The most striking thing here is that Linus has apparently dismissed incompetence as a rational explanation. Yes, he is often brash, but usually he is accusing someone of sheer stupidity. He does not do that here. Linus alleges that we are being lied to - that we don’t know the full story, nor Intel’s motives.
Furthermore, we are left to wonder if Microsoft is also being fed “bullshit” patches, and if they may be less discerning than Linus regarding a proper solution.
He's quite clear about his theory as to Intel's motives:
> The whole IBRS_ALL feature to me very clearly says "Intel is not
serious about this, we'll have a ugly hack that will be so expensive
that we don't want to enable it by default, because that would look
bad in benchmarks".
> So instead they try to push the garbage down to us. And they are doing
it entirely wrong, even from a technical standpoint."
That bit sounds to me like Intel is trying to pull a "Volkswagen": have it perform better in benchmarks than in real life (when hopefully secure execution will be enabled).
More generally, an opt-in switch to disable unsafe behaviour expresses a clear intent to preserve the unsafe behaviour for the foreseeable future.
Disabling unsafe behaviour for good on current chips and removing it from future ones would be equally easy, and clearly it isn't Intel's intent.
Plausible reasons, apart from looking good in benchmarks, include ease of access for their three-letter friends and not bothering with the cost of designing safe and high performance processors.
I would hope that it would not be removed if there is a performance difference. Not all systems are multi user, thinking stuff like includeos or systems that can control their interaction such that the risk in very minimal and not worth the cost.
If it were removed, the new processors would simply be worth less than the ones that immediately preceded them. The systems you're thinking about would then cost less. What's the problem?
The problem, of course, is that vendors couldn't pretend to sell systems that are worth the prices they would have quoted before all of this awfulness was exposed. That would be a problem for the vendors only. The rest of us would be better off.
But that penalizes the single process systems, they exist. One already pays a cost of overhead for multiprocess/multiuser systems and this is part of it. Pay for what you use. But have sane defaults(protect the common case).
Then again, I cannot see this costing much in future chips.
This debate is about desktop and server processors. You are imagining there is a market segment, worth caring about for non-niche companies like Intel, of non-hackable systems with no network access that use high-end microprocessors, but it isn't so.
Most relatively complex systems that use deluxe microprocessors and could be air-gapped are accessible for convenience instead, and more extreme actually inaccessible systems are likely to use different, specialized processors.
Why do you exclude all single-purpose networked servers? e.g. why wouldn't it be reasonable tradeoff for a private compute cluster with a limited set of applications (or even just one), systems running really dumb services, ...?
On another forum somebody suggested laywer / legal reasons. That if default performance takes too big of a dive the case for lawsuits is stronger. They already have a class action filed against them. A benchmark performance dive would be one angle to use in court.
Coming to a court with "unclean hands" won't help their case either. And showing bad faith can really crank up the damages awarded if it's a jury trial.
The processor's security features should perform as described - anything less is a very nasty surprise waiting for users. Intel could allow users to opt-in to insecure behaviour for performance, but insecurity absolutely must be opt-in rather than opt-out.
"The processor should perform as described - anything less is a very nasty surprise waiting for users. Intel could allow users to opt-in to less performant behaviour for security, but bad performance absolutely must be opt-in rather than opt-out."
Take away: it all depends on the users preferences. I am with you, in most cases, it should be about security, but I guess there are legitimate use-cases for the opposite as well.
I do video crunching on internal systems, I'm happy that the code I run has nothing to gain from spectre or meltdown, but even a 10% drop in performance is bad, and sometimes can mean doubling the cost (if the cpu that was encoding two real time feeds is no longer powerful enough to do so without dropping frames)
Not every one runs a lamp stack on the intenet.
That said the default should be security. I have to opt in for "maximum performance" in the bios of my hp kit, rather than "balanced power and performance", why shouldn't I have to opt in to "faster but less secure"?
> "The processor should perform as described - anything less is a very nasty surprise waiting for users. Intel could allow users to opt-in to less performant behaviour for security, but bad performance absolutely must be opt-in rather than opt-out."
But that isn't true. Poor performance is not remotely in the same class of "very nasty surprise" that security model violations are.
Users can already choose. They can buy old processors without the fix.
I really don't see what case anyone could have against Intel if they just fixed this. Having a fix but turning it off by default seems far more dangerous from a legal perspective. Or having the processor perform far worse in reality than advertised.
Tell me where you could buy old processors in sufficient quantity today and please explain how a modern motherboard with sufficient RAM would hold such an old processor?
But if you want a processor without this fix, then you're in luck: from what I understand, all modern Intel processors don't have this fix yet. And they're very well supported by motherboards.
And by the time the current crop of processors becomes unavailable, I suspect newer processors will be much faster than anything currently available.
Yeah if you could point me towards instructions on how I can install this old processor I just bought in my Macbook that'd be great, also if you know how I can install this old processor in my AWS instances that'd be awesome too.
I winced as an owner of Volks Wagon stock when I read that. 3 people on this thread have now reacted to it.
If that type of behavior gets branded as "pulling a VW", that is the type of thing that could destroy VW in the long term. I agree it is a great analogy though.
The root question is what else is Intel trying to cover up with these garbage patches? Are they afraid of power leakage across gates allowing an attacker to gain a higher level of privilege in certain generations of silicon, and trying to cover it up with these patches (hence some of the seemingly crazy things they do)?
I could be very wrong but I read it as Intel trying to cover the fact that there are huge performance penalties with the patch enabled. Therefore Intel will continue to market chip performance sans patch while pushing down the responsibility of enabling them to OS vendors.
Not with those patches, since they haven't been merged yet. The performance decreases that have been reported so far are for Meltdown patches, those new patches are apparently meant to mitigate Spectre.
Probably not secret anymore. CMS (the "Code Morphing Software" that implemented the x86 emulation) originally went straight to translation which was difficult to get correct and was expensive to do for code that might only be run once. Linus, when he joined said "That's stupid" and wrote an x86 interpreter which then acted as the first tier in the emulation. That let to a massive improvement in quality as more workloads could be tested and enabled an awesome creation by Jim Mattson (IIRC): self-cosimulation. CMS could be run in a mode where all translation were cross checked with the interpreter before the results were committed.
This was before my time and I'm sure he did much more. I only have first-hand knowledge of his work on TVM, the Transmeta x86 Virtualization which predated Intel (and AMD's) hardware support for x86 virtualization. Sadly it never productized. I suspect we couldn't find a way to monetize it.
At least the journal reports I read at that time implied that much. He was one of the technical leads on this as far as I recall. So he would have had to get a very good knowledge of the Transmeta CPU and of the x86 instruction set for that task. I think it shows here.
Linus calls people stupid when they are usually being stupid, at least in his eyes. He doesn't wantonly accuse people of stupidity for no reason. It's just that when he perceives stupid activity... well, he generally goes off. It's his main trigger.
Wonder if perhaps Intel is under classified and gagged duress from the government? There has been plenty of evidence the government is not acting with citizen security foremost in its technical and telecommunications policies.
Hanlon's razor should include an exception where PR and politics are involved. Discounting malicious people as just stupid is the reason so many "stupid" people are in power.
>The most striking thing here is that Linus has apparently dismissed incompetence as a rational explanation. Yes, he is often brash, but usually he is accusing someone of sheer stupidity. He does not do that here. Linus alleges that we are being lied to - that we don’t know the full story, nor Intel’s motives.
"And that's actually ignoring the much _worse_ issue, namely that the
whole hardware interface is literally mis-designed by morons."
Maybe you missed this line? Some classic Linus right there...
A lot of people trying to defend being a jerk as necessary in these circumstances. I think Google culture proves the opposite: Googley code and peer reviews, blameless postmortems, and a host of other mechanisms that de-escalate and de-personalize things.
The Meltdown work at Google probably didn't begin with a rant about morons.
It's possible to construct a culture where people can air grievances and criticize others without inducing flame wars. It only works for Linus because people won't go nuclear in the response, but for rank and file engineers, especially of equal stature, if you call someone a moron in a thread, it's likely to kill productivity and create a negative testosterone ladden atmosphere of people trying to avoid being wrong, and counter attacking others.
I've worked at a lot of places where engineer got into heated shouting matches. It's is not a way to increase the probability of zeroing in on a problem, or reaching agreement faster.
Why is the top comment on this about engineering culture?!
Linus is valuable precisely because he occasionally d-slaps people around, waking them up, even when what he says may be factually wrong, and reminding them the at the core the tech must be sane, f people and their feelings!
Yeah, it's good to have a 1 in 1000 brilliant people being aholes because it keeps the culture balanced. We need a dose of rascality, and Linus can afford to embody it and seems to like doing it, and he's also good at fixing the consequences of his rants by being reasonable afterwards.
(If we're mature enough to accept that this can only be accepted of 1 in 1000 people or something like that, and that obviously not all people are born equal, we can move on and enjoy life.)
For the most part he actually does a good job staying away from personal attacks. The problem is that his approach isn't going to yield great results. For there's 2 problematic parts to this e-mail.
The first is the personal attack when he calls Intel engineers morons. That 1 little unnecessary addon is uncalled for because it's quite reasonable that there's a lot of politics going on at Intel that's interfering with the engineering work. Could be that the next chip they're taping out can't be fixed properly without delaying & impacting revenue in a way that execs won't allow. Could be that there's legal reasons whereby Intel's "fix" is desirable from a management perspective to continue their denial of a problem with their chips to win or reduce the costs of the class actions. Or it could be any number of a hundred other reasons that the public isn't privy to.
The second, & this is pure speculation on my part that this didn't happen, is that he should have followed this in an offline discussion with the engineer. This public shaming doesn't do any good & just entrenches the frontline representatives of Intel to be antagonistic with Linus rather than to be his allies. I feel like if Linus wanted to be truly effective here in impacting Intel's direction (especially given their constant need to minimize the scale & scope of this problem) he could have followed up with the engineer off-list & gone "your explanation doesn't make any sense. can you clue me in on what's the motivation behind this approach?". It saves the engineer public embarrassment, it gets him an ally within Intel & it lets him have strategic information on what is motivating Intel engineers (consider - did his finger to nVidia in any way improve relations between Linux & nVidia?). Now if he did that & the answer still wasn't OK then he's free to use his bully pulpit as he wishes, but I suspect it was just instinctive & a build up of his frustration with Intel's handling of this whole matter.
The first is the personal attack when he calls Intel engineers morons. That 1 little unnecessary addon is uncalled for because it's quite reasonable that there's a lot of politics going on (...) can't be fixed properly without delaying & impacting revenue in a way that execs won't allow.
If that is really the case, then calling the engineers morons is actually very much called for!
Note this is a hypothetical since it's quite possible it's not the case, in which case even by your logic the moron label is incorrect. So in your opinion engineers are unintelligent because they listen to the demands of people who can fire them or perhaps, god forbid, they're trying to balance technical solutions against revenue? That seems perfectly rational reasoning to me but that must be because I too am a moron.
Very reasonable objection. So the engineers should be called "moral morons" or "ethical morons" because they are willing to follow instructions that stick Intel customers with terrible security problems, to help Intel shore up their share price.
Maybe Linus is being deliberately ambiguous about the type of moron he means.
Or maybe read the thread beyond Linus' rant. You'll get a better appreciation for the context. My impression is that Linus probably just misunderstood what the context/purpose of the patch & he's frustrated by the whole process & venting (which is fine). One thing Linus chiming in did accomplish is that the Intel engineers did a much job better explaining the motivation for the patch. To be fair it would have probably helped if the Intel engineers called it out up-front & explained why that patch is there (although maybe they did - I didn't read too much of it). They explain they knew it would prompt some volatile discussion & was the one they weren't happy about (not that anyone is happy about these flaws) so they made it last so nothing else would depend on it. Once the context was explained other Linux engineers chimed in with a cleaner way to accomplish it. All of these are senior Intel SW engineers and AFAICT they seem extremely competent not just on the Linux part of it but also in terms of understanding all the security implications on the Intel chips (these are easy to hand-wave explain & very hard to fully understand & fix).
All these engineers are in impossible situations trying to fix years of chips while at the same time providing a path forward for chips without these issues. You can call them morons all you want but from the little bit I've read I'm very impressed with their professionalism & knowledge and 100% do not want to be in their shoes right now.
If you had been working in a company that had been stopping you from doing your job then by definition the projection of the results of your work is "the results of my work show that I am a moron".
If you took the brightest person on earth and stopped him from communicating would that still make him "the brightest but unable to share" or would that make him "an idiot who has never learnt how to communcate his opinion"?
I am pretty sure you would pick different names for the same person depending on the situation, especially when it's more complex than a toilet conversation.
It's kind of weird you spin it that way. I've seen all sorts of places and in general people at them bottom eventually stop communicating because people in the middle don't want to hear it. Just now I came out of a small session commemorating the death of a fellow engineer in his late 40s. His problem? Obesity combined with caring too much about things.
That's in fact the big summary of it all. Some people actually have families to take care of. Losing your job for most people is not an option. I personally don't care calling out bullshit, but I also don't have a wife and 3 kids. By that logic losing the job is the stupid option.
I guarantee you that both at intel and at VW people called out the crap from management, were threatened and then decided they don't care enough to risk their livelihoods.
Calling intel stupid is imho entirely justified, but your logic to me sounds weird.
I highly recommend reading the rest of the thread beyond just Linus' complaint. This isn't about Meltdown but Spectre which impacts all CPUs with speculative execution. I believe these patches apply to AMD too even though Intel engineers are posting them as they appear to be generic x86 code. Not only is David brilliant at defusing that situation, he provides quite a bit of context to clarify confusion for external readers while correcting Linus' potential misunderstanding of the patch too. The "moronic" patch Linus is complaining about is to fix Skylake that still is impacted by a potential exploit even with the though the other less ugly fixes fix the majority of chips. David even agrees with the unfortunateness of the whole situation & says he's OK dropping that last patch if Linus wants because the Skylake vulnerability is less clearly exploitable. Ingo provides a follow-up suggestion about a potentially cleaner & simpler way to fix just the Skylake issue which is great & the whole point of how RFCs are supposed to work. So not only does it look like Linus' may have overreacted, it didn't even move the conversation along in any way (angry responses rarely seem to).
> it didn't even move the conversation along in any way (angry responses rarely seem to).
