Linus Torvalds: Speaks on Linux and Hardware SECURITY Issues 

What type of CPU are you using?

For anyone perhaps not aware, they're talking about speculative CPU execution. In essence, it's where a CPU will try to predict the next set of instructions and load them into the CPU cache for execution, even though they may not be the actual instructions that will be run. It's a way to try to increase performance. It's led to serious security vulnerabilities like Spectre and Meltdown.

It sounds like Linus or someone in the kernel developer community should write a book about common mistakes when developing processors for the server space and how to avoid them.

I do find it interesting that he has all this knowledge of the types of mistakes that get made but feels he can't communicate those things to them in ways they would listen to, even with the recent history of ARM repeating them to point to as a pattern.

Open source instruction set is different than open source hardware. If RISC-V gets put into the server space there is no guarantee that the open source instruction set will translate to open source hardware design is it possible yea because the instruction set is open source but most hardware companies don't want to give away their implementations of the instruction set for free.

I wonder how many years it will take that the hardware manufacturers start adding such bugs intentionally with the intention to reveal them to the public some years later to boost new hardware sales, as everyone wants to update their old hardware to non-buggy new ones. I would be surprised if this hasn't been discussed some years ago already in some of the hardware companies.

The most "horrendous" thing about this secrecy is that mainly the people that abuse the problems are the ones that knows about it, instead of the people that can and want fix it.

No computer is secure - read Ken Thompson's Turing Lecture "On Trusting Trust." A simple attack if you've ever had your hands on the compiler, assembler or microcode.

I think the way you linked to the original video is weird. With the new UI in description for links it was difficult to find. Maybe put it on top?

it's why NASA picket Commodore's Amiga machines in their logistics & primary rocket computer controller in the late 80s & early 90's, because they where the only ones that gave them everything they wanted 100% open with all the papers, guides.. because everyone they asked said NO! like apple, atari, IBM and others ( for NASA ofc) but, others to like SCALA , newtek..and so on

If the hardware has at least one problem then the software can not solve it. I am paranoid about the lack of security of this hardware in my plans of building a server that runs bank-confidential apps (or medicare-confidential apps by example).

thanks for including the full interview link!

At least RISC-V has the benefit of hindsight. speculative execution exploits are now well known and understood. Trading security for speed will bite you in the ass. Security researchers will find you out. I don't expect this would be much of an issue for RISC-V unless it's designers have their heads in the sand with an it'll be all right attitude.

Date of this interview?

It's time for RISC to shine! Raspberry pi and custom made laptops for the win!

Linux foundation spends only 2% of its revenue on kernel development. Maybe they should spend some money on hardware?

Would having parts of a CPU being a FPGA that could be updated be the solution? I know that real hardware is better but we could maybe sacrifice something to fix that problem no?

Whats coming on Kernel 7.0!?

Btw what is the context of the interview? Care to explain?

Ryzen 5800X on x370 for main system. Am interested in ARM Snapdragon X Elite for my next companion PC... But seems ARM oversold Linux support in a statement, and the varying notebooks available are posing interesting problems from multiple angles for the time being. 😕

What the added value was for this re-upload video?

Wow, Linux is actually the main operating system of the world, and Microsoft Windows is just the only commercial alternative. I correct my comment. There is no desktop Linux Ubuntu. It is just a command box with no installers or user-friendliness

Linux Torvolds? Maybe proofread your titles?

My frustraition is that is things ALLWAYS breaks in Linux. I think i spend about 30 hours a week to try figuring what is going on. This week, it was My am5 ethernet on x670-e mb. An ancient problem that has never been fixed around ASPM or performance profiles. So what the ethernet does, it hibernating or updates to slow. Then I lose connection, then the connection dont come back or the card wakes up. Until i restart the pc. This happen atleast once every 3 hours. Then Linux devs are like, yeah.. its been there for over 10 years.. 10 years? Then the platform im on its 2 years old. Then you start to wonder.. what in the world is going on with linux. Why is no one fixing the issue. Now im in Disabling ASPM in Bios, then it works. Then another problem is there.. then you get the answear, you need to go in to bios and disable that. My whole bios is about to get disabled soon. Oh btw, you are on nividia card. you need to disable the firmware. I wonder how much we need to disbable soon

Security will always be a problem.

