Slashdot Mirror

← Back to Stories (view on slashdot.org)

2.4 Kernel Maintainer Marcelo Tosatti Interviewed

Posted by CmdrTaco on from the stuff-to-read dept.

Jeremy Andrews writes "KernelTrap has an interview with Marcelo Tosatti. Marcelo became the maintainer of the 2.4 stable kernel when he was 18 years old, releasing his first kernel, 2.4.16, on November 26'th of 2001. Two years later, he recently released 2.4.23 and plans to soon put the 2.4 stable kernel tree into maintenance mode, only addressing bugs and security issues. Living in Brazil, Marcelo currently works for Cyclades Corporation. In this interview he looks at how he became the 2.4 maintainer, the challenges involved, and brings us up to date with the current status of the 2.4 kernel."

9 of 105 comments (clear)

  1. Young guy with dreadlocks by fruey · · Score: 5, Insightful

    Don't show his photo to your boss as you talk about the 2.4 kernels you're probably still running. The kernel maintainer for your corporate servers is a 20 year old guy who was 18 when he started maintaining. Whoah.

    In the corporate world, even if there was some kind of genius kid really running the show, he'd be hidden behind grey haired puppets so that it didn't look like some genius kid was really running the show.

    Kudos to Marcello, even though child labour laws (if he was paid to work with the ISP in Brazil when he was 13 years old) and human rights issues might get a mention if the press could ever see beyond Linus as a Linux hacker.

    --
    Conversion Rate Optimisation French / English consultant
  2. He's the maintainer. by chipster · · Score: 3, Insightful
    He maintains the kernel. There is a lot more of what he does that the interview clearly does not touch upon. It's demanding to be a maintainer. It requires a lot of time, good communication, and motivation.

    Lets' see if you can do this. Better yet, let's see if you are even asked to do this.

  3. Re:How is this line not getting more attention? by bizcoach · · Score: 5, Insightful
    This guy just took responsibility

    I hope you'll do the same when something goes wrong in your area of responsibility.

    This delay gave blackhats a lot more time than whitehats.

    Not true. Blame the whitehats for not looking at the patches closely enough.

    Perhaps this argues strongly for closed security bug reporting a la OIS' "responsible disclosure" mode

    No. That doesn't help in cases like this where the security impact of a bug isn't recognized at the time of bug reporting.

  4. Re:But...??? by galbro · · Score: 3, Insightful

    You appear to be unaware that 3.51 was considered the most reliable version of NT, and that in going to 4.0 there was a major and long lasting drop in reliability. Perhaps the biggest source of bsod was moving video drivers into kernel space.

    Thank goodness Microsoft has none of those nasty high profile bugs and exploits you speak sooooo ill informedly about. If you are so worried about going out of business if you go down for a SECOND, why is it only now you are considering replacing a dusty old 1995 box, and don't even appear have a plan on how to proceed yet? PS, nine 9's reliability means that your pathetic old machine needs to be about 10000 time more reliable than the Verizon switching center down the street from me. Please tell us more how you accomplish this feat.. Multiple power feeds, hot swappable power supplies and drives?

    On the outside chance that you are actually sincere (uh yeah, right) please take a look at http://www.securityfocus.com/microsoft

  5. Too early for maintenance mode by EggSausageBaconAndSp · · Score: 3, Insightful

    Not a Linux expert, but it sounds weird to put 2.4 in a feature freeze mode "soon" (whatever that means), with 2.6 just released days ago ... was the timeframe similar between 2.2 and 2.4?

  6. Re:The dreadlocks are new for me by CraigV · · Score: 3, Insightful
    Unfortunately, he's not the right person to talk in public, he seemed to be really nervous and didn't tell anything very new. Nobody can do everything though. I'm really happy with how the 2.4 kernel evolved.

    In my physics days, I had a one-on-one lunch with a guy whose work at a young age was clearly going to give him a Nobel Prize. He spoke so softly and hesitantly that I didn't get much out of the meeting. Yet 15 years later, several years after he won the Nobel Prize, I heard him talk and he was eloquent and passionate. Practice makes perfect.

    Linux is a great example of the power of a meritocracy.
  7. Re:But...??? by mr_z_beeblebrox · · Score: 5, Insightful

    When will he fix the critical bugs in the system so we can actually use it?

    If you were serious on that you would have someone in your company participating in kernel development. Seriously, if something is imperative to fix in the kernel to you. If you bring up to the kernel community in the appropriate manner it will likely get addressed. Microsoft, Sco and Sun won't give that kind of a nod to someone who is still running NT3.5.

    We are now concidering wether to get a Windows 2003 server, Solaris 10 or a Linux Enterprise server. Concidering the high profile bugs that exploited key Linux websites, and the increasing ligitation against it, we do not think we should use Linux in such an environment where we need uninterrupted operation. We do not need kernel panics, root exploits, and we ceraintley don't want to put our precious source code at risk of espenage because of the Legal bindings of Linux.

    Considering your unfounded (thus ill informed) paranoia of Linux you should not go with Linux, due to frequent typos you should stick with GUI. I would say Win 2003 is a right fit for you and it is a very solid platform. There is probably no reason for your company to switch. BTW, if your business will die in one second minus a server...look closely at your business procedures they need tweaked.

  8. Re:How is this line not getting mroe attention? by Mr.+Darl+McBride · · Score: 2, Insightful
    This guy just took responsibility for sitting on a known fix, which directly led to Debian compromise.
    That's a small failure on his part, yes. But it's more so the failure of the person who found and submitted the patch. By not researching and explaining the full effect of the patch, the submitter has shown that he isn't fully aware of the changes he makes. Marcelo's job is to make sure a patch doesn't break anything new, and to listen if someone tells him that it fixes something very very important.
  9. Re:How is this line not getting mroe attention? by mindstrm · · Score: 2, Insightful

    A local-only DOS bug is a LOT different, severeity wise, than a remote root exploit.

    Answer me this: On your linux machine, if a user has a shell account, can they affect the service of the machine? Do you have hard memory and CPU limits for every single user, so that no matter what, those users can't hurt the machine?

    If your system is like most, a two line shell script can bring the system to it's knees or eat up all remaining memory and swap, or often eat up some critical disk space (like /tmp), bringing the system to an unusable state.

    All of THAT is a security problem... so don't start about some local crash bug being a severe security problem.

    In other words, local users are usually trusted not to take down the system on purpose. The debian compromise didn't start with this bug.. someone got access through an account they should not have had.. the physical security MODEL broke first... and if it wasn't this bug that was used, some other one would have cropped up eventually.

    If it had been repoted that it could cause a root exploit, it would have been patched sooner.