From your other comment [0] it sounds like it worked perfectly. The angry response first got the Intel engineer to defend their work and explain it better than they originally had, then further got others interested enough to improve it.
> did his finger to nVidia in any way improve relations between Linux & nVidia
Purely anecdotal evidence, but in my experience the few pieces of hardware that I can generally bet they'll be fine with Linux are those branded Intel or NVidia (one may argue about the "optimus" thing, but if you want CUDA on a Linux laptop, nvidia's drivers do their job fine in the end, and this is what most Linux users will care about I guess)
Dunno the mechanics of it, but some things did work up just right about this :)
He may be technically correct in his assessment of the quality of the patches (I lack the necessary knowledge to even begin to assess it), but he does not go about explaining this in a sensible manner. He has never fostered a collaborative, inclusive atmosphere around the kernel.
If anybody at my workplace talked to a collaborator in that way they'd be in a chat with their manager minutes later, and if they persisted they'd be in a chat with HR.
For all that has been accomplished with the Linux kernel - and these achievements are huge and numerous and extremely impressive - I do wonder how much better things might have been if Linus was capable of criticising something without calling anybody a moron, swearing or throwing things.
What was in that email that needed that kind of language and tone? What could not have been said with a simple "I will not accept these patches" followed by a calm and dispassionate assessment of his issues with them? There's such an assessment in there somewhere, he's clearly thought it through, but one has to wade through the vitriol in order to get there. This is inefficient as well as hostile to contributors.
And these are people the community depends on for support, so we can run Linux on their products.
Most of Torvalds emails are not like this. In fact most of them are like you say, he explains his thoughts in a sensible manner. It's just when people play with fire that the lid comes of and makes the headlines.
A sensible mail discussing the details of some obscure technicality doesn't make HN frontpage.
I think that is important to note as well. His email normally gets the attention when he is pissed off. But the majority of them aren't.
It shows how angry he is, and how he is upset with the issues. While this could be avoided in a real world scenario, I would have bet if your manager feel something strongly about, they would have went rampant as well. And this is especially in remote working, words are hard to get feeling across without putting some "adjectives" into it.
> Has he ever acknowledged his attitude in any way?
Yes.
> I don't know where you happen to be based, but this 'you have to be nice' seems to be very popular in the US.
> The same way we have developers and marketing people and legal people who speak different languages, I think we can have some developers who are used to—and prefer—a more confrontational style, and still also have people who don't,
> Maybe it's just because I like arguing," Torvalds added. "I'm just not a huge believer in politeness and sensitivity being preferable over bluntly letting people know your feelings. But I also understand that other people are driven away by cursing and crass language when it all gets a bit too carried away.
That's your opinion. Others would say the greater asshole is one who refuses to confront morons with their own moronic behaviour. That person is denying the moron opportunity to self-reflect and improve themselves.
And before you interject, I would also assert that numbing the confrontation with "civility" also nullifies the effect.
Though being wrong and a jerk is definitely worse in a sense, personally I think that attitudes that qualify you as being a jerk only marginally help you in being honest.
The basic idea is that even if someone is a moron, calling them a moron isn't really.... doing much. Very little information, and a lot of rudeness. Telling them that their patch isn't mergable has more info and less raw rudeness IMO
I vehemently disagree for one very straightforward reason: this matter is far too important to prioritise civility over outcomes. This particular matter needs sunlight, and Torvalds' response is giving it a lot of sunlight.
An "inclusive atmosphere" is irrelevant. Pointless. I'd personally say it's counter-productive. There's no scenario where Torvalds' response is going to result in Intel abandoning the Linux ecosystem. The engineers at Intel can now go back to their managers and say "okay, we tried cutting corners and it didn't work."
This is such a broken argument. The one upside of behaving this way is that it makes the HN frontpage and one can argue about the value of that for the issue at hand. It's pretty much established fact that, all other things being equal, being an asshole to people doesn't further your objectives and generally just results in people either ignoring you or getting more defensive and less cooperative than they would otherwise be. Being socially inept is not exactly a rare trait amongst very smart people but let's recognise it for what it is, a personality flaw.
> Being socially inept is [...] a personality flaw.
That's a very dangerous and messed up reasoning. For a significant proportion of the population "society" is just a nasty scheme we put up with since we know not better way of not killing each other or exterminating ourselves as a species... Having to contort and torture one's personality just so you can be "socially adept" is a great pain, and when one occasionally gets away with being able not to do this it's NOT "a personality flaw".
One ought to care firstly for developing his/her personality in whichever way himself sees fit. If it doesn't fit well with society it's not a "flaw"!
(Yeah, if goes overboard and results in a team totally breaking up... even that is not a big deal! Some companies are worth breaking up into pieces. Heck, as long as people aren't literally killing each other it's still not "a flaw". Stop being insensitive and discriminating against people with other notions of relating themselves with the thinggy we call "society" and perpetuating this oppressive culture of admonishing people for being "socially inept". Maybe those people have something better to do with their lives!)
> just a nasty scheme we put up with since we know not better way of not killing each other or exterminating ourselves as a species
Sometimes I "have to do stuff to keep my wife happy." Once I discovered that I'm doing it because I want both her and myself to be happy, and stopped viewing it as an obligation, my life significantly improved. I learned to enjoy the ride. I think it made life a little better for the people around me, too. I learned that being petulant/sulky/edgy was not a sign of sophistication or wisdom.
Similarly, if we don't want to kill each other or exterminate ourselves as a species, then "society" doesn't have to feel so nasty. If you really do want to burn it all down, then by all means, go right ahead. At least that's authentic. But to choose to live amongst society, and still begrudge it, is insanely unhealthy. Literally.
I generally agree with you. My "begrudging" was mostly misdirected anger at the parent poster's attitude of labeling as "flawed personality" the act of very rarely and softly lashing out at society every now and then. Society only gets nasty when we forget its purpose and add too many restrictive rules on top of it and then rationalizations for those rules and so on...
This is obvious, and it's extremely sad to me that people believe otherwise and vehemently argue that Linus is justified in his pety rants. It was always pathetic.
The response is shockingly adult, given the culture Linus insists on trying to push:
What an excellent writeup, despite the tantrum Linus threw just a few replies earlier.
I'd highly recommend only reading the response and avoiding the Linus 'rant'. The rant contains no valuable information, the response is excellent and far more informative.
I'm sure I'll get downvoted though for calling Linus a baby, because somehow insulting Linus for his flaws is never ok but when Linus does it it's so cool!
> since the peanut gallery is paying lots of attention it's probably worth explaining it a little more for their benefit
> not just drop it quietly because poor Davey is too
scared that Linus might shout at him again
> If we can be done with the shouty part, I'd actually quite like to have a sensible discussion
None of this is adult. I'm not directly defending Linus' tone, or claiming that he's "more adult", but derogating and condescending the audience reading these public posts (1st quote), making cheap jokes about Linus' behaviour (2nd quote) and directly insulting Linus (3rd quote) is not what I would define as an "adult" response. Linus' email at least only gets angry and offensive while critiquing the code, and doesn't get personal.
> The rant contains no valuable information, the response is excellent and far more informative
Linus' "rant" informed me that Intel are setting IBRS as a default-off feature that must be asked for - offloading responsibility for security to the software. The response opens by condescending me, tells me that IBRS is expensive (we know), retpoline is performant, and the informativeness seems to stop there.
It then posits that as somehow justifying the offloading of said responsibility with the following:
> Then along came Paul with the cunning plan of "oh, indirect branches can be exploited? Screw it, let's not have any of those then", which is retpoline.
> But wait, why did I say "mostly"? Well, not everyone has a retpoline compiler yet... but OK, screw them; they need to update.
"Screw them" is the crux of his answer to Linus' concerns. Sorry, how is this in any way an adult response?
Really? The long technical explanation, with the word "shouty" is not adult? The plea for sensible discussion?
Your post isn't worth responding to beyond that. You've taken extreme liberties in your reading of his response. "Directly insulting Linus" lmfao are you fucking kidding me? You're calling "shouty" as directly insulting, when it's a response to "Fucking morons" writing "garbage" code? This is disingenuous at best if not willfully ignorant.
Cheap jokes about Linus's behavior?????
Seriously, take a step back and realize the loops you're jumping through to try to somehow justify Linus's behavior by attacking a reasoned response to it.
Yeah you're right. I should have worded that differently, my point was that in using the term "moron", he was focusing on the interface design: code.
Linus' tone is not really defensible, but I just don't think the response compares favourably either.
And, perhaps more importantly, Linus' concerns aren't addressed and the response isn't particularly informative. dwmw2 mentions in comments here on this HN thread that he has been pushing back on Linus' concerns, but the response appears rather to defend those decisions in Intel. Perhaps I misread?
At the end of the day, I just don't care about this tone argument. I only care that the issue is resolved properly, and like it or not, there's nobody I would trust to analyse an issue like this more than Linus.
People in this thread are making the (understandable) mistake of assuming that Linus' remarks were aimed at individual engineers at Intel. But they obviously weren't: they were clearly aimed at senior management at Intel to say "we're not going to accept garbage from you."
And I don't even care if it was garbage. Because either it was garbage, or they failed to demonstrate to Linus that it was not garbage. Either way this is entirely Intel's fault.
Not sure if you're trolling, but please chill out with the personal attacks. I'm sure it feels great to make a stand, but your comment doesn't add anything meaningful to the discussion besides demonstrating your hypocrisy.
Really? My comment doesn't add anything meaningful to the discussion?
I linked to a far more informative post that actually discusses a technical issue. Frankly, the response should have been what was linked on HN, not some rant.
I can't believe the irony of telling me to "chill out" with personal attacks when commenting on a rant that is majority perosnal attacks.
I too am interested in the detailed, specific discussion, so thank you for the link. But I also appreciate strong language calling out bad things with broad consequences. Especially by experts in fields I don't have expertise in. I appreciate the use of strong language as a signal of the current state of the solution and the probability of recurrence. Yes, Linus should modulate his language more. Yes, he's a dick. Yes, he would be more effective if he had more self-control. I just don't think this rant is entirely useless (though it's useless for reasons he did not intend so I can't give him full points)
Sometimes a rant is warranted. Sometimes it's time to get fired up and angry...
The issue occurs if you're not bulletproof on your position and then get too caught up on 'winning the argument' rather than solving the problem at hand.
This is why it's typically best to leave the theatrics aside unless absolutely necessary.
> I'm sure I'll get downvoted though for calling Linus a baby, because somehow insulting Linus for his flaws is never ok but when Linus does it it's so cool!
I'm pretty sure people aren't up in arms about Linus being a baby, but about your refusal to call out people on "subpar performance". Replace "subpar performance" with whatever you feel is an acceptable name for executing wrongly on very bad ideas.
And I feel like you might get downvoted because if there is one thing I HATE about companies, it's that people responding like this always get rewarded.
1) fuck up beyond belief (or just be assigned to a critical project and do nothing)
2) talk about the problem with everyone, without, of course, without fixing anything
3) inflict massive costs on everyone else because of the sudden urgent necessity of fixing your problem
4) get insane rewards for this
And I for one call statements such as the one from the top post here "optimism at it's finest":
> if you call someone a moron in a thread, it's likely to kill productivity and create a negative testosterone ladden atmosphere of people trying to avoid being wrong, and counter attacking others.
Unfortunately, corporate America is FULL, and I mean overloaded to the brim with people who will never admit the slightest mistake, and explode at anyone implying they made a subpar decision.
This attitude to "avoid blame" then proceeds to turn disaster into outright catastrophe. Many of these people who make some level of mistakes will see that not only can they get away with it, but aggressively attacking others for their mistakes comes with great rewards.
I have personally worked with several well known people in my field, who have climbed up the ladder this way. It isn't just that they didn't contribute, but they made great mistakes, both on the technical front (taking disastrous architectural decisions and forcing them through, despite agreement that there were very wrong), and on the financial front (doing budget allocations based on what THEY KNEW was a lost cause, and refusing to admit any fault or change course).
Once it does become clear that a disastrous mistake was made and propagated, and 90% of the budget was already spent (actually more like 150% in both cases), and none of the outcomes promised will be achieved, they then help organise a "code red", a "emergency sprint", an "extra effort", ... to "fix" things. But things are never fixed. Everyone is worse off, and will be for years.
The first few times this happens, these people are then rewarded. Promoted, in both cases. And of course, we are currently in the process of repeating one of these huge mistakes. Last time I so much as asked why this decision was made the guy very enthousiastically gave an answer, and I thought we both agreed it wasn't a good answer.
An hour later my manager asks to urgently see me.
A day later my director urgently called my manager and me to see him.
A week later we went to discuss "safety" with HR. (because of the 10 people thing, I'm sure, read on)
And yet, everybody, and I do mean everybody, knows this is a bad idea. However, having 50 people work for 1.5 years on a bad idea ... well those 50 people call it "a job", and nobody's going to be risking their career on calling this guy out any further (even if I did get 10 of them to walk into that director's office telling him that I did nothing wrong and that it's a bad idea).
But no worries ... no blame. We're still executing on that idea.
Here's the thing though. People always make mistakes. It's an unavoidable fact of life. The more power you have the bigger the scale of your fuckup. The problem is the denial of a problem (which Intel did in some ways & didn't in other) & making misleading statements. Those were all decisions not made at an engineering level BTW so berating an engineer won't help.
Finally, reading that thread further, it does seem like Linus's rant was a little premature & mistaken.
David really handles it well & explains in detail in what way Linus may be misunderstanding what's going on. It's hard to know if that response mollified Linus or if he still thinks it's bunk & that thread was just taken offline so that it wouldn't have the noise of useless spectators chiming in, but it seemed like Ingo was perhaps satisfied & moved the conversation back to a way to solve the Skylake problem in a maintainable & clean way without the undesirable implementation that was originally proposed (you know, the whole point of an RFC). An RFC typically means they were looking for feedback & discussion not getting yelled at, especially for things outside their control. That being said, I certainly understand how frustrated everyone is with this given the amount of work that's been put into this by everyone.