The whole RISC-V part of the discussion... so many misunderstandings and misconceptions.

I understand your frustration

Even if the hardware is open, the vulnerabilities that will be discovered in it, will still be NDA'ed.

I Love Linux and torvalds the creator there ove. I also learn so much from Comments always in TECH related youtube channels, Many a tme Comments have allowed me, a 74 Years Old with Senility the Answer to Problems I have I still Build Tower based Unix Computers, however I am going blind, only 1 Eye works. Hard to work on Mother Boards with one eye.

and this is why many of us developers have hung up our hats. We get tired of the insane politics and bs that hinder our ability to do our jobs.

Hardware security becoming more and more relevant makes me think about Apple’s platform where all devices up to and including an $11k+ Mac Pro are non-upgradable.

That sounds like quite simply if you're going to do something complicated in hardware, it needs to have *some* controls in software so the knobs can be turned in case something goes fucky wucky. You'd think that's common sense. I have coded in Python and JS and NASM and done an FPGA and a virtual mplementation of RISC-V. I would *love* to hear specific things that RISC-V should learn from its predecessors. It's not quite perfectly pure hardware but it's surprisingly closer than x86 or ARM and was dramatically nicer to build.

Nik isn't Savvy enough to spell Linus' name right. His name isn't Linux LMAO

Did you monitise this?

I just like to interject for a moment

looking at some comments and at how messed up the title is it's clear this guy is actually AI generating at least some of his videos. Always has been the linux fast food kind of videos but still.

Maybe someone has to write a book about the mistakes, so the RISC-V-team can avoid them.

Hardware should be effective and efficient without any assumptions. Software should be aware of cache and memory, and use such as applicable. It only when hardware design tries to do software tasks, these issues result. Hardware if it focused on speed of execution based on explicit execution calls received, it would up to the software to provide applicable performance. This is in effect what RISC proved... hardware does its instructions fast, and software decides how instructions are queued. We need to stop trying to make hardware guess what software wants, and we need to stop software from defaulting to letting the hardware figure out what we need, we on software side, should explicitly ask for what we need... say own population of cache. Firmware does this all the time... drives the hardware, because device hardware is basically simplistic, if not 'dumb' from a logic perspective. But of course CPU designers think they know better, and think software designers are not smart enough to do their job... this is really exactly what Linux said... because the hardware is closed, software side cannot contribute to the solution process before the hardware is locked in.

Why so serious Linus? You are not responsible for Intel, AMD or Qualcomm. CVE exploits, are not 'public' enough? What's missing? Spectre is an issue, new variants expand the base, proof of concepts recently announced for RISC mobile and Mali GPU, formation relating to driver and cache pointers. They're all speculative, all read cache or pointer/stack overflows, even oldest exploits ever made, going back forever, all started here! Only difference, having become microcodes in processor evolutions, instruction set extensions, which may be either patched.. or ignored.

linus changed the world by just not accepting poor quality

6:00 there are substanially fewer people who do hardware development.

I'm frustrated by all the clickbait

vague and nebulous

I guess there a lot NDA stuff and hinder open src is not easy task. As well there should be other people with NDA had to work on base on open src under NDA branch off stuff.

is this an AI generated shit?"!? this not how ive ever seen linux torvalds!

Linus was frusted with Minix and create Linux. He was frusted with code share and he create Github. Was frusted with people using Github to store 'pron' and he sell Github. He was frusted with Nvidia's drivers and say to NVidia go 'frack'. I think frustration is Linus natural spirit state.

Interested in Hardware, instead of Appliance a true nerd :p :)

What about open sourcing the x86 architecture? For the RISC-V architects don't make the same mistakes.

ARM is dead. They found a huge bug you can't fix. Lol. Back to the drawing board boys.

What is he trying to say? I don’t understand a word he’s repeating over and over. Can someone translate?

he got challenge by me now...sure it will sting him where it hurts now...thank god i did what i must do, replace the dooch someone really cares for real linux kernel...for he, linus is turning his kernel into extension of windows nt kernel lately...might as well throw entire legacy of his out the windows of his...basically linux and windows nt kernel are pretty much alike by now. Both run windows programs...only difference ...amd drivers run lot better under real windows ...not windows with lock up penguin behind it with tears in its eyes . Thats frustrated to see Microsoft ate our linux kernel

Just dont connect to internet why overcoompilcate stuff jeez...

why do you pronounce Linus like that

What's Linux hardware?

