2.4 Kernel Maintainer Marcelo Tosatti Interviewed

Jeremy Andrews writes "KernelTrap has an interview with Marcelo Tosatti. Marcelo became the maintainer of the 2.4 stable kernel when he was 18 years old, releasing his first kernel, 2.4.16, on November 26'th of 2001. Two years later, he recently released 2.4.23 and plans to soon put the 2.4 stable kernel tree into maintenance mode, only addressing bugs and security issues. Living in Brazil, Marcelo currently works for Cyclades Corporation. In this interview he looks at how he became the 2.4 maintainer, the challenges involved, and brings us up to date with the current status of the 2.4 kernel."

Young guy with dreadlocks

[fruey]

Don't show his photo to your boss as you talk about the 2.4 kernels you're probably still running. The kernel maintainer for your corporate servers is a 20 year old guy who was 18 when he started maintaining. Whoah.

In the corporate world, even if there was some kind of genius kid really running the show, he'd be hidden behind grey haired puppets so that it didn't look like some genius kid was really running the show.

Kudos to Marcello, even though child labour laws (if he was paid to work with the ISP in Brazil when he was 13 years old) and human rights issues might get a mention if the press could ever see beyond Linus as a Linux hacker.

Re:Young guy with dreadlocks

[koekepeer]

18 or not, dreadlocks or not, i think he did a great job! i have a big respect for this guy.

and the dreadlocks: well, look at alan cox. maybe kernel maintainers *should* look a bit different as compared to "ordinary" people :)

i mean, they're not exactly salesmen or lawyers or anything, right?

How is this line not getting mroe attention?

JA: During the 2.4.23 release cycle, a bug was fixed in the do_brk() function. This bug was recently exploited in a high profile break-in of four Debian Project Linux servers. Why was 2.4.23 not released sooner when this bug was first fixed?

Marcelo Tosatti: When I first applied the fix (sent from Andrew Morton), I didn't realize it was an exploitable bug (I understood it could crash the box).


This guy just took responsibility for sitting on a known fix, which directly led to Debian compromise.

It also led to a rapid patch cycle all over the place, as opposed to a more stable and controlled cycle, since everyone who saw Andrew Morton's patch could research the vuln and create the exploit.

This delay gave blackhats a lot more time than whitehats.

Perhaps this argues strongly for closed security bug reporting a la OIS' "responsible disclosure" model.

When I was 18....

I became the official maintainer of my brother's Playboy collection.

During my stewardship, I too put the collection in maintenance mode, had to deal with security problems, and I certainly issued several...er..releases.

I'm jealous

20 years old, wife, kernel maintainer, kernel job, and the hair... damn him!

Re:He's the maintainer.

[telekon]

Lets see if he has time to get his hair cut now the pressure on 2.4 is off

Are you kidding? Do you know how much time and effort it takes to maintain dreadlocks like that?

That's probably where he developed the persistence, dedication and attention to detail necessary to maintain the Linux kernel.

Re:How is this line not getting more attention?

[bizcoach]

This guy just took responsibility

I hope you'll do the same when something goes wrong in your area of responsibility.

This delay gave blackhats a lot more time than whitehats.

Not true. Blame the whitehats for not looking at the patches closely enough.

Perhaps this argues strongly for closed security bug reporting a la OIS' "responsible disclosure" mode

No. That doesn't help in cases like this where the security impact of a bug isn't recognized at the time of bug reporting.

The dreadlocks are new for me

[agoliveira]

I worked with Marcelo at Conectiva (man, I missed that place but...) and that's *not* his real hair :)
He probably just went to a hair stylist and made that... thing :-D
I swear I never imagined Marcelo doing this kind of stuff but he's a kernel developer so you can expect anything!

Re:Child Labor

[AKnightCowboy]

He's working at an ISP, not a sweat shop or factory floor

You've never done tech support for an ISP have you? Give me the machine press anyday over clueless users.

Dreadlocks

[RevMike]

I'm in the final stages of the recruitment and hiring process for a silicon valley startup. I live in NY, and I'd be doing "Professional Services" for their NY clients.

After a series of phone interviews, they told me "Our founder and CTO is going to be in NYC. We'll set up a face to face meeting."

My hair is closely cropped - mostly because I'm quite bald on top, and if I let it grow at all I look like Krusty the Clown. I put on my best navy blue interview suit, iron a really nice shirt, have my wife pick a tie, etc. I hop the train to Manhattan and meet my (hopefully) future boss.

He's got dreadlocks and a goattee!

During the interview we were chatting about some of the people that I had spoken with on the phone. He mention someone as having very long hair. That gave me the opportunity to say "And here I am wearing my best interview suit!" that got a good laugh from him. "That is East Coast vs West Coast, I guess." was his reply.

2.4 VM problem with big machines still there

For most people (read: desktop, small server stuff) the 2.4 kernel might be the right thing and having no problems. If have highmem-machines (>= 1GB RAM) things look very different.
I run a very big (2 HT CPUs, 4GB RAM, 620 GB RAID5, 2x 1GBit links) file-server and all 2.4 kernels (.19-.22) weren't able to run the thing stably for more than 1 week, under heavy I/O load not more that 2 days.
Changing to the -aa tree helped and that thing is now up, stable and fast for past 4 months.

The problem lies in still unmerged code for highmem and slabcache reclaim (check /proc/slabinfo or use slabtop), which is in the -aa tree for ages.
I reported that to Marcello, but he seemed very uninterested in tracking down (many, many thanks to Andrea and Rik, who helped) and applying those particular fixes in the -aa tree.

Re:But...???

[mr_z_beeblebrox]

When will he fix the critical bugs in the system so we can actually use it?

If you were serious on that you would have someone in your company participating in kernel development. Seriously, if something is imperative to fix in the kernel to you. If you bring up to the kernel community in the appropriate manner it will likely get addressed. Microsoft, Sco and Sun won't give that kind of a nod to someone who is still running NT3.5.

We are now concidering wether to get a Windows 2003 server, Solaris 10 or a Linux Enterprise server. Concidering the high profile bugs that exploited key Linux websites, and the increasing ligitation against it, we do not think we should use Linux in such an environment where we need uninterrupted operation. We do not need kernel panics, root exploits, and we ceraintley don't want to put our precious source code at risk of espenage because of the Legal bindings of Linux.

Considering your unfounded (thus ill informed) paranoia of Linux you should not go with Linux, due to frequent typos you should stick with GUI. I would say Win 2003 is a right fit for you and it is a very solid platform. There is probably no reason for your company to switch. BTW, if your business will die in one second minus a server...look closely at your business procedures they need tweaked.