Engineering culture is fundamentally about learning from mistakes (either as a community or individually). We can't fear them & there are limits to how much you can go to prevent making them before you just get decision paralysis. For that reason mea culpas are also unproductive. You should acknowledge your actions & your role in it - if you think you behaved incorrectly then of course apologize if you want to - but the person would made mistakes is just as much a victim of their environment as others (i.e. if I threw you into their position without the benefit of hindsight, would you do necessarily do a better job?) Yes corporate America has issues (as does every human endeavour btw) but I'm not convinced that in any way has to do anything with this discussion.
You do realize Intel has decided to NOT fix this issue, right ? Surely some yelling about this is in order. (because fixing the issue would cost them in benchmarks)
> I'm sure I'll get downvoted though for calling Linus a baby, because somehow insulting Linus for his flaws is never ok but when Linus does it it's so cool!
And
> Downvote away!
You're being far over the top dramatic. It's unnecessary, your setup text did a perfectly fine job of making the argument. The two comments about downvoting detract from the substance.
Is it over the top dramatic because of the exclamation mark?
Regardless, I feel it's important to point out a consistent hypocrisy I've witnessed and experienced. I think it's totally relevant and substantive.
edit: I have no desire to continue a metadiscussion on downvoting. I don't care about downvotes, the downvotes are a symptom of an entirely relevant issue; a community that has a ridiculous double standard for Linus. It was not an attempt to attract or prevent downvotes, or to discuss downvotes, or downvoting, or the culture of voting on HN.
I brought up downvotes as an example of the underlying issue. Clearly I did a poor job of that as it's led to a number of unrelated comments. I apologize for the clutter that a one-off comment on hypocrisy has caused.
That includes votes you're expecting. It distracts from the substance of what you're trying to say.
If you're concerned or thinking about downvotes when you're composing your comment, rethink how you can phrase it: if you think you're "speaking truth to power", "saying what must be said", or "pointing out hypocrisy", or something similar, you're already starting from a position of antagonism, real or imagined. People aren't going to respond to that well. Figure out — or at least attempt to find — a way to express what you're trying to get across in a way that'll be actually heard and understood by those you're trying to reach. What's actually going to make a difference?
If you think that they can't be reached or it's not worth the effort to try to do so, it's likely not worth the effort to comment at all. Given that you are participating on HN, please do make the effort. After all, that's one of the features HN members value: good, quality, constructive discussion.
Attempting to preempt downvotes is passive aggressive and adds nothing to the conversation; adding emphasis is doubling down on that mistake. It never actually works toward preventing downvotes, and instead attracts them. That makes it difficult to know whether the person is trying to lure downvotes on purpose for self-fulfilling prophecy reasons, or whether they actually believe it helps to try to preempt such.
If your argument has merit, it can stand alone. Responding to an avalanche of downvotes after the fact is the only thing I've seen on HN that makes sense. For example to try to counter a perception (eg if you think your argument is being taken incorrectly, or challenging the downvoters to discuss why they're downvoting; that can draw out more substance to a conversation).
See my edit: I don't want to continue this discussion as I have a fairly high up comment and I think this is just a bunch of clutter for the purpose of meta discussion. Talk about 'makes for boring reading'.
A human being can only have one account on one website. How about this - you delete your post, and I delete my post, and we both contribute to the conversation by removing useless posts!
I dream of working on something where the criticism is so honest. Where I don’t have to read between the lines to understand how big of a deal a person considers an issue. Pussyfooting to lessen the blow benefits no one in the long run.
I often end up running my code reviews by other people first to make sure they’re gentle enough because I know people are overly sensitive/attached to their work. It’s a stupid dance and such a waste of everyone’s time. If we could just be honest with each other we could build great things.
I single handledly blame this culture of being nice instead of honest on the total undeniable loss of software qualified across the industry.
I posit there is no nice way to reflect when something is actual garbage. When it should go into the trash bin instead of being merged, even with modifications.
It’s never going to be nice to hear.
In lessening the blow you lose the message. You lose the true meaning. You lie.
I don't think there's a native English speaker in the world who reads the phrase "<x> is garbage" and interprets that literally as "this is just a metaphor for deciding not to use something and thus throwing it out." No, there's always vitriol, and the writer knows that, which is why they say it like that--because they're feeling vitriolic.
I'm sure you can imagine equally accurate ways to reject code contributions; it doesn't really take any creativity. When you say that the "true meaning" is lost, what you're really saying is the true meaning was to make the contributor feel bad. If you want to defend that, go ahead, but that intent needs to be out in the open, not hidden behind the plausible deniability of words.
The vitriol is the most important part of the message. If they don’t feel bad about what they’ve done what reason do they have not to do it again?
Without the vitriol you solve only the most immediate problem, when the true intention of calling something g garbage is to prevent many future problems. You learn nothing from being politely shoed off.
If the person you are criticising gives any kind of shit at all about doing a good job, they will supply their own 'feeling bad' when you demonstrate that they haven't done a good job. In this case, you adding vitriol is unnecessary.
If the person you are criticising doesn't give any kind of shit, then your vitriol will make them feel bad and dislike you, but it isn't going to improve their code quality, because they still don't care. (And if they answer to you directly, they are likely less motivated to do well next time now that you have acted like a prick)
If the person is not able to discern the difference between good and bad code, then it is useful to them if you can explain what it is that you are mad about when reviewing the code, but again in this case, vitriol without understanding just makes you seem like an arsehole to work with.
Are you arguing that it's impossible to learn without feeling bad about yourself? As in, you must feel personally ashamed and hurt, or else you're going to make the mistake again? If not, you're probably going to have to explain your position a little more, because that's how I'm reading it right now.
Note, this can't be some abstract equivalence between "feel bad" and "know you made a mistake," because if that's what you meant, then we're back to the vitriol being unnecessary.
Look back on your life. Do you remember the individual lessons in school? Unlikely. Do you remember the time you got sent to the principals office or the time you got yelled at for breaking a lamp or having a party? Much more likely. Lessons bundled with strong emotions make far better memories.
You learned pretty much everything that you are doing right now and I am fairly certain that 99% or more of that was learned without you feeling bad about yourself.
I for one can't remember a single lesson from school, yet I can still recall some of the stuff I learned and apply it, despite nobody yelling at me for doing it wrong at some point.
Being upfront and honest about stuff is all nice and good but when I give a code review or get one, I find it far better to constructively discuss stuff and not yell at people or insult them for whatever reason. Linus did not even ask why it was done that way, he did not have all the info. Would you prefer being instulted for doing something the "wrong" way, eventhough you had a perfectly good reason for doing it that way? Even if you knew it was "wrong" but there just isn't a good solution and you are just trying to fix the problem at hand?
For sure. The proximate lesson was 'make sure not to trust teacher X or administrator Z; those two are assholes who don't pay attention and just try to solve problems in whatever way is most personally convenient without caring about anyone else or what really happened or fairness.' It was an effective more general lesson in (a) what never to do if you want people to like or trust you, and (b) what to watch out for before trusting someone in a position of authority.
Well I don't remember any of that. Never was sent to the office, don't recall breaking anything save for one of my own plates recently. I do recall a few lessons though. Parties are more of a blur to me. If I recall something with strong emotions any other significant information will be lost. I am definitely personally not capable of learning from someone yelling at me. I will just feel remorse or awful about myself. That is not productive.
Being torn into and being called a moron, useless, pathetic, etc. leaves deep trauma that will bleed into other areas of your life. Even if you're tough and think you've brushed it off.
The idea that we're duty-bound to inflict emotional cruelty on people when we think they've made a mistake is probably the cause of most of the suffering we see in the world.
You can tell someone that their code is very bad and make sure they get it, without trying to twist the thumbscrews and make sure that they feel rotten to their very core.
Please use your thesaurus and enlighten me to how then I say “this code is garbage” in a nice way, while clearly communicating the full meaning of:
- this code is bad
- you should reassess your skills and values
that lead you to believe this was good
- your worldview may be flawed, look into that
- don’t do this again
- you should probably feel bad too, to attach
emotion to strengthen your memories of this
to make this a learning experience
Do you not understand the emotional cruelty of trying to say all 6 things at once to someone who (in theory) is actually trying to contribute?
Maybe someone is not trying. Maybe you're wasting your breath then. Maybe someone is trying, but has an incomplete world view. Ok great, now you've pissed them off instead of saying what's wrong.
Just say what's wrong with the code! That's what actually matters. Not that you think it's garbage.
I chuckled when I saw this. Google processes and code reviews are extremely passive aggressive and very much inefficient, focusing on things that do not matter to the end user. Lots of subtle politics going to do the smallest thing. Lack of care and quality shows. Google is hardly what one would want to emulate. It may be a business success but that is about it; it's as dysfunctional as anything of its size.
Funnily the first core value is focus on the user. Almost no one there ever cares or thinks from the perspective of the user in decision making. Users are incidental to the things that happen there.
I am finding the comments here about how Linus needs to behave properly, like they do at Google, amusing given how often Google and other for profit companies are portrayed as evil empires and FOSS is portrayed as the only moral antidote to the evils of capitalism.
Let Linus swear a little and suddenly those roles are entirely reversed? Really?
Isn't that kind of a non sequitur? The idea that "Google is evil" (not that I agree with it) and the idea that "It's possible to construct a culture where people can air grievances and criticize others without inducing flame wars [like at Google]" are arguments that have nothing to do with each other. There is no role reversal, even if we unreservedly accept both premises.
There is no separating out corporate culture from the fact that it is a corporation. FOSS is not a for profit corporation. Expecting it to function like one is not reasonable. Trying to impose corporate culture as the standard for FOSS is not only not reasonable, it is counterproductive.
If you want corporate software, cool. But if you want FOSS to exist at all, there has to be a fundamental acceptance of the fact that it will have a different culture and a different process.
I will add that his cussing spree here is in response to a for profit corporation trying to shit all over his project. But, hey, must be totes okay for them to shit on it since they didn't use any cuss words or raise their voice.
There is your so called corporate etiquette right there.
Positive team environment and corporate culture are not inextricably linked. They may overlap depending on the corporation in question, but they are not one in the same. This should be obvious since you can have a positive team environment on teams where no corporation is involved (e.g., hobby projects). Clearly the suggestion that FOSS should have a positive team environment cannot be the same as the suggestion that FOSS should have a corporate culture.
Think about how your logic would look flipped around. If leads at Google were encouraged to slap people down when they disagree with their suggestions, then you'd have to suddenly argue that Linus should change his tune because otherwise he'd be fostering a corporate culture, and FOSS must have a different culture than that.
Clearly that, too, would be a non sequitur.
As for the rest of what you said, I think you know no one is suggesting anything of the sort. There's no reason to straw man here.
A. Linus doesn't do this very often. Most of the time, he is perfectly well mannered. But we don't hear about that. We only hear about these incidents.
B. Most of his work conversations occur on the public record. So anyone can get hold of it when he gets riled. When a CEO gets riled, that is much more likely to occur privately and get covered up.
C. He created Linux for free. It is his passion. It shouldn't be surprising that he feels strongly about it when it is threatened.
D. A corporation is trying to fuck his project over, no doubt for personal financial gain. In my book, that is a vastly bigger offense than a little swearing. Etiquette that focuses on polite words and excuses more serious offenses is not a good thing. If corporate culture were really the better answer here, then Linus' tirade would have never happened because Intel would not be trying to crap all over Linux to begin with.
So I find it incomprehensible that anyone would suggest that the solution here is for Linus to operate more like BigCo. He is a guardian of a public good. He is defending it from corporate greed. The lack of moral responsibility of a large corporation is the very reason he is cussing. Expecting him to be more like them amounts to asking him to sell us all out for money and the sake of saving face in public rather than taking a stand on our behalf.
The real focus of this discussion should not be the language Linus used. It should be "What the hell, Intel?" But I am not seeing that focus.
And I can tell you why I am not seeing it: Because no one is surprised or shocked that a corporation would do something so terrible. In fact, we expect it. So we don't bother to try to hold corporations to a moral standard.
Instead, we expect people like Linus to meet a moral standard because he consistently does. Then we give him hell when that isn't an easy thing to do in this shitty world.
The real solution to this problem is to be pissed at Intel, not lecturing Linus that he needs to behave better, just like corporations do. A corporation is the root cause of this issue.
That isn't a straw man. It is the crux of the problem here.
I don't think Linus is wrong for how he interacts with people, but I do worry that people are so easily distracted by his display that the ensuing conversation about his behavior detracts from his message. Nearly every statement he makes like this devolves into musings on human psychology.
People tend to talk about that which is both trivial and emotional and will derail a discussion in that direction on the slightest opening. This is not peculiar to how Linus Torvalds gets treated. It is the default norm for human behavior. Talking about things with actual consequences is often decried as political and deemed not appropriate for civil, intellectual conversation.
Counter point is that Google, like Intel, puts profits ahead of doing the right thing, selling out its users to advertisers with virtual impunity because those same users are addicted to the "free" stuff that Google gives them. So maybe we need more prominent people like Torvalds calling bullshit on them too. Finally we are starting to get such voices re Facebook, but even those not as honest as Torvalds.
Even if I agreed with your sell-out criticism, what makes you think that hurling obscenities and insults at the executives would change that, vs a well written argument that the behavior is wrong and will have consequences that could harm the company?
Simply calling something garbage doesn't elicit change, our political system is the perfect example of that. It creates polarization which, due to human nature, makes can make people less motivated to work with you.
There's no even any evidence Intel did anything wrong. For decades, the market demanded performance, and VM based cloud computing was created long after speculative execution became an industry wide (not just Intel) optimization. The way we use CPUs has changed, our OSes have changed, the threat model has changed, and the sophistication of attacks has changed.
Future CPUs need to be designed from the ground up with modern cloud computing in mind and that's going to take 2 years at least given industry cycles. What do we do in the meantime with our current silicon is the question. Intel seems like they're trying to do the right think by handling failures in retpoline to offer full protection.
But maybe the conspiracies are right, but when has an accusation of some conspiratorial behavior ever been solved by people yelling and screaming moron and garbage?
It's just not the right way to perform an investigation IMHO.
Like most things we only see one part of these discussions. It might be so that this have built up under several weeks/conversations etc and when nothing happens something needs to be done. In a non-cooperative there’s no boss you can turn to when you are unhappy with the situation, in linux’s case few other actual platforms to “turn” to. What do you do when, online, mostly only have your reputation to influence people.
I’m not defending Linus per se, but he do have a really unique position and it’s probably not easy to be in that position and AFAIKT it works. Maybe if it would have been someone else the world would look, most probably, rather different.