An internet router like MIPS/debian-mipsel could be made but, rather than STM32, it would have a _(debian blob compatible)_ CPU (RISC-V) as a Public-Domain _(or somewhere between copyleft and GPLv2 could do, with AGPLv3 for network niggling details)_ Open-Source microarchitecture RISC-V CPU _(expecting a Linux monolithic kernel too boot from 4 of HDD or SSD SATA with RAID10)_ in it and then some known-quantity amount of RAM like say 4GB in a _(also unregistered RAM compatible and ECC)_ desktop/ECC-compatible RAM slot and a _(also unregistered RAM compatible and ECC)_ desktop/ECC-compatible slot that can (optionally) take another 16GB _(topping it up to 20GB is for some reason it needed to),_ and just make it DDR3 so it can choose between its unregistered and registered RAM settings. It would be 6G sim-card compatible even though it has ADSL2 via RJ11 ports near the 100Mbps RJ45 ethernet and the 8 USB ports _(and a WAN and other port for straight-to-fibre)_ and it could have Wifi6 and Bluetooth 5.2 and pitch-roll-yaw accelerometer _(like a wii-remote has)_ and a compass and LoRaWAN _(RX and TX send and receive)_ and drivers for S-Band and Ku-Band and software-defined-Radio GNU radio with slowscan TV mode for data. It would have a PCI-e 4x slot at Gen3 to be able to take a better NIC card with VMDq and SR-IOV if better ethernet speeds are need compared to the 100Mbps LAN (not WAN) ports. It would have an IEEE1284 (bootable) and a couple of Serial COM ports to remote into it, and a JTAG and MIPI interface. However, the 100Mbs RJ45 Lan ports on it would be deliberately there for a small driver. An interface to add PoE would be there by you would need to add it later. The RJ11 would also be able to plug in VOIP device, again to add later, keeping cost down. It would have a circuit to detect a battery added later even though it does not come with one and instead, in a power-outlet, would work in a mains electrical plug socket (wall wart). Then _(and this is the important bit)_ basically just give it _(via some whip-round)_ to the Linux Foundation and ask Linus to say what he wants from the instruction set in the RISC-V CPU. Ask Stallman too _(if he can do)._ The router RISC-V CPU would be unlikely to have better processing than say an A53 with protection-rings. So commercially available routers would be able to make glitzy fancy routers with other features without tis open-source router displacing their market value. This open-source router instead would be designed to be solid and do a workman like job and nothing particular fancy. It simply has that 6G and Bluetooth and WiFi at that reasonably modern level so that is continues to work well enough for many years to come. It would also expect to take a MFA FIDO2 hardware security key in a USB port just in case that helps things in future projects. It would probably need some of the USB ports to be capable (or upgradeable) of being USB3.2 with decent power _(converting to or from USB-C)._ Linux is not pronounce like his name 'Linus' _(a running in-joke for geeks),_ so the router should have a naming convention along those lines _(being deliberately slightly inaccurate)_ as with its default Operating System distro. So the Distro could be called thr34k because it is like 'freak' (the previous candidate name for Linux) but spelt wrongly as though it is the number but then the letters are post ironically switched to numbers just to be even wronger. The router itself could be called _"Lee Noose"_ because it is about time, once again, that we all came up with yet another wrong way to say his name. The router should have a couple of interfaces to allow the user to optionally plug in a couple of 128x32 pixel monochrome LCD screens. The CPU could be called the "St. All m'Anne" _(because it is a corruption of Richard Stallman)._ We'll just have to come up with a reason why it is like that and never actually admit it to Stallman _(or Torvalds for his one)_ as to why the name of the CPU is that. We'll say perhaps that The name represents a saint of everything (i.e "all") associated with my Anne. So, let's assume Anne is some person or whatever, and she is "my Anne" like maybe she is betrothed or something. So it means _"The Saint of everything pertaining to my Anne"_ when it is written _"St. All m'Anne"._ It's a stretch but without it, somebody will need to come up with something better. Anne will be represented in a cartoon avatar sticker stuck on the router and then can be a character in SuperTuxKart because mascots need to exist for as many GNU linux things as possible. That avatar and the _"Lee Noose"_ avatar will probably be some sort of fluffy mascot other people haven't already used, rather than an actual human. It would have a 2nd CPU socket just in case it struggles. The RISC-V should have an FPU in it. The point is that it would become popular enough without flooding the market and Stallman and Linus would simply be able to tell the makers in advance what they want from it. It probably would be able to take a modest low-power graphics-card in the PCIe slot and run it is a server with a GUI or desktop computer but that is not the main focus of it. That does mean however that if there is a desire for a "safe option" CPU, the router would have established it, even though it would be quite a tame CPU compared to actual laptops, smartphones and desktop computers _(and big-servers)._ Thereby when people make other _(fancy)_ RISC-V CPU chips _(be they public domain or not),_ they can have the point-of-reference to know what basic little CPU other people are already happy with looks like. The router will be have a target audience like the One-Laptop-Per-Child project in the past, _(so you can buy one in USA, UK and so on and the increased price)_ but displaced people _(with an identity card)_ who want to get one can buy or earn one such as if they set up a business like a coffee shop or something like that _(or they maybe just want to use it in their dwelling on as a carputer but on a bike)._ The router _(essentially with a ALSA compatible 24-Bit soundcard with MIDI on it)_ would have a mic-in and line-in (both stereo) and a stereo line-out just in case not having one causes a problem with VOIP somehow later. It would expect ogg-vorbis-theora even though it could probably do other things. Having MIDI (a joystick port) is useful but is there to ensure linux has a go-to MIDI standard just in case somehow the sound-card existing on the router (largely for VOIP) encounters a problem as a result of not having MIDI. If Torvalds and Stallman refuse to take the money to do it, have some other bargaining chip they are after to incentivise them to do it for that reason. There must be something. The benefit everybody else would have is that it would save a whole bunch of ballache regarding computing-ambiguity _(especially pertaining to the deciduous nature of Reduced Instruction Set Chips)_ and would brighten up these grumble-pill videos of two blokes sitting on 2 chairs like something out of a year 2000 Public Access TV channel show. My comment has no hate in it and I do no harm. I am not appalled or afraid, boasting or envying or complaining... Just saying. Psalms23: Giving thanks and praise to the Lord and peace and love. Also, I'd say Matthew6.

