing a problem, due in part to their different responsibilities. As the maintainer of the development kernel Torvalds needs make sure the kernel code is easy to maintain, while Cox is more interested in kernel stability and is not so worried about "hacking" the code to get it to work.

"One of the hard problems to fix are design errors," said Cox. "These are a pain because they need a lot of refactoring. Linus' approach is to re-write it to a better design. But to get a stable kernel you tend to do small horrible fixes. Linus is very keen to have maintainable code, while to have a stable kernel I'm keen to have code that works."

Cox said that Torvalds does not always let people know when he has fixed a security bug in the kernel. This can be a problem as the patch will take a while to make it to production, which means that hackers can exploit the vulnerability before it is made available to individuals and enterprises running Linux.

"Linus has this bad habit of fixing security holes quietly," said Cox. "This is a bad idea as some people read all the kernel patches to find the security holes."

Linux enjoys a reputation as a particulary secure operating system, compared to rivals such as Microsoft's Windows. Last month a mailing list was set up to help Linux kernel developers share information on security flaws.

Deciding what bugs to fix in the Linux kernel is not always easy, particularly as fixing it can impact other applications. Cox said he gives top priority to bugs that are reported soon after the release candidate is made available.

"Release candidates will pick out a lot of the stupid bugs, and what are plain stupid ideas," said Cox. "Two or three days after the release candidate we will have 150 emails with same bugs."

These early issues can be easy to fix as they are often obvious bugs. "Early problems you get are normally very easy to fix," said Cox. "As soon as the release comes out bug reports say 'You've broken this'. Almost immediately you go, 'Whoops, that’s my mistake'. Ten minutes later the fix is in the development tree."

But kernel bugs that appear easy to fix can be misleading. "Sometimes you see a fix and think 'this is perfect, move my fix into the kernel tree'," said Cox. "Later you think, 'I must have been drunk. Don't apply that patch'."

Topics: Apps, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • Alan and Linux are very well respected. And I suspect that Linus would say that he isn't a beta testing engineer. Because he isn't. Not that it has much significance since the entire planet beta tests and submits patches.

    Even engineers screw up too, in reference to "secret" patches that Linus makes and is undocumented. This may be true, I don't know.

    But what I do know is that engineers like Alan are not infallible either. RedHat 8.0 with an exclusive mutant gcc compiler come to mind. It essentially made the OS useless since no app in the world, save RedHat's own recompiled selected apps, would run on it. That was a step up from an undocumented patching mistakes from my point of view. Linus never blew up my OS with his patches.

    But credit where credit is due. Both developers(project managers) and engineers(bug fixers) are complimentary and check and balance each other. I respect Alan and Linux very much and in equal parts. End.
    anonymous
  • Huh? Linus is bad engineer because he likes to write maintainable code?? Alan Cox is a better engineer because he prefers hacking together a quick solution??

    Are we suddenly in some alternate-reality universe?
    anonymous
  • Pretty hard to be a great engineer when one hand is holding a security blanket.
    anonymous
  • I have but the utmost respect for both Alan and Linus. This article itsef seems fishy , mention of ziff-davis and surrounding sponsored links like "How windows TCO is better than linux" is enuff to convince me the need for this post. Why a small argument btw colleaues would get this much imporatance and go on zdnet as an article.
    anonymous
  • Sounds like an immature development/QA process. I'd like to know the flow of product from Linus through release, (assuming that there is a process).

    Linus should not have to handle a lot of organizational details. Use him as he is and give him support in the areas where he is weak or (more likely) disinterested..

    Does Linus have a gopher to handle the mundane stuff? He should! The gopher could do the builds and document them with minimum impact on Linus.

    Some meta-advice; don't give him too much support i.e. smother him with love!
    anonymous
  • "I have but the utmost respect for both Alan and Linus. This article itsef seems fishy , mention of ziff-davis and surrounding sponsored links like "How windows TCO is better than linux" is enuff to convince me the need for this post. Why a small argument btw colleaues would get this much imporatance and go on zdnet as an article. "

    What? In English, please.

    If you're saying that the article isn't particularly newsworthy, I agree. Slashdot has even linked to it for some stupid reason.
    anonymous
  • I suppect Microsoft is behind this kind of publication.
    If you can stop linux popularity!!! and growing market!! Start the personal attack and start making false accusation.
    The same thing happened in all part of our life!!
    If you can't win destroy!!
    anonymous
  • I would agree with some of the earlier comments, ZDNET + surrounding $Microsoft ads = suspicious minds. Alan and Linus are both top dogs in my book. Sounds like $Microsoft jealousy has put the story editors up to this.
    anonymous
  • Whoever disparaged the poster for poor English was surely not being very decent. English is not the mothertongue for many of us (including me), but that is no reason to run down a post (er) that easily made sense.
    anonymous
  • Anyone who was actually at the conference would realise that this article is 100% accurate.

    Cox made a speech about the challenges of maintaining a stable kernel that was both honest and pragmatic. He is clearly not an anit-Linux (or anti-Linus) campaigner, but this doesn't mean he should not be candid about the limitations and weaknesses of the current development model. An open debate is essential to facilitate further progress - both Mr Cox (and ZDNet) are right to shed light on such issues.

    There are many people in the Linux community whose almost religious devotion to the product and it's creator would do well to listen more carefully to what Mr Cox has to say.
    anonymous
  • Conspiracy theory bordering on the insane now... I guess the EU will erect a shrine on the mount to Linus next.

    ZDNET is filled with harsh articles against MS, but those you all just cheerlead.

    This article is interesting and it IS news precisely because Linux is becoming popular.

    I guess you want all of the benefits of increased adoption with none of the drawbacks (ie - deeper analysis of both the platform and the process behind its development).

    Its just really hillarious to see a bunch of jihadists on a message board dragging out every excuse possible and going so far as to disparage one of the key KERNEL ARCHITECTS rather than simply reading and learning from the article.

    If you really cared about the OS and werent just zealous holy avengers on a crusade against the "evils of MS and the USA", you'd find articles like this interesting and enlightening rather than a sign of black helicopters circling.
    anonymous