It’s really easy to criticize, but frankly none of us knows how it is to be in his situation and I guess he has to deal with his fair share of trolls, morons and energy thieves.
Not just Google. This is standard in any major tech company. His behavior and abhorrent and there is no excuse. Tech should embrace mentoring, learning, constructive criticism, and learning from failures. Yes, this is hopefully a once in a lifetime situation -- but our values need to transcend that. This is not the first time that Linus has swept decency under the carpet. Linus would be such an HR issue at most companies and likely shown the door. If anyone is championing or approving his behavior, this will not win you support and 'points' long term.
I think the context in which Linus exists professionally is perennially misunderstood. IMO he basically has to be this way, or else the kernel would have been effectively stolen by [insert powerful tech company] at various crucial moments throughout its history. I see his particular position in technology as being truly unique, and that it essentially just requires somewhat exaggerated rhetoric and even superficially childish antics to protect the independence of the kernel.
This is not to say that Linus’ behavior is a good model for “how engineers should generally behave”. It just isn’t, and anyone behaving this way in a company should almost certainly be fired. I think he’d probably agree, to boot. But I could be wrong about that.
P.S. I hope I don’t come across with disagreeing with you about any of what you think tech “should” be. I totally agree with you.
Can you show me an example where a leader of an OSS project had reasonable discussions with other developers (read: n steps below calling them morons who write garbage code), and as a result their project was "stolen" by a powerful tech company?
Firefox + Mr. Robot for a very recent example. Someone at some level should have exclaimed angrily that pushing people an extension without their consent that fiddled with content was a “garbage idea for garbage people”.
Instead they lost face and now I and many other privacy concerned users can never trust Firefox ever again.
The firefox situation had more to do with the extension bypassing typical review processes than with engineers seeing the problem but not voicing their opinion. Many Mozilla engineers learned about that debacle the same time that we did.
Your question is constructed in just such a way as to make your point for you. Hopefully you’ll see that it’s far too specific of a demand as to truly support your position. Would you provide me with a less specifically bounded question that you think still captures your position on this?
I asked you to provide an example of the situation you described. I was as specific as you were.
I will try to be more straightforward.
You've stated that Linus has a unique role, and that he has to be this way or he'll lose the kernel/ essentially be worse at his job.
You've provided no examples or evidence (and I asked).
In your opinion, Linus must be this way, it is "just required" by his unique position. We have this totally unknowable position that you, for no apparent reason, assume is best suited to people who insult others publicly. And because this position is unique we can't compare him to others, by nature of the position.
You have essentially placed Linus in a position where you could basically justify anything. "Oh, well, it's a very unique role - you just have to be xyz for this sort of work".
The thing is, Linus's position may be unique, but it has a lot in common with lots of positions we have a good handle on. There are lots of open source leaders out there, lots of people who manage codebases, write code, etc. Maybe not exactly all of those things in exactly the same way, but we have plenty of similar positions.
I do not imagine a community so vehemently defending members of those positions who act like Linus. By your own admission this is a bad model for others in the same exact industry with similar roles - you even say they should be fired for acting the way he does.
So I guess my question is; what unique aspect of Linus's role makes him so different from everyone else with incredibly similar roles? What evidence is there that, against everything we know about positions like the one he fills, acting the way he does is the right way for his role?
His behavior and abhorrent and there is no excuse.
Does he owe you anything? Are you co-workers? Are you in his employ? It´s FOSS. If you don´t like it, walk away. The Linux kernel is his creation, his baby, and he runs the show. You don´t like his behavior? You don´t like his attitude? Fork the code, make your own mailinglist, get a bunch of people to submit patches, and knock yourself out.
I get that he is a "public figure in tech" and all that, but he owes you nothing - I failed to read the memo where he declared to act as a figurehead for proper behavior, or where he agreed to be an example or anything like that.
You are right on some level, but there may be exceptions to the rule. Keep in mind that Google may never have grown beyond its first years without Linux (and Linus guiding it). There was no other economically viable option with development at the state of the art, at least in those days (the late 90s).
Is this public discussion an attempt to "zero in" on this problem? Does anyone outside of Intel "agree" with their current approach? This is a more reasonable situation for the Torvalds method than many others in which he uses it.
>
That's why my initial idea, as implemented in this RFC patchset, was to
stick with IBRS on Skylake, and use retpoline everywhere else. I'll
give you "garbage patches", but they weren't being "just mindlessly
sent around". If we're going to drop IBRS support and accept the
caveats, then let's do it as a conscious decision having seen what it
would look like, not just drop it quietly because poor Davey is too
scared that Linus might shout at him again. :)
>
If we can be done with the shouty part, I'd actually quite like to have
a sensible discussion about when, if ever, we do IBPB on context switch
(ptraceability and dumpable have both been suggested) and when, if
ever, we set STIPB in userspace.
Those seem relevant to the thread. That said - it's really a good read for a technical overview of the issues and patches.
Possibly, but I don't think that arguments, even heated ones, aren't without benefits that may not be otherwise obtainable. Arguments require passion and commitment, you have to care about something to get heated over it face-to-face and when you, as an adult, get upset over something you are putting your reputation on the line to some extent. This motivates some people.
This provokes an interesting question-does googles desire for a very... harmonious work environment have any relationship with their reputation for project ADD?
For me, one of the more difficult type of engineers to work with aren't people low in tech skills or other traditional lacking, but engineers who can't deal with failings generated by other people, in a rational and civilised manner.
Anyone building anything of modicum importance is going to fail. Moreover, failures can be institutional, i.e any process or lack of process, which significantly increases the chances of failure. These have to be dealt with at an institutional level. If the failure is personal, I.e caused by traits specific to the person, can it be resolved by having a better feedback loop. Many reasons to be angry but very few to express it in a confrontational manner. I have many brilliant friends I wouldn’t work with for the above reason.
I agree wholeheartedly that it is not a good way to live. I don't enjoy it.
> I've worked at a lot of places where engineer got into heated shouting matches. It's is not a way to increase the probability of zeroing in on a problem, or reaching agreement faster.
That hasn't been my experience. A boss at a previous job and I often had heated discussions about technologies and direction. It worked for us. We came to great solutions that neither of us started advocating. Years after I left, we are still good friends.
One lady we worked with started keeping a nerf gun on her desk if we got too close to her while arguing. This was the problem for me.
It wasn't good for us to fall back on raised voices to accomplish discussion. It accomplished the goals, but it did it in a way that was bad for our psyche. Even if we are both willing participants in that, we were effecting others who were both not willing participants AND unwilling to speak up because we were both her senior.
So I say fuck that. There is a way to say what needs to be said without being an asshole or spending time trying to make it politically correct. You just have to say the core of what you are trying to say, without the asshole flair attached to it.
Google culture is jerky in it's own way though. The demonization of James Damore was disgusting. Trying to silence educated voices from responding to request for comments on the topic is wrong.
what does work culture have to do with any of this? you want people to always behave as if they are at work? I rather not. companies have no desire to allow any kind of speech that would hamper productivity or create bad PR.
For what it's worth, I would definitely rather work under Linus than at Google. Google seems, from speaking to people who work there, thoroughly unpleasant.
I must say that I'm really happy that Linux is taking a stance on this one. He doesn't care what the legal consequences to Intel are, he is pushing for a proper technical solution damned be the consequences.
Being able to call out bullshit doesn't mean having to curse it out. All Linus needs to do is say something like "I don't understand why this is here, and I'm not merging it until I do", rather than "They do literally insane things. They do things that do not make sense". The latter is not a technical argument, and it doesn't provide accuracy or clarity about next steps.
"So somebody isn't telling the truth here. Somebody is pushing complete garbage for unclear reasons" - maybe the patches are bad. Or maybe there is an undisclosed vulnerability (like https://skyfallattack.com/ ?) that needs this "garbage" to mitigate it, and no-one got Linus properly in the loop. If it's the latter, all this shouting and cursing about "They do things that do not make sense" has likely attracted the attention of people interested in such things...
Sometimes in a sea of noise it's good to have someone highly qualified shouting to make people sit up and really pay attention. Like now, because it is critically needed.
Manners were invented to prevent disease and stuff, but they're also used by the aristocracy to differentiate themselves from the rabble. Complaining about word choice and tone is an example of the latter. "Linus doesn't talk the way good people do."
I think you're misreading my comment. The original post was "we need this brashness", my point is, we don't.
If a specific individual is unable to communicate without that, that's a totally different matter - being able to accommodate a wide church of people is a crucial diversity matter.
Would it have been clearer if I had said "All someone in a project leadership position needs to say ..." ? I'm arguing against that the notion that this approach is necessary, not that it shouldn't be accommodated.
As sundvor already pointed out, Linus's cursing works. He uses it for emphasis, to bring attention to bear where it's needed. Being polite would likely be less effective.
> If a specific individual is unable to communicate without that, that's a totally different matter - being able to accommodate a wide church of people is a crucial diversity matter.
So shouldn't you be OK with Linus cursing?
I disagree here too, though. Cursing is a choice, not a disability.
If, say, a firm fires someone for failing to maintain a civil tongue, I'd hardly call that a diversity problem. It could be quite reasonable, depending on the firm.
> I'm arguing against that the notion that this approach is necessary, not that it shouldn't be accommodated
Define 'necessary'. Would the kernel implode if Linus were more polite? Of course not, but I still agree with sundvor that Linus uses it as an effective tool. He's not just an angry child with poor impulse control.
Linus' cursing works because he's Linus, not because he is cursing. There is really no evidence that if he uses strong but less abusive language the work won't get done.
>> There is really no evidence that if he uses strong but less abusive language the work won't get done.
That is because there is no other copy of Linus. There's plenty of other lesser software developers who can't do a tenth of what Linus did in his life.
There's also no other copy of Donald Knuth, or Dennis Ritchie, or Alan Kay, or any other computer luminary. There's also no other copy of any "other lesser software developer" or you or me or the baristas at your closest Starbucks. What you've said in response is "the sky is blue": indisputably true and essentially irrelevant.
I'd argue that in fact, there is circumstantial evidence that brilliant computer programmers can get work done without occasionally making those they interact with miserable: that evidence is the fact that most brilliant computer programmers get work done without occasionally making those they interact with miserable. There is nothing that requires Linus to make strong points by jumping and down and screaming. That's an affection he deliberately chooses.
There's a strong notion through this whole comment thread of "if he didn't do that, nobody would listen to him," which is absolute nonsense. People don't listen to him because of these kinds of outbursts, they listen to him because he's Linus Torvalds. They listen to him in spite of these kinds of outbursts.
>People don't listen to him because of these kinds of outbursts
Check the title of the thread you're in, and how many comments it has. People absolutely listen to him when he has these outbursts. It's usually a solid indicator there's something worth getting outraged about.
I am guessing you don't read the Linux mailing list if you think Linus goes off like this regularly. Maybe you're confusing it with the OpenBSD list and Theo.
Linus' comments like this make the news because of the content. If he did this all the time - frequently, as you posit - it wouldn't make the news all that often, as it would be normal. Linus isn't a guy who flies off the handle with regularity.
>The original post was "we need this brashness", my point is, we don't.
I think we do when communicating with some people. It's all a matter of context. To 99.99% of people being brash is just going to be a hindrance. For some however it's required for them to see what their actions are not up to standard.
That's my 2c's anyway. I've never had a situation (within the tech industry) where I've needed to be so on the nose as Linus, but a couple of times I've got close after repeatedly telling one person their actions were VERY wrong and risked doing the whole entire team damage.
The original post was "we need this brashness", my point is, we don't.
Anything that speaks for all of us is bullshit, so both of you are offtopic. Anybody who pretends to speak for what "we need" is a charlatan. You don't need to address what one person says their preference for universal organization is. Don't feed the trolls.
BULLSHIT (I hear you like it). It's about basic etiquette, and treating humans as humans. No amount of gifted skill is a threshold for crossing that behavior barrier.
>>No amount of gifted skill is a threshold for crossing that behavior barrier.
Sure there is. You would rather have Linus in your life who yells at people than not. Linus being an asshole is something you have to deal with to get access to his intelligence. I suggest you make peace with this understanding, as it applies to far more people than Linus.
Having a Linus who doesn't yell at people will be any day better than having one who abuses others at will. He needs to take anger management classes. We could seriously do with a little less high-headedness in the world.
And having my cake and eating it too in every scenario would be great. That's not how things work all the time. It's up to you to deal with it, not Linus to change. He's the scarce resource. He has the leverage. You're just someone on the Internet mad.
Even if I was offended by his communication style, I agree that his technical acumen ought to afford him freedom to communicate as he pleases (possibly limiting to the realm of his expertise).
I've found this quote by Neil Gaiman to be applicable to more than just Freelancing:
> You get work however you get work, but people keep working in a freelance world (and more and more of todays world is freelance), because their work is good, because they are easy to get along with and because they deliver the work on time. And you don’t even need all three! Two out of three is fine. People will tolerate how unpleasant you are if your work is good and you deliver it on time. People will forgive the lateness of your work if it is good and they like you. And you don’t have to be as good as everyone else if you’re on time and it’s always a pleasure to hear from you
Again, your understanding is that intelligent people have the right to abuse. That's just akin to supporting oppression of weaker by stronger. That might be how things are for a lot of people, but not how they should be. Also, mad internet people have historically changed a lot of things, so I'm justified in showing my disapproval even if it won't change Linus. Changing at least one upcoming Linus in life would be a good enough goal.
Equating harsh even personally offensive language to "abuse" is the biggest disagreement here.
Many people, myself included, prescribe to axiom of "sticks and stones will break my bones but words can never hurt me" I understand that the current generation believes that feels are the most important thing ever...
I reject the idea that a person has the right not be offended, and I reject the idea that words on a linux mailing list are abuse
Not sure what made you think all these things you're writing. By abuse I simply meant 'verbal abuse'. You yourself first apply hyperbolic meaning to the word, and then say it's not that. The whole argument is kind of strange to me. And when did showing dictionary meaning of the dictionary word I'm using start to be a fallacy of argument?
Either you are trolling, or naive into the Politically Correct Social Justice world around you if you do not understand the point of view I am speaking against.
