Slashdot Mirror
Despite 'Painful' Spectre Response, Linus Torvalds Says He Still Loves Speculative Execution (youtube.com)
At this year's Open Source Summit, Linus Torvalds sat for a wide-ranging "keynote" interview with Dirk Hohndel, chief open source officer at VMWare, which has been partially transcribed below. And Linus explained, among other things, why the last merge window was harder than others:
One of the issues we have is when we've had these hardware security issues, and they've kept happening now, the last year -- they're kept under wraps. So we knew about the issue for the last several months, but because it was secret and we weren't allowed to talk about it, we couldn't do our usual open development model. We do the best we can, and people really care deeply about getting a good product out, but when you have to do things in secret, and when you can't use all the nice infrastructure for development and for testing that we have for all the usual code, it just is way more painful than it should be. And then that just means that, especially when the information becomes public during what is otherwise a busy period anyway, it's just annoying...
I still love speculative execution. Don't get me wrong. I used to work for a CPU company. We did it in software, back when I worked there. I think a CPU has to do speculative execution. It's somewhat sad that then people didn't always think about or didn't always heed the warnings about what can go wrong when you take a few shortcuts in the name of making it slightly simpler for everybody, because you're going to throw away all that work anyway, so why bother to do it right. And that's when the security -- every single security problem we've had has been basically of that kind, where people knew that "Hey, this is speculative work. If something goes wrong we'll throw all the data away, so we don't need to be as careful as we would otherwise." I think it was a good lesson for the industry, but it was certainly not a fun lesson for us on the OS side, where we had to do a lot of extra work for problems that weren't our problems.
It feels somehow unfair. I mean, when we have a security bug that was our own fault, it's like, "Okay, it was us screwing up. It's fair that we have to do all the work to then fix our own bugs." But it feels slightly less fair when you have to fix somebody else's...
"The good news -- I mean the really good news, and I'm serious about this -- is that the bugs have become clearly more and more esoteric," Linus adds. "So it impacts fewer and fewer cases, and clearly hardware people at Intel and other places are now so aware of it that I'm hoping we're really getting to the dregs of the hardware security bugs, and going forward we'll have much fewer of them. I think we're going to the better days, when A.) we got the bugs fixed, and B.) people were thinking about them beforehand."
There's a lot more, so read on for more excerpts...
When it comes to quantum computing, Linus says he's "a huge unbeliever in that whole thing. I don't think it will ever happen. And if I'm wrong, I'm pretty sure that I'll be long dead by the time people can prove me wrong..."
"Hey, it has been known to happen that I've been wrong before, so maybe the whole quantum thing is going to be a thing. But I think if you actually look at where hardware is going today, the much more relevant part is that traditional computers are not scaling, and people really don't see a lot of realistic paths forward to go on the hardware side. And I actually think that's probably healthy for the industry, eventually, and especially for us software people who have gotten kind of complacent...
"The saying used to be that every two years performance doubles, and that has clearly not been very true lately, and it's not going to be true going forward. And I think that's good. Maybe not fun, but it means that we'll maybe go back partly to the time where you cared more about performance on the software side, and you had to be more careful, and you can't just rely on hardware getting better all the time... I do think it's pretty clear that the whole Moore's Law thing is definitely not something you should take for granted. This very much impacts the hardware people, but I'm saying it also impacts, I think, us software people and especially us system people, where it means that software itself has to take that into account...
"I'm a software person, so asking me about hardware is kind of questionable to begin with. I'm actually a huge believer in neural networks. Back way in the days when I was at University, I was studying artificial intelligence -- the traditional kind of artificial intelligence -- and always felt that that was snake oil, and that the real model of AI is to actually look at what we know works, right? And I'm really happy to see that this is clearly the direction that the industry has been going lately."
Watch a 40-minute video of Linus's remarks on the Linux Foundation's page on YouTube.
I still love speculative execution. Don't get me wrong. I used to work for a CPU company. We did it in software, back when I worked there. I think a CPU has to do speculative execution. It's somewhat sad that then people didn't always think about or didn't always heed the warnings about what can go wrong when you take a few shortcuts in the name of making it slightly simpler for everybody, because you're going to throw away all that work anyway, so why bother to do it right. And that's when the security -- every single security problem we've had has been basically of that kind, where people knew that "Hey, this is speculative work. If something goes wrong we'll throw all the data away, so we don't need to be as careful as we would otherwise." I think it was a good lesson for the industry, but it was certainly not a fun lesson for us on the OS side, where we had to do a lot of extra work for problems that weren't our problems.
It feels somehow unfair. I mean, when we have a security bug that was our own fault, it's like, "Okay, it was us screwing up. It's fair that we have to do all the work to then fix our own bugs." But it feels slightly less fair when you have to fix somebody else's...
"The good news -- I mean the really good news, and I'm serious about this -- is that the bugs have become clearly more and more esoteric," Linus adds. "So it impacts fewer and fewer cases, and clearly hardware people at Intel and other places are now so aware of it that I'm hoping we're really getting to the dregs of the hardware security bugs, and going forward we'll have much fewer of them. I think we're going to the better days, when A.) we got the bugs fixed, and B.) people were thinking about them beforehand."
There's a lot more, so read on for more excerpts...
When it comes to quantum computing, Linus says he's "a huge unbeliever in that whole thing. I don't think it will ever happen. And if I'm wrong, I'm pretty sure that I'll be long dead by the time people can prove me wrong..."
"Hey, it has been known to happen that I've been wrong before, so maybe the whole quantum thing is going to be a thing. But I think if you actually look at where hardware is going today, the much more relevant part is that traditional computers are not scaling, and people really don't see a lot of realistic paths forward to go on the hardware side. And I actually think that's probably healthy for the industry, eventually, and especially for us software people who have gotten kind of complacent...
"The saying used to be that every two years performance doubles, and that has clearly not been very true lately, and it's not going to be true going forward. And I think that's good. Maybe not fun, but it means that we'll maybe go back partly to the time where you cared more about performance on the software side, and you had to be more careful, and you can't just rely on hardware getting better all the time... I do think it's pretty clear that the whole Moore's Law thing is definitely not something you should take for granted. This very much impacts the hardware people, but I'm saying it also impacts, I think, us software people and especially us system people, where it means that software itself has to take that into account...
"I'm a software person, so asking me about hardware is kind of questionable to begin with. I'm actually a huge believer in neural networks. Back way in the days when I was at University, I was studying artificial intelligence -- the traditional kind of artificial intelligence -- and always felt that that was snake oil, and that the real model of AI is to actually look at what we know works, right? And I'm really happy to see that this is clearly the direction that the industry has been going lately."
Watch a 40-minute video of Linus's remarks on the Linux Foundation's page on YouTube.
According to http://secure64.com/not-vulnerable-intel-itanium-secure64-sourcet,
I wonder how much of that time is dedicated to sabotage their competitors.
Like the first Intel-sourced Meltdown-patches explicitly hamstrung all x86 cpus in the name of "security", and the AMD people had quite a fight to stop it from being in inflicted on them, remember?
I wonder how much of that is going on that we never hear of.
And yet the only thing that works better with intel than AMD under Linux is power management. Why does it take so much more code for intel hardware to work correctly than AMD? Errata?
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"