I use potato, Linux Works Great❤😂

Pentium G620.

middle finger to intel

It's pronounced "Line Us"

Internet computing is a Linux thing - robust and safest!

When is he not frustrated and swearing at people

Mr Torvalds,,,Linux is INTERNET!!! we need you to keep on going making Great Linux Software!

Risc v isn't the solution. It is just a cheaper solution

Tanenbaum might have some good advice. 😊

oddly, he's very silent about Linux security issues. go figure

Linus is always frustrated. Not new News!

I think he's frustrated

5500u

And 8 days later after this video half the internet gets an update from one company and it just so happens to be they didn't test a kernel update. I think it was done on purpose Microsoft and crowdstrike. Just to see how much control they have

What about the growing number of "diversity quotas" in Linux Foundation? Are they imposed by the corporate donors? Does he know how much bloat and useless code they pouring in the kernel? Is he okay with those politics?

Since you can’t pronounce the man’s name, I assume this is AI.

Which hardware will run Linux optimally, or even normally?

Hes always frustrated

he sounds as if he did smthn with his teeth

I wonder what he thinks about zealots from Linux and FOSS that despise closed source and ignore financial part of software development...

have 2 computers that uses intel and 2 that are using amd and 1 using apple m1

"Speaks on Linux Hardware SECURITY Issues" - There is nos such thing as Linux Hardware Security Issues. Either they are hardware security issue but then they are not related to Linux at all and will affect any operating system on earth or they are Linux issues but then they are not hardware issues as there is no Linux hardware, Linux is a software operating system kernel.

Better make Linux NTFS .. Then it will boom .. Nobody like's windows anymore ..

Get Rust out of the kernel and stop using systemd.

Linux is still superior for internet than windows!

Linus has been frustrated for years. All he seems to do any more is complain.

He just needs to chill out a bit and spend less time playing with computers

I love linux os but that guy is an absolute m-oron.