World where people are fired from their jobs because they tell a joke someone finds offensive, I world where you are just one twit or one overheard conversation away from the outrage mob ruining your life..
lol... No Social Justice Advocates hate freedom of speech as you seem to as well. Flagging is an indication they they disapprove of my views and would like to censor it. It is indication they do not believe in the concept of free speech
:)
Everyone who disagrees with you is either a troll, 'social justice advocate', and what not. Freedom of speech is a legal right, but civilized behavior is an basic expectation and as a privately managed forum HN can enforce their own expected behavior. Your arguments were anyway not constructive as per their guidelines. No further argument from me.
I'm already more concerned about the people who are an actual threat to me, just that I'm also concerned about prolific people using abusive language to insult lesser intelligent people. If I write in the tone that everybody else here is writing in support of Linus' abusive language, I'd say "I am what I am, get over it".
No, it will not. Because then we get a Linus who would have to maintain a filter as well as his technical expertise. The later would suffer, I'm shure.
If you’re worried about ‘cursing’ and you seriously think that it’s something important in the scope of this discussion around security and the grand scale of negligence afoot, I believe you may need to re-evaluate your values.
In fact, the idea that you’re even bringing up such minor language at such a time really disappoints me.
Yeah, it's weird... I get why people would want to call Torvalds out on acting abusively, but focussing on the 'bad words' is odd.
Would I be correct in assuming that the majority of commenters here are from the US? (Not trying to throw shade on you Americans, just that you do tend to get needlessly flustered about swearing)
> Being able to call out bullshit doesn't mean having to curse it out
Sometimes this is actually necessary to get heard, and have the issue taken seriously. It helps providing the feedback that something REALLY wrong just happened and needs to be addressed immediately.
Imagine a sergeant talking to a trainee. What's the most efficient ?
- "Dear soldier, I think the way you handle your weapon is going to get you killed in a few moment. You should probably change that appropriately. If I may provide you this advice, of corse."
- "Stop this shit now! You're going to shoot yourself!"
Of all replies defending Linus I've read, this one hits home run.
Linus himself admits[1] that his outrageous insults are sort of "jokey" and a hyperbole. That's the surface. The underlying tone is to get attention without getting drowned by political correctness.
I do agree his language and tone can be very painful to read. Imagine getting called a moron in front of the whole world, when you could have private conversation first with a smaller group.
When I read his reply, I could feel the pain. I imagined I would reply back to him and say "well fuck you too." When I finished reading the email, regardless of who is more right or more wrong, I can understand and feel his frustration. I would absolutely go mad if someone messes with something I care about, and then have the guts to do fact checks.
But I still think there is room to offer an olive branch, honestly. But given how busy he is, and how many shitty patches they get, I can understand his frustration.
That being said, it almost seems like no one other than him, can do a better job in keeping up with the quality if he has to be the one yelling all the time. When Linus is no longer involved (for any reasons), can Linux kernel project continues to have quality code?
If I've been a moron in front of the whole world, you might as well call me one; that part doesn't make a lot of difference. And if I know I haven't, well it doesn't make a lot of difference if you call me one either. I'm not five years old any more, having to chant "sticks and stones may break my bones..." to convince myself it's true, choking back the tears.
There was no "pain" on reading the reply. Only a minor frustration that there had clearly been a miscommunication about the different parts of the patch series, leading to his objections when he saw something he didn't expect. And certainly no temptation to say what you suggest. It was a technical rant. No people were harmed, and a personal reply like that would have been completely unnecessary.
I was expecting him not to like IBRS. Hell, I don't like it either. But as I said later, it still wants posting in the light of day, and a conscious decision to drop it and accept the caveats, if that's what we're going to do.
Thanks for replying here. I'm not so interested in the debate about decorum and word choice as the technical matter, but it's good to head off the branches of speculation (if you will) into them to have your insights.
The function of the "shouting and cursing" is to draw attention. If Linus had used mild language, it wouldn't be on Hacker News and we wouldn't be talking about it. When Linus rants, it's always something worth ranting about; it's a powerful shaming tool to enforce good behaviour in a world where there's little other leverage.
And in the unlikely event that your theory regarding undisclosed vulnerabilities is true, this will certainly make them think twice about leaving Linus out of the loop again, no?
It turned out that Linus had confused "IBRS" and "IBPB". That seems to me that he didn't understand it.
I'm not sure why saying "I don't understand this" would confer _incompetence_ rather than just not understanding. Understanding is easily gained with good communication. The original patch set clearly doesn't explain the point of the patches well, and everyone gets things wrong as well. There's no shame in saying "I don't understand this", it's not a final statement equivalent to "I will never be able to understand this".
And here[1] is Woodhouse's coherent latest reply as of a couple hours ago on the issue, which explains for all us in the peanut gallery (his words, which I think are spot on) exactly what this is about, why it's included, how it actually affects the situation, why it was put forth at all, etc.
It appears much less sinister than Linus was insinuating, but Linus has yet to reply.
That's an interesting summary but I predict that Linus will destroy him for completely avoiding the hard question: why the fuck IBRS_ALL would not be on by default on future "fixed" chips, if on such CPU it would not be somehow crappy.
And the risk of it becoming architectural (with that absurd default) is insane too.
Why would he do that? I completely agree with him on that, and I already told him I've been pushing back on it since I first heard about it a few weeks ago. Although there are technical reasons why we might need IBRS_ALL as a stop-gap before we can get to a proper solution, we bloody well ought to have line-of-sight to a proper solution in the same way that RDCL_NO says "it's OK, we fixed it" for Meltdown.
But that's a separate topic. As I explicitly said, I limited that answer to the things we can do on current hardware.
In case it’s unclear to anyone, David Woodhouse (the person Linus is replying to / previous poster) works for Amazon and previously Intel[1] aka @dwmw2 on Twitter, ironically his twitter profile is: “Kernel hacker. Known to occasionally promote an attitude of violence towards complete morons.”
*[1] Correction, I thought (as does Google) that he still worked at Intel, but it was pointed out that he now works at Amazon UK.
Thanks for pointing that out - I was under the impression he still worked for intel, before commenting I checked and all the top Google results suggested as much, I’ve corrected my comment.
Note: Also, this is not and please do not turn this into a personal witch-hunt or anything like that, I am just adding context / clarification as to the mailing list thread.
I, too, missed the double-indenting at the start and thought David was replying to Linus. Once I got to the textbook swearing I double-checked and figured it out.
It worries me that this isn't higher both here and on Reddit. I read through the rest of the email thread this morning and wanted to say something but I'm worried that I don't understand it well enough.
I always appreciate Linus' rants. In addition to being somewhat humorous, I usually learn a thing or two from them. It amazes me that people focus on how much of a jerk he's being instead of actually looking at the contents of his emails and learning something.
Really? The internet is full of ranting commenters. They all have content of a sort. His don't deserve any more attention just because he's the subject of a hero-worship cult.
Its actually possible to find thoughtful commentary on most any subject, without suffering jerks.
So we're just to take his word for it? Other than profanity what I read had no specifics, just jerky complaining. By a guy who is arguably not an expert at the issue (of Intel Processor microcode internal vulnerabilities).
A thoughtful comment would have illuminated the issue, explained why the fixes were too broad or not specific enough, and how they could be improved.
> By a guy who is arguably not an expert at the issue
Linus is the defacto expert on the Linux kernel. His familiarity with the kernel and long history on these issues gives him the credibility to say a patch or code is completely nonsensical.
This isn't Intel's first rodeo. They know what is expected and they continue to play games with their code. If they are pushing garbage then there's a very good chance they know it's garbage.
Those other rants are neither entertaining, nor informative. The reasons why I like Linus' rants in particular are because they're fun to read and I learn things.
Also if there are huge changes at the top of the internal food chain a huge corp, which is already slow by definition, will react even slower. This problem set is likely to extend more before it gets better.
I do. I don't know Bloomberg or The Economist that well, but translating the media brands to Dutch ones, I'd definitely care more what Tweakers.net says about something than NOS - tech news versus general news. I know there are a few people at Tweakers who truly understand technology (like, they can probably write code) whereas at NOS you'd be happy if they explain the word "ransomware" correctly.
The Economist is usually surprisingly well-informed about things like these. It's pretty much the only mainstream newspaper where I can read articles about my field without cringing.
This. I'm not really sure if I need other news media in global affairs. If it's important Economist will cover it sooner or later, and if it's not, no one will remember it one month after the fact.
If these media weren't popular or read, there wouldn't be so many magazines still being sold, or tech websites that apparently make enough money to keep going.
The average person is insecure about more advanced details of tech topics, yet still needs to use laptops and smartphones to survive in modern society. That is the vast majority of people, and those are the people you should be the most worried about, because those people decide whether Intel will ultimately get away with this or not.
And honestly, with that in mind your remark looks like a thinly-veiled snobbish remark about how you don't fall for any of that.
>And honestly, with that in mind your remark looks like a thinly-veiled snobbish remark about how you don't fall for any of that.
I'm just dismissing the consumer market as mostly irrelevant in this context, not trying to make any snobbish remarks. We aren't discussing phones or laptops.
Call me crazy, but I would imagine that big Intel customers do not base their purchasing decisions on what Ars Technica, LinusTechTips or Tweakers.net have to say.
I have a gut feeling that all of this madness is driven by legal and management terror. Doing the right thing likely means, to many people, admitting fault. Legal has likely banned anyone from doing anything that looks like an admission of guilt. Management and PR, etc. are all probably about saving face, too. The people who care about doing the right thing from a technology perspective likely don't have any power.
I think we should count ourselves lucky we have someone so good at spotting bullsh*t like this - and isn’t afraid to call it out as they sees it.
Intel & friends have absolutely disgusted me lately, it could be all to easy to settle for less based on their standards, but let’s not let them set the standard - they’ve shown they can’t be trusted with quality and when they fail - they can’t be trusted to be transparent or even take ownership of the problems they create.
Not only spot, but also invests the energy in calling it out and explaining it.
Many business failures i've witnessed happened ultimately because nobody had the energy to cut down the bullshit forest that constantly regrows around a company.
That's the problem with "rockstars and "benevolent dictators", the Linuses and the Elon Musks, isn't it? Everything is great until they go away for whatever reason and nobody can fill the void. Hell, there's people still doubting Tim Cook on whether he can fill Jobs' shoes.
I wonder if something like FreeBSD is better suited for sustainability - from what I can tell, there's no "dictator" figure there, no critical single point of failure.
It makes me wonder if there are ways to structure an organization in a way that once it has found its purpose and voice, it becomes rigid in its trajectory.
Consider an organization that would rather cease to exist or be relevant, than to allow itself all the freedoms to pivot and mutate significantly.
Fundamentally this is the difference between 'organizations' and 'institutions'. In the former, the culture and operation are contained in the people who are part of the organization, in the latter the culture and operation are contained in the rules.
Institutions are much harder to set up, they require that you consider that evil people do evil things, so you have to set up rules and processes. The execution of those rules and processes have to span enough people that a conspiracy would be unlikely. It doesn't always work of course, people find ways to subvert institutions (the zero day exploits of their time).
That's more of a problem with _not_ having them. When you lose prominent contributors you notice how the things were better before, but you are still better off than you would be if they never existed.
>Many business failures i've witnessed happened ultimately because nobody had the energy to cut down the bullshit forest that constantly regrows around a company.
I've worked at a company that had 20 people and a company that's had 5000 and some ones in between.
Going from 2-3 people to 20 is pretty manageable. Everyone knows each other, work gets done, you can call people out on their bullshit, stuff is fixed, because everyone feels responsible and accountable.
Then you go to 100 people and a few of the original 20 leave and the whole culture changes. 1000's of people? Totally different ball game. Incompetence will slip through, no single person has a full grasp on everything, meetings and more meetings and more managers playing broken telephone all day and you got people in different cities and time zones and countries who've never seen each other face-to-face and it's just a nightmare to manage that.
It can be done, but that's when you really need competent managers, and those are extremely hard to come by.
I'm sure there are teams and divisions within Intel that are extremely competent, people at the top of their game who are looking at this debacle and just shaking their heads just as much as Linus.
I'd argue that it could be done, but no longer can. In the past, all of the failings of corporate structures were more than made up for by the value they brought. They solved the problem of distribution, both distributing work to workers and end product to consumers. This was outrageously valuable for a century.
Now, however, it's nearly worthless. Anyone can do distribution, both of work and of end products, with very little effort thanks to computers and the Internet. Now, the limitations of those corporate structures are starting to cut deeper and not be compensated for. Their assumption of all of the tremendous failings of in-person human communication (that 'broken telephone' you mention is only part of it, there's also the inherent prejudices and irrational means of influence at play which are inescapable) in combination with both voluntarily abandoning essentially every single benefit they ever offered to employees and the inherent limitations in such a centralized structure will result in them falling apart. I mean, if the market has anything to say about it. Back when factories got big people accepted things like limitations in variety of goods, limited to nil personalization, etc because supporting those things was difficult for factories. Such is still difficult for large companies. They have executives who want to impress 'grand visions' upon the company so that they have some excuse (both personal and professional) to collect such absurdly overlarge compensation.
The human brain, by the way, is limited to keeping around 150 people in mind and maintaining stable relationships with them. It's called 'Dunbar's Number' and while there's certainly variation amongst different people with regard to it, I think we can safely presume there is no one with the ability to maintain and consider 1000+ stable relationships. That this is not reflected in our social structures is probably an error.
> Not only spot, but also invests the energy in calling it out and explaining it.
Which is why FOSS is so important. Can you imagine a world where Linux was closed source? You’d never have any insight into security patches, or these discussions.
A silver bullet is having one smart guy at the top who doesn't care how much pressure you exert on getting something into the codebase, or how much man-hours were spent (sunk cost fallacy). I think in a lot of "corporate" projects (not-open source) there's much less of that and the software is designed by commission, with the lead developer(s) quickly no longer having much of an influence on the code itself, being drawn away into meetings and such.
> A silver bullet is having one smart guy at the top who doesn't care how much pressure you exert on getting something into the codebase,
Well if Linus goes too far, Google and a couple other big corporate contributors could team up and fork Linux, and it would be very hard for the open project to compete. I think the fact that Linus is so good is a big part of what makes the whole thing hold together.
They could, and they often do (Android and ChromeOS effectively run forked kernels). At the end of the day though, they always wanna rebase against that sweet sweet mainline quality.
