Hohndel agreed but added that the industry needs to support these smaller projects – and not only with money. “Companies need to engage with these projects. Have your company adopt a couple of such projects and just participate. Read the code, review the patches, and provide moral support to the maintainers. It’s as simple as that.”
Really glad he said this, I keep seeing posts about how all these big companies could solve the problem by just throwing money at small projects and while that is better than nothing it would help way more to have their own developers helping to review and fix issues.
In addition, hardware developers reinvent old ways of doing things and only learn by making all the same mistakes that have been made before. It’s sad, but true.
This same criticism is validly launched at software devs all the time lol.
One thing I’ve anecdotalally seen and heard is hardware guys indicating that something is rock solid and solved because it’s old, so building on top of it isn’t a problem. Obviously we have to build on the old to get to the new, but if we just skip auditing hardware due to age we end up deploying vulnerable hardware globally. Spectre and Meltdown are an interesting example where I’ve heard from at least one distinguished professor that “everyone” believed branch prediction design/algorithms were essentially done. Was it adequately assessed from a security POV? Clearly not, but was it assessed from a security POV in general? I have no idea, but it would be nice as a tech enthusiast and software guy to see the other side of the fence take these things seriously in a more public way, in particular when it comes to assessing old hardware for new attack vectors.
Spectre and Meltdown are an interesting example where I’ve heard from at least one distinguished professor that “everyone” believed branch prediction design/algorithms were essentially done.
Interesting to hear this.
Was it adequately assessed from a security POV? Clearly not, but was it assessed from a security POV in general? I have no idea, but it would be nice as a tech enthusiast and software guy to see the other side of the fence take these things seriously in a more public way, in particular when it comes to assessing old hardware for new attack vectors.
I see. For clarity and preventing some confusing, it would have been a good idea to disclosed that in the beginning of the article. Thanks for the note. I’ll wait until it’s available then.
It literally was in the opening paragraph. Previous years keynotes are available in a playlist here, so I assume they’ll do the same for this year’s keynotes as well. The event only just ended yesterday.
No, I mean they should have disclosed this talk/interview not being ready to the public consumption. Clicking the link just opened up the webpage and I was lost, expecting the watch or read the interview. There is no mention of this being not available yet, despite the link. That’s what I mean being confusing. It’s not the end of the world, and it would also not be the end of the world if they added a note after the link like “(note: talk is not available to watch for the public yet)”.
That’s not to say the two men don’t think AI will be helpful in the future. Indeed, Torvalds noted one good side effect already: “NVIDIA has gotten better at talking to Linux kernel developers and working with Linux memory management,” because of its need for Linux to run AI’s large language models (LLMs) efficiently.
Oh, I just asked the same question. I find it terrible article not to link to the source at the beginning or end of article. I would like to read or watch the original interview too.
Did not know the thing about purposefully adding rogue tabs to kconfig files to catch poorly written parsers. That’s fucking hilarious and I’d love to have the kind of clout to get away with something like that rather than having to constantly work around other people’s mistakes.
I write a lot of scripts that engineers need to run. I used to really try to make things ‘fail soft’ so that even if one piece failed the rest of the script would keep running and let you know which components failed and what action you needed to take to fix the problem.
Eventually I had so many issues with people assuming that any errors that didn’t result in a failure were safe to ignore and crucial manual steps were being missed. I had to start making them ‘fail hard’ and stop completely when a step failed because it was the only way to get people to reliably perform the desired manual step.
Trying to predict and account for other people’s behavior is really tricky, particularly when a high level of precision is required.
It is a developer milestone :) when you learn to be a resilient applicant is about recovery situation you perfect understanding. Fail fast everything else. Repeat 1000 times, you have something
This is why I enjoy programming libraries only I will ever use. "Do I need to account for user ignorance and run a bunch of early exit conditions at the beginning of this function to avoid throwing an exception? Naww, fuck it, I know what I'm doing."
soft failures add complexity and ambiguity to your system, as it creates many paths and states you have to consider. It’s generally a good idea to keep the exception handling simple, by failing fast and hard.
here is a nice paper, that highlights some exception handling issues in complex systems
Add comment