I think this is dead on. I think at Microsoft that guy was Dave Cutler. Most of the really well designed stuff seems to have him at the helm - NT4.0, bits of XP, Win2k, Windows Server 2003 and then Azure.
I have a suspicion that Satya's rise to CEOdom via Azure's success could be attributed to him too.
This may be true, but FOSS does not magically make it happen. Many FOSS projects are led or dominated by large companies today; the development may happen in the open, but it is as "corporate" as it gets, and no bullshit calling occurs (or if it does, it is quickly silenced with EWONTFIX & co.)
That's only partially true. When you only have one corporations interests, things get shady very quickly. When you have multiple, competing corporations, they have a vested interest in keeping their competitors honest. It would be very rare indeed to find something that every company wanted to downplay at the same time.
Spectre and meltdown are a great example of this. Sure, ARM, Intel, and (to a lesser extent) AMD may want to downplay these things, but Google did not, so it became a big deal anyway.
Linus would be just as effective if he never used another swear word. It is his technical knowledge, his position as the final committer, and his willingness to stand up for what he believes in, that gives him power.
Ranting and swearing is part of who he is personally, but those are not generally required for being a good project leader.
I think the ranting and swearing help -- they make him more memorable, and therefore more generally well-known. This can then feed on itself a bit to make him more of a public "celebrity" and have more pull than he would otherwise.
I agree that his other skills are likely more important overall, and there are certainly other ways to be memorable, but I don't think you can discount the contribution of the ranting.
As long as a person doesn't pretend they've never been cruel to another person, it isn't hypocritical to call for more kindness. There is also a huge difference between using salty language to emphasize when something is massively complicated versus emphasis when calling someone a huge idiot.
As far as this particular Torvalds screed goes, it strikes me as measured for him. He is very clear about what he wants more of and what he wants less of. It's the code that is garbage, and he doesn't get overly personal other than to chide Woodhouse for glossing over the quality of Woodhouse's own contributions.
edit: ahh right, "mis-designed by morons" which is pretty inflammatory, and he should do better than that. I suspect he is trying to provoke someone at Intel into explaining their intent. Insult their intelligence, and they'll reveal something about their (possibly sinister) motive.
Ironically, Sun might have not had to sell themselves to Oracle, and the world's server's might be running on SPARC chips that are immune to these issues.
Linux is what allowed Intel to get its biggest foothold into the UNIX server market.
> and the world's server's might be running on SPARC chips that are immune to these issues.
Given enough time, SPARC chips would also become vulnerable to these issues. See what happened to ARM: their later (higher performance) designs are more vulnerable than their older designs.
>Ironically, Sun might have not had to sell themselves to Oracle, and the world's server's might be running on SPARC chips that are immune to these issues.
Solaris, with the exceptions of a few bright stars like DTrace and ZFS, always seemed like a POS to me, compared to linux. Especially as a work-station. Sun went full retard with Java everywhere right before they went under and I have a feeling the Solaris Desktop experience, and by extension the UNIX desktop experience, would be something from my worst nightmares, something to make wish for Windows Vista.
This is true, but if there hadn't been Linux there would have been something else to fill this niche (runs on commodity PC hardware, zero license cost). Sparc/Solaris wouldn't have continued to rule. Intel would have found some other workable solution.
True. And we'd have the same issues with this processor family now...
Don't get me wrong, I love Linux and loved FreeBSD back when it was more easy to choose... But I do think the 'free UNIX' movement has had unintended consequences like the demise of Sun, and perhaps now also this exposing of a failure in what was a desktop class chip architecture that was elevated to server usage.
Indeed. For one there was the 386BSD lawsuit, for another there was HURD. Torvalds himself has stated that if HURD had been usable at the time, he would not have bothered working on Linux.
Honestly, back when Linux started getting momentum, RMS' GNU/Linux argument had merit. Most of the stuff people where running on top of Linux, never mind using to develop Linux, came from the GNU project.
That world was the late 90's / early 2000's. Yes, Linux was around, but every startup was buying Sun hardware since it wasn't quite mature yet. Sun was the dot in .com after all.
I actually worked at a startup that threw out a working Linux / MySQL solution in favor of a Sun / Oracle one. Because, you know, VC...
> Not only spot, but also invests the energy in calling it out and explaining it.
> Many business failures i've witnessed happened ultimately because nobody had the energy to cut down the bullshit forest that constantly regrows around a company.
The sad thing is that people have unironically labeled Linus "toxic" for calling out crap very bluntly like this.
We should treasure it while it lasts, before PC culture silences him. And before downvoting, recall how many threads regarding Linus abusive behavior (sic) we've had.
Pc culture? What are you talking about? Linus is pc (in that he doesn't go on misogynistic, racist, or similar rants and doesn't denigrate people for their non-technical decisions) , he's just not nice to those that should know better.
While I think you've also been bitten by the "we accept everyone! (who thinks the way we do)" crowd as well, this is not the place or the way to express that frustration.
Some people think that directness and honesty is identical to saying racist, sexist, and homophobic things. So "PC" becomes equivalent to "lying to make people like you."
There are plenty of ordinary people that e.g. prefer one religion to other or believe in traditional gender roles. Some of those people believe they should be able to express those opinions in the same way people express opinions about diversity or equality regardless if other people considered those opinions e.g. sexist. I happen to disagree with those people, but I wouldn't consider their opinions less serious.
So you wouldn't consider an opinion 'less serious' if the opinion is that directness and honesty is identical to saying racist, sexist, and homophobic things? Because that's what we're talking about, and I would absolutely write that off as 100% nonsense. Just because someone believes in something doesn't mean it's not stupid.
The argument goes like this, the acerbic culture that grows around Linus is toxic towards female and (sexual/ethnic) minorities, because such contributor are disinclined to join projects where the lead can get verbally abusive.
From what I've gathered the findings are based on real data.
Speaking for myself, this is partly why I want to contribute to the kernel.
I tend not to take my own mistakes very seriously unless they come with serious consequences. Having someone I respect tear into me would, I think, force me to take greater care and apply more attention to my work than I already do.
I've heard similar anecdotes from people who have contributed. I even recall a female contributor say something positive about it.
Then you're needlessly limiting yourself, as you'd very unlikely run into any verbal abuse.
If anything you'd have trouble getting code in because maintainer thinks it would add more complexity than is necessary, or would make his job harder in the future, or after writing and testing the code, you'd find out you should have been doing things differently, etc. These are much more probable ways to get discouraged from contributing kernel code.
There's a high bar to getting code in, and that can be frustrating. But it also keeps the mainline attractive to users and developers, because of ever improving code quality.
I'd be absolutely terrified to submit a patch, ever.
"What the fuck is this? This came from Satan's butt-hole. Kill whoever did this - kill them immediately, here, I'll go and find this asshole who submitted this patch, and do it for you, you lazy ingrates, why do I have to do everything around here?"
This isn't some lone beginner trying to help improve Linux, this is a billion dollar company with decades of experience trying to cover their own ass. Judging by Linus' thousands of emails on the mailing lists, any reply you got would be polite and helpful.
If Google were making you upload the patches to fix some huge problem in every Chromebook, you wouldn't get the beginners treatment. If it was some universal bug fix or optimization I doubt the Google connection would matter.
Can we stop repeating this? Assertiveness and assholery are not one and the same. Linus has both in abundance, and we can decry the one without wanting the other to go away.
Linus "being an asshole" is what drew attention to this issue. His caustic nature is marketing of a sort.
It's clearly putting additional pressure on Intel. How you feel about that depends on how you feel about them furiously trying to sweep everything under the carpet and hoping nobody notices.
Personally I think his humiliation of Intel here is putting necessary pressure on them. If he couched his terms and tried to be "nice" about this they wouldn't feel nearly the same pressure.
See it from this angle: if Linus wasn't known for flipping his lid all the time, him flipping out _this_ time would be even more impactful. Overuse makes it progressively less remarkable.
I wasn't even saying that his tone on this particular instance was excessive. I was responding to the general accusation that "PC culture will silence him". There's exactly one sentence I have issues with here ("the whole hardware interface is literally mis-designed by morons"). The rest of the email is toeing the line, but manages to be forceful without being outright insulting.
Adding another perspective: as someone who follows kernel news very casually, it's pretty near impossible for me to determine which instances of "Linus curses something/someone out" are related to actual Serious Things Deserving My Attention. There's a bit of boy-who-cried-wolf to the whole thing.
>See it from this angle: if Linus wasn't known for flipping his lid all the time, him flipping out _this_ time would be even more impactful. Overuse makes it progressively less remarkable.
I don't. This is pretty much part of his brand. He's developed a reputation for flipping his lid and lambasting people who have always deserved it using entertainingly colorful language. That's why these rants still get to the top of HN.
>I was responding to the general accusation that "PC culture will silence him".
I mean, that seems to be what you're trying to do by demanding that he water his language down to something that has minimal emotional impact.
It's not like using the word morons is particularly offensive, either - except to the people who actually deserved it (Intel).
>There's exactly one sentence I have issues with here ("the whole hardware interface is literally mis-designed by morons").
Which is the sentence that got this rant on hacker news, which attracted all the attention which is necessary in order to put pressure on Intel to fix their shit.
> Which is the sentence that got this rant on hacker news
And yet the title of the submission is "Somebody is pushing complete garbage for unclear reasons". That's a good suggestion that the moron quote is not "what got this rant on hacker news". Perhaps it's on hacker news not because the form is inflammatory, but because the content is insightful.
Maybe—just maybe—the fact that the Linux project lead publicly accused Intel of not having their shit together is newsworthy and would end up on the front page of Hacker News no matter what tone it was written in, because that is newsworthy enough in and of itself.
That's insane. That's effectively saying that we shouldn't be critical of other people because criticism has a chilling effect (unless you're Linus, in which case it's A-OK to be both critical and an asshole about it).
Who said anything about democracy? The whole approach of private enterprise is to build up barriers (competitive advantage) AGAINST the prevailing tide. That's how positive change (differentiated goods, wealth) is created.
From what I gather, some of this is cultural. His country of origin is just generally blunt and direct about things.
That directness is generally associated with multicultural environments where subtler context-dependent communication simply does not work. Some of the quotes I am seeing here from him are things I think are unnecessarily harsh, but most are not.
Discussions about something he has said or written seem to inevitably comment on his speaking style and divide up between those who praise it and those who vilify it. I feel it is mostly a positive, but discussions could benefit from a little context and broader perspective of that detail.
As a fellow Finn, I agree that our country is probably much more blunt and direct than the impression I get how the US works. That's also the way I like it, and I think you have gone way too far in the US in this politeness thing.
However, Finland is culturally quite homogeneous, so I think the reason behind the bluntness is not what you suggest it may be.
For a Finn, I think Linus is on the blunt side, but he's not an extreme case. In fact, I'd argue he's not an extreme case even among non-Finns; it's just that most people only hear about his rants.
Also, I find that Linus is somewhat quick to judge things, and often his reactions are based on a misunderstanding of the facts.
Well many years ago his rational (which I agree) was that you should not be vague on the mailing list or people will be confused and Linux Kernel is serious. For all those who do not like this attitude, I point you to the responses coming from Intel/AMD these days. In AMD's response to specture v2, I still cannot understand the text if they say their CPUs are exposed or not. If it wasn't because of the comments in here I would have guessed that they may not.
> From what I gather, some of this is cultural. His country of origin is just generally blunt and direct about things.
Maybe he just is what he is. The differences between individuals are greater than differences between cultures. I'm from Finland and I can assure you that Linus' style of communication is not a norm here.
I'm not sure. Finns (and swedes) are considered introverted, with shoegazing issues. That kind of directness looks like a personality trait (acquired maybe) and not default.
> From what I gather, some of this cultural. His country of origin is just generally blunt and direct about things.
I've heard this blunt(/direct/honest) argument quite often (and the same about my country, The Netherlands), but I've also seen Americans in IT who can be very blunt. I attribute it not to country_of_origin, but to the [autism] spectrum.
I'm not autistic but I'm blunt. I do it for a few reasons: 1. It's important, 2. It saves time, 3. It gets to the point, 4. I'm usually aggravated about something, 5. Some people like to dance around conversations, 6. I'm older now, so I don't suffer fools lightly, 7. It usually snaps people to attention instead of some half thought out reply.
I used to try to be tactful with everything I would say, but that ended up in a 4 hour discussion / argument with someone who was digging in their heels about something they were wrong about. Huge waste of time and energy. It would blow a whole day.
When someone is being blunt with me, I take the time to make sure my response is clear and concise. It certainly has it's advantages. I try to keep the swears to a minimum. I'm not a drill sergeant, but I definitely make my point clearly and forcefully.
I am not autistic. I have spent a lot of time around the American military and I tend to be direct.
Anytime someone suggests that my directness means I must be autistic, they are a) making a faux polite personal attack that calls me a social retard and b) looking for an excuse to ignore and dismiss the substance of my points. I don't consider it to be a good faith form of engagement.
Nobody called you autistic or a social retard. It is a spectrum as well, some people with autism are far more socially retarded than others. If you want though, you can call me autistic. I take no offence at that, not in the last place because I have a ASD diagnosis.
What I said, is that I find autism another [plausible] explanation. Because being honest/direct/blunt is a trait people with ASD suffer from (since they have less of the social awareness which puts the brake on the sharp edges). I find it more plausible than country_of_origin (TBH I find that a -perhaps harmless- form of discrimination/racism), but certainly I did neither imply nor argue that it is the only, sole explanation!
> ... I've also seen Americans in IT who can be very blunt. I attribute it ... to the [autism] spectrum.
Please stop. It's unhealthy to pretend that undesired behaviors in IT are generally the result of autism. It perpetuates an unhealthy culture by essentially saying that guys (because it's only guys who are excused this way) in IT are not responsible for their behavior. It's also insulting to people with autism to lump their legitimate social difficulties in with people who are simply choosing to be assholes.
If a salesperson or marketer or artist or executive is blunt/rude/an asshole, no one assumes it's because they're autistic. It's assumed that this is part of their personality, because they find it more effective to communicate this way (or in some cases, that they're simply bullies).
There is no indication I see that Torvalds is autistic. He's certainly not socially awkward. He manages an organization of thousands of contributors very effectively. If he's blunt or rude, it's because he chooses to be.
> It's unhealthy to pretend that undesired behaviors in IT are generally the result of autism.
Not what I did; no need to start bifurcating. What I asserted (or, what I meant) is that people on the spectrum are more common in IT. I never said that everyone in IT is autistic. I never argued Torvalds has autism.
> It perpetuates an unhealthy culture by essentially saying that guys (because it's only guys who are excused this way)
No idea where you got either of these red herrings from. That's certainly not what I asserted.
I do want to note though that women with autism largely go un(der)diagnosed.
> It's also insulting to people with autism
Hi, I have autism, as I acknowledged in another post throughout this thread. There's a rule on HN that you shouldn't assume the worst explanation from a post. Well, you just did, cause why would I willingly try to insult everyone with autism if I have it myself? How that make any sense whatsoever? I don't see at all why my post can be considered offensive unless you resort to things like bifurcations...
> It's also insulting to people with autism to lump their legitimate social difficulties in with people who are simply choosing to be assholes.
People with autism need to function in a non-autistic society. The current therapy I am getting is focussed on that. Using autism as an excuse isn't acceptable; its considered counter-productive.
> There is no indication I see that Torvalds is autistic. He's certainly not socially awkward. He manages an organization of thousands of contributors very effectively.
I don't find him very strong, socially. Read his body language while he's giving a talk. He's shy, at the very least. Just because someone can express themselves easily via e-mail doesn't mean they're not socially awkward.
Also, what I quoted is not mutually exclusive. More importantly, there is no such thing as a binary autism flag; it is a spectrum.
What Torvalds suffers from is that he expresses his anger with unnecessary cursewords in order to give his arguments strength (a fallacy). To name another example: I've never seen RMS do that, but I have seen TdR do that. I find neither of them particularly strong socially, either.
Both my sons and their father likely all qualify for an ASD label, though none of them has been officially diagnosed. My sons are vastly more socially savvy than their father, largely due to having been raised better.
I know a lot about the topic of autism and related issues. I get tired of seeing social difficulties chalked up to a label of some disability or other. It takes a couple of decades to properly raise a human and prepare them for their role in society. A large part of social skills are learned behavior. This is why we have the term socialization.
Furthermore, different approaches are normal in different contexts. Someone who is not autistic and has no difficulty understanding and navigating social things can have trouble when placed in a new situation, including but not limited to a different culture.
Accusations of being autistic as an explanation for abrasive behavior are almost never sympathetic. They are almost never an attempt to understand why someone is coming across poorly and find a way to better interact with them. They boil down to a suggestion of incompetence and a dismissal of the person's position, as well as any legitimate anger or frustration they may be feeling.
There are cultures, including the American military, where being very blunt is the norm. As others have noted here, when people accuse someone of being rude, it very often means they don't like being disagreed with and are just looking for an excuse to be offended and level accusations. It isn't actually possible to find a way around that. People who are going to hurl accusations and focus on your style of communication as a way to try to avoid dealing with the substance are not acting in good faith. There is no means to be both polite and effective with such people. They will not like being disagreed with and will hate you for that piece of it no matter how you present it.
It seems you are trying to be an advocate for yourself and others with the same diagnosis. This is not the way to go about it. It comes across as simply insulting Linus Torvalds as an excuse to not take his position seriously while at the same time slandering the entire IT profession with a tired and untrue stereotype that everyone in IT has terrible social skills and they are all just aspie.
You keep saying that you have an ASD diagnosis, you don't see the points other people are making and then concluding they must be in the wrong. Let me respectfully suggest that you are missing some contextual cues. Meaning of words does not occur in a vacuum. Context matters.
There are ways to be a representative of your demographic and an advocate for others like you. This is about the worst possible way to try to do that.
> Accusations of being autistic as an explanation for abrasive behavior are almost never sympathetic. They are almost never an attempt to understand why someone is coming across poorly and find a way to better interact with them. They boil down to a suggestion of incompetence and a dismissal of the person's position, as well as any legitimate anger or frustration they may be feeling.
Completely disagree. The OP said "blunt(/direct/honest)" is a common feature of autism and autism is common in the tech world. Just because some people may take issue with others being blunt or overly direct doesn't mean it's a negative thing, nor an insult or an attack on autism.
Acceptance of this trait may be cultural but primarily it seems to me to be a personal preference.
Every person's personality is built on a multitude of positive/negative traits, nobody is perfect and it's not that big of a deal having a few flaws. Flaws are often the the type of thing which makes people interesting. But I'm not even convinced this is even a flaw in the first place.
Some of the smartest people I know are blunt/direct and it's a personality trait that I personally seek out in my friends/partners. I find it makes for the best type of business partner and reduces significant amounts of drama and long-term conflict. But I understand it's not for everyone and lots of people misunderstand their intentions or are uncomfortable with raw honesty. But outside of the person not being rude, talking out of place, having basic social grace, etc... that's on them if they don't like it. It's not a flaw in itself, only if it's used incorrectly.
Of course not all people who are blunt/direct are autistic either. I don't think the OP made the implication either. That's common sense, we all like to make generalizations or identify patterns of behaviour, but that does not mean they believe it applies to all people or that they are implying correlation always equals causation.
This sounds to me like a misguided attempt at protecting people from any type of potential discomfort, while ignoring the context of the use of such language and the situational context. This is a primary issue with this political correctness fad. Not to mention valuing hypothetical/potential feelings over honesty, truth, and reality. Certain words, descriptions, or generalizations such as this are not inherently wrong or insulting or malicious. They may be used wrong or be insulting in certain context, but what the OP said is not one of those situations.
> Both my sons and their father likely all qualify for an ASD label, though none of them has been officially diagnosed.
> I know a lot about the topic of autism and related issues.
Me too. I have a diagnosis based on DSM-5, and with ICD numbers (for insurance related reasons I guess). My cousin had an Asperger diagnosis based on DSM-4 when that was still relevant. My partner likely has autism as well (though its difficult to diagnose for females), and I am getting therapy as well; both group therapy and family therapy. My partner received partner group therapy. I suspect its mostly from my father's side, but I see traits in my mother's side as well. Regarding my parents; I believe the spectrum was a non-conscious or perhaps subconscious important reason why they felt attracted to each other. YMMV.
> I get tired of seeing social difficulties chalked up to a label of some disability or other.
As a general note we shouldn't diagnose other people, but that wasn't the intent of my original post at all. I merely noted its a trait people with autism commonly have.
Conclusions such as that all people with autism have this, that all people in IT have this, or refuting such conclusions are all bifurcations from your own conto; not mine.
Why are people with autism often too direct? It is due to a weaker Theory of Mind (ToM) [1].
On HN we need to assume people mean the most positive with their posts. If we apply this on life, then all people want to function in society [even with their disabilities]. They want to have success in their communication. Heck, I do too! A repeating failure to communicate is a red flag of something being wrong with that person. It'd mean that those who are responsible for that person (professionals including in medical field, but also teachers, parents/caretakers, and if they're adult: themselves) should consider to seek professional help. A lot of people in our world end up in (deep) trouble such as addiction or prison while professional help could've helped them, and that very much saddens me (am currently watching series Orange Is The New Black).
> It takes a couple of decades to properly raise a human and prepare them for their role in society. A large part of social skills are learned behavior. This is why we have the term socialization.
For most people, they get to basic social levels during teenager years or young adultery. The problem is that people with autism -more so those without therapy/help- are generally worse at learning this (some are downright terrible).
Its important to note that not everyone has autism has exactly the same issues. Some people don't have much issues with ToM but rather with executive functioning (EF), or central coherence (CC). And even then, the lists for each of these are long. Specific sub-traits might be better or worse within each specimen.
> Furthermore, different approaches are normal in different contexts. Someone who is not autistic and has no difficulty understanding and navigating social things can have trouble when placed in a new situation, including but not limited to a different culture.
Well, that's including someone with undiagnosed autism, or mild autism. I recommend to stop seeing a situation like this as black-and-white (stop bifurcation) and start seeing the shades of grey.
> Accusations of being autistic as an explanation for abrasive behavior are almost never sympathetic. They are almost never an attempt to understand why someone is coming across poorly and find a way to better interact with them. They boil down to a suggestion of incompetence and a dismissal of the person's position, as well as any legitimate anger or frustration they may be feeling.
I don't see it as an accusation. I don't see autism as a negative trait per see. Not at all. I see it like a knife or computer; a tool which can be used for good and evil. That does explain why we're having this discussion in the first place though.
> There are cultures, including the American military, where being very blunt is the norm.
It should be noted this is a top-down hierarchy, and the bluntness is top-down as well; not bottom-up. The arguments used by such cathedral-style hierarchies are comprised of argumentum ad baculum (see hereunder for further discussion).
> As others have noted here, when people accuse someone of being rude, it very often means they don't like being disagreed with and are just looking for an excuse to be offended and level accusations.
That depends on their other arguments. Pointing out a fallacy such as an argumentum ad hominem doesn't mean everything the person said is invalid. It just points out the person is (partly) using a fallacy to make their point. It is, essentially, akin to telling someone to tone down their voice. Yes, it can be frustrating to hear that when you're angry, but that doesn't mean the person who points that out is wrong.
Similarly, someone replying to Torvalds: "could you please make your point without insults and vulgar language" isn't saying Torvalds has no point. As such, painting it as if I am trying to attack Torvalds with an ad hominem here is... frankly ridiculous. I don't always agree with his viewpoints, but I got nothing against the man.
> It seems you are trying to be an advocate for yourself and others with the same diagnosis. This is not the way to go about it. It comes across as simply insulting Linus Torvalds as an excuse to not take his position seriously while at the same time slandering the entire IT profession with a tired and untrue stereotype that everyone in IT has terrible social skills and they are all just aspie.
I'd say that's far-fetched and full with assumptions but if that's your interpretation of my post(s), so be it.
(I can't control myself to not include this so FYI: "Aspie" no longer exists since DSM-5. If someone calls me an Aspie they clearly are using old, outdated terminology.)
I attribute it not to country_of_origin, but to the [autism] spectrum.
And you now say:
As a general note we shouldn't diagnose other people, but that wasn't the intent of my original post at all. I merely noted its a trait people with autism commonly have.
Those two things don't add up. Maybe think about that.
There is a lot of other failed communication happening here that I don't really think is worth trying to talk more about.
You made a blanket diagnosis for an entire industry and for a common human behavior when you stated that you attribute bluntness in IT to autism.
DoreenMichele provided your own quote again for context but you yet again talked to different tangents. I can't tell if this is really a communication breakdown or if you're willfully avoiding the fact that you essentially said "programmers are Aspie" because you don't want to address your own prejudice.
If you believe that bluntness in IT is generally attributable to autism, then let's talk about that some more, because this is an incorrect and unhealthy belief. If you don't believe it, then don't say it, because it perpetuates this unhealthy viewpoint.
It seems you are not reading my posts at all. You are coming across like a zealot who is on some kind of holy crusade. I already said that the conclusions you draw are far fetched, you claim they're entirely logical. We don't agree, and we clearly won't agree either.
Furthermore, you put words in my mouth, and you paraphrase me with words I didn't use and would avoid. I would not describe Torvalds as a programmer, and I would carefully avoid the word "aspie" or "asperger" ever since I learned they're superseded (since my diagnosis, Sept 2017). Because THAT word is stereotypical whereas the spectrum is far more broad. There is no shame in being autistic/ASD/part of spectrum either. I certainly don't feel ashamed about it (I'm not proud about it either btw).
I have no interest in discussing this further with you because I have no interest in getting convinced by you that autistics aren't part of IT while I am getting signals that people within the spectrum are indeed overly represented in certain professions, including IT. But that wasn't my point because if I wanted to draw a caricature of an autist in IT I got far better examples available.
Go spend your time convincing someone else instead, and perhaps consider a worthwhile subject instead of nitpicking on a conclusion you drew and aren't refuting with data either.
TL;DR:
> If you don't believe it, then don't say it, because it perpetuates this unhealthy viewpoint.
Again you avoid the actual conversation in favor of tangents. No one is advocating for the term “Aspie” or saying you used it. No one is saying that no one in IT has autism. No one is censoring you. And no one is misrepresenting you by making direct quotations from your own post.
You directly accuse someone else of racism for saying that Finnish culture is blunt. But you happily attribute bluntness in IT to autism. I cannot believe you are this lacking in introspection and self-criticism.
I'm not sure what you mean by "bifurcating" in this context but this is exactly what you did. You literally said that you see blunt communication in IT and attribute it to autism spectrum disorders.
> What I asserted (or, what I meant) is that people on the spectrum are more common in IT. I never said that everyone in IT is autistic. I never argued Torvalds has autism.
I did not claim that you said everyone in IT is autistic. I'm saying that your assumption that blunt/direct/whatever behavior implies autism is both incorrect and unhealthy. People with autism spectrum disorders may be over-represented in IT (people claim this; I have no idea if it's actually true), but even if so, it's still a small percentage of total people in IT. Attributing entire classes of common behavior to autism is incorrect.
You did not directly claim that Torvalds has autism but you did assert that you assume autism in the face of Torvalds-style behavior.
> Hi, I have autism, as I acknowledged in another post throughout this thread. There's a rule on HN that you shouldn't assume the worst explanation from a post. Well, you just did, cause why would I willingly try to insult everyone with autism if I have it myself? How that make any sense whatsoever?
I didn't say you're trying to insult people with autism. I said you're doing it. It's undoubtedly unintentional, but it's absolutely insulting to take an undesired behavior and associate it with an entire group.
If I say that when I see fat people, I assume they're Americans, that's insulting to Americans. The fact that I happen to be American doesn't change that.
> People with autism need to function in a non-autistic society. The current therapy I am getting is focussed on that. Using autism as an excuse isn't acceptable; its considered counter-productive.
Assholes also need to function in society. Pretending that they're autistic doesn't help anyone. It certainly doesn't help people with autism.
I'm not in any way saying that people with autism spectrum disorders don't need to function in society or that autism should be an "excuse" for anything. I'm actually saying very much the opposite. Rude behavior should not be attributed to autism, partly because that's not a valid excuse but also because most rude behavior does not come from people with autism spectrum disorders.
> I don't find him very strong, socially. Read his body language while he's giving a talk. He's shy, at the very least. Just because someone can express themselves easily via e-mail doesn't mean they're not socially awkward.
I probably overstated when I said he's "certainly not socially awkward". He is a little awkward in talks. However, lots of people (most, probably) are uncomfortable with public speaking in front of large crowds, and I don't think his level of awkwardness seems unusual. And of course shyness is not synonymous with autism. I still don't see any evidence that Torvalds has any form of autistic disorder.
> Also, what I quoted is not mutually exclusive. More importantly, there is no such thing as a binary autism flag; it is a spectrum.
No one said there's a binary "autism" flag.
> What Torvalds suffers from is that he expresses his anger with unnecessary cursewords in order to give his arguments strength (a fallacy).
Torvalds is not generally criticized for "curse words". He's generally criticized for bluntly insulting people and their work. When he says someone is "fucking insane", the problem isn't the fact that he used a curse word. It's that he's insulting someone. The cursing is perhaps another layer on top, but if he dropped the word "fuck" into every email but did it politely, no one would call him an asshole for it.
But I also don't think Torvalds is really "suffering" as a result of his communication style. The only negative I see is that people criticize him for it periodically. But overall it seems to be working and the negative repercussions are minimal to nonexistent. He gets attention on the issues he cares about and HN says he's mean. I doubt he loses sleep over the criticism.
There's another explanation too, which is that if you pay attention as you age, you find that nicely wrapping up all your engineering points in a polite wrapper can very easily put you into the unenviable position where half your audience doesn't correctly penetrate the circumlocutions to understand what you were trying to say, while the other half goes right on ahead and gets offended anyhow, because what they are offended by is that you are disagreeing with them at all, no matter how much padding you put on that.
I'm probably still too verbose (ha... "probably"... I flatter myself), but I went through a phase in my late teens and early twenties where I qualified and wrapped in polite circumlocutions everything I wrote. It makes in incomprehensible, honestly, and it doesn't work anyhow. I still got flamed. (Good ol' Usenet.)
There's a time and a place for politeness. That time and place is most times and most places. There's a time and a place for directness, bluntness, and even outright impoliteness; I'd submit "Intel is just going to leave a critical vulnerability in basically every CPU in the world, and throw up an obfuscating cover of flags and workarounds and PR to try to pretend otherwise" is a reasonable time for those things.
(Personally, I don't expect miracles. Intel ought to come out and say "Look, this is going to take some years. Here's some workarounds in the meantime, and here's our plan going forward." I think everyone who understands the situation understands that a true fix is very difficult. But if it looks like they're going to try to skate by on some weak workarounds and a heavy dollop of PR, the industry as a whole really needs to pushback, not just Linus.)
I'm not sure you replied to the correct post since it didn't really seem to be about Linus's style.
Anyway, this argument comes up again and again. Regardless of the style in his country and language or origin he is writing in English, in public, for an international audience. One expects a different sort of tone.
I don't think I can agree with that statement :)
I'm part of the target audience and that tone is _exactly_ what I'd expect instead of polite talk that dances around calling out BS for what it is.
The merits or demerits of that tone are another issue. I'm responding to the claim that Linus uses that style because it's the style of the country he comes from. I don't think that argument holds much water.
Saying that you expect a different tone because he is currently writing in English, in public, for an international audience is not the same as saying that his culture of origin in no way influences his communication style.
That's like saying because my mother is now an American citizen, she should obviously no longer have a German accent. You may personally feel she has some obligation to do her best to lose the accent, but regardless of the standards you would like to see imposed on other people, most people remain influenced for life by things they grew up with.
Ah, I think I completely misunderstood you. When I read
> From what I gather, some of this is cultural. His country of origin is just generally blunt and direct about things.
I assumed you meant
> His country of origin is just generally blunt and direct about things and that is sufficient justification for his using a rude tone on a public mailing list
and I was also rather confused because this seemed to be a non-sequitur. I thought you had indended to reply to one of the other comments criticising his tone. On rereading it now seems that you were saying that
> His country of origin is just generally blunt and direct about things and this is why his is good at calling out bullshit when he sees it
Sorry for a double misunderstanding. If I hadn't made the first one I wouldn't have made the second one either.
> in English, in public, for an international audience. One expects a different sort of tone.
I agree that this is true, but two points stick out to me:
1. Generally the motive for this convention stems from organizations wanting to sanitize their image.
2. FOSS project communication is overwhelmingly pubic.
If we accept that all organizations need some amount of blunt communication at some point, and if we accept that public bluntness has so far not had a measurable negative perception impact for Linux, then it seems inevitable that the project will be an exception to expectations.
I also see Intel lawyers working overtime, closely interacting with marketing, to somehow ward of lawsuits coming from Google, Microsoft, Amazon, which must be seeking ways out of Intel contracts to turn towards AMD processors for their currently more attractive TCO characteristics.
There's no question that Intel's response is entirely dictated by the legal ramifications of the coming lawsuits.
...but irrespective of that, it ALSO appears that there's no leadership within Intel to actually fix the underlying issue.
I don't care if the PR is BS - that's what I expect. But if the chips are not fixed the right way, I'm taking my business elsewhere, and I'm not alone.
You face a big issue there. Meltdown is a core architecture issue. It will take a long time to make a fix. Add to that the need for a completely new branch predictor (a notoriously hard design issue) and you're talking about a lot of time. Intel and AMD should already have next years designs done (AMD has said as much with Zen 2). You'll most likely be looking at late 2020 to early 2021 before the fixed architecture is thoroughly tested, taped out, and being produced in volume.
So are we saying that since nothing is getting fixed in that interim period, that AMD chips suffer much less performance impact due to their lesser exposure to the issue?
I highly recommend all of ribbonfarm and especially:
- ancient rivers of money
- The Return of the Barbarian
- Can Hydras eat unknown unknowns for lunch
There is also a more recent one where he writes about young people and their attitudes about money and property ownership and "life scripts" that was here on HN and metafilter and other places but I don't know the name of it ... was quite good.
There's some bias to this, though. Good management is much more "everything and everybody just seemingly by if self seems to be more or less in the right place" and less "Steve Jobs screaming at everybody about rounded corners and then everybody realising five years later that this is actually a much bigger deal than everbody except Jobs saw at the time" -- in other words, pretty invisible.
I'm curious, how were the round corners important? I like them, and I buy his argument that nothing in the real world has sharp corners, but Android has had sharp corners forever. (I'm asking because I'd like to know the answer, not because I'm asserting the opposite.)
Best i can tell, the latter crops up because of boardroom meddling pushing the focus towards quarterly earnings rather than long term sustainability of the company.
Yea... and what about every other chip maker who also have the same exploits? Can someone explain whether AMD and Qualcomm licensed this tech or if they also independently made the same mistakes? Either way, we really haven't seen much activity from them either.
There are fewer people trying to attack AMD's chips, they comprise such a small chunk of the installed CPU base out there that most attacker's won't be going after a system containing a CPU from AMD. This may change in the next year or two though, at which point the vulns that are likely in their Platform Security Processor may bite them in the ass.
Qualcomm on the other hand has taken the "fuck security" approach and failed to clean up their code and get it mainlined for nearly all of their common SoCs. Hence why Android phones are often trapped on old versions of Android when launched or shortly thereafter, long term security through the device lifecycle is a bad joke when Qualcomm and most other ARM vendors are involved.
> Hence why Android phones are often trapped on old versions of Android when launched or shortly thereafter
The reason why most android phones don't get upgrades (or only one) to newer android versions has absolutely nothing to do with qualcomm lack of care regarding their cpu's security.
It has been quoted by Google developers on why Nexus 5 fell off the support track so early, around the same time Nexus 4 did: it took a herculean effort to get the binary drivers to even remotely work right on Android 6 due to being unable to drag in newer kernels.
This is partially why Treble is being worked on, to just completely disconnect the actual Linux-based HAL from "the OS", thus trying to negate a lot of the oblate stupidity from vendors like Qualcomm and have a shim in-between your actual phone, and Android itself, in hopes to fix stuff.
That is just an excuse from Google that many blindly accept.
First, of all there are legal obligations known as contracts. If Google was serious about Nexus 5 support from OEMs, it would have had contract in place that would assure the necessary support regardless of what OEMs would decide.
Secondly, Treble is yet another solution that will die, because Google, again, decided to leave to OEMs the task of delivering Treble updates, without any kind of legal obligation.
Additionally Android devices that get upgraded to Oreo aren't obliged to be fully Treble compliant, only the ones released with Oreo.
So, many new devices planned to be released in 2018, are based on Android 7.0.
> First, of all there are legal obligations known as contracts.
That kind if snark is unnecessary and degrades the conversation.
> If Google was serious about Nexus 5 support from OEMs, it would have had contract in place that would assure the necessary support regardless of what OEMs would decide.
I'm not sure who you are referring to with "OEM" here, but Google took on the responsibility of maintaining the OS images for the Nexus devices, not the companies they contracted to build them.
> That kind if snark is unnecessary and degrades the conversation.
May be, but apparently discussions about Android's and OEMs usually leads to hand waving regarding the legal options available to Google, if they really cared about enforcing updates.
> I'm not sure who you are referring to with "OEM" here, but Google took on the responsibility of maintaining the OS images for the Nexus devices, not the companies they contracted to build them.
Like the customers they have abandoned after TI cut down support on their chipsets?
Had Google taken the legal requirements to enforce TI to maintain support or face monetary sanctions for the three years it was supposed to take place, this would not have happened as it did.
LineageOS (ex-CyanogenMod)'s flavour of Android 7 works just fine [1] on Nexus 5.
On the other hand - yes, hammerhead is stuck on Linux kernel 3.4, which is no longer maintained, and current best effort to forward-port to mainline kernel [2] is far from complete.
Among other things this means that there is no workaround for Meltdown on this hardware, which it is likely vulnerable to. [3]
Actually it's one of the major reasons. When Qualcomm stops providing support for a SoC, the OEMs can't update the device even if they wanted to. It's not the only reason, but it is a very major blocker.
The issue is how Intel is handling these problems. If other vendors handle their issues similarly, they may deserve a similar response, though Intel, as the market leader in x86-64, has a special responsibility (and corresponding culpability), as other vendors may have to conform to remain competitive, as the marketplace is capricious in rewarding virtue.
You’re conflating Spectre with Meltdown. Linus’ response is specific to Meltdown, which applies only to Intel chips. Spectre applies to numerous other architectures.
Uh, Linus is very specifically talking primarily about Spectre. IBRS, IPBP, and retpoline are all Spectre specific mitigations. The Meltdown mention is a sidenote.
Actually that's pretty scary. Are the rest of heavy weight kernel code maintainers too stupid for than then? If it weren't for Linus' hard judgement? Would we then buying badly engineered products without ever questioning?
He lives under the sword. The moment he stops being right, everyone will swiftly turn against them.
What separates them is that they're almost never wrong. Not when they pull out "this is garbage" card.
This is a difficult ability to learn. You need to stay quiet most of the time, then be a complete asshole when it's important.
I really hate that aspect of our industry. But that's just hating on humanity. Apes listen to apes that shout, but only when everyone else is listening too. Otherwise you're just a dick with no influence.
The key is to hate that Linus is a bully while also respecting him when he's right.
It's super frustrating because I feel like any of us could have written that, and no one would care. Literally no one would listen. But Linus says it, so it bubbles to the top of HN and now we're counting our blessings for how lucky we are.
Try to remember this next time someone says something that sounds crazy. Your instinct should be to suppress your skepticism and think whether it has merit. It might piss you off, but is it true? That's the important bit.
And not just for design, but for everything.
(I'm sure whoever came up with the current design isn't too happy about Linus calling it garbage, but they'll just have to deal with it.)
I think there needs to be a clear distinction of what a bully is and what they do. Bullies are violent for no reason, for the pleasure of it. Linus is at most verbally harsh for pretty obvious reasons, the main reason being the harsh his language the more important the issue is. His attacks and critique are never on the personal basis, yet people get offended for no apparent reason instead of focusing on the issue. So, yes, it seems to be evident that those people are scared of other people who are able to speak their mind freely. People who are doing important jobs like maintaining critical code are cowards who break under the slightest hint of critical pressure (no, not all are cowards, but that's the trending issue right now). And then I read something like this above "I hate it when he's right and gets away with his bullying". The IT-industry is doomed. When criticism is being judged by how it's carried and who is criticizing rather than what is criticized and how important that is. If everything is going to shit some day then it's because someone was too scared to speak their mind.
> His attacks and critique are never on the personal basis
I don’t know how you can believe this after reading even a few of his messages. Read the message which started this thread and count the number of times where he is talking about not just the quality of work but the person who produced it.
It’s possible to be blunt and unforgiving about code without saying that the person who created it is a moron.
Well, jeez. If I messed up badly and my boss, colleague, wife calls me a moron about this particular mess it doesn't mean they think I'm a moron generally, they just call it as it is, and I'm responsible for it. I don't take it personally just because they call me a 'moron', especially if I deserve it!
That means that if you get offended by the way someone else criticizes the mess you're responsible for you are not accepting the responsibility at all! Well, now that's an interesting insight!
The behavior you’re describing may be satisfying for the person slinging insults but is widely recognized as unhelpful by most management or educational guidelines because it doesn’t lead to any positive outcomes but does lower morale and increase stress.
Most people are going to take it personally, especially when it’s public in front of their peers, and since it’s so lazy and unhelpful there’s no benefit from doing that rather than, well, anything constructive
I agree with that. But, even though it's all true what you are saying, within the context of the argument about Meltdown they definitely need to be able to suck up the blame for it. Being called a moron doesn't make this mess less bad.
Arguments on the internet are held public most of the time + it's all public record. Personal insults are generally not acceptable. But when is it personal and who decides what's personal and what not? Where is the point when insults are the least important part of the issue? Should the insulted person always take insults personal regardless what issue at hand?
I understand that sometimes an argument about an issue in reality is a battle of egos. But, seriously, Intel trying to wiggle themselves out of the noose with it's not a bug it's a feature PR stunts, I think insults are as appropriate as "thank you" and "have a nice day". So, if anyone says or does something stupid for no apparent reason, questioning the sanity of their decision making by calling them a moron is the way to go, imo.
If that is true then Linus is a wrong bully. I haven't seen him continuously targeting other people personally to make them look weak. He criticizes other people's bad decision making or bad judgement, not their persona! There is a clear difference here!
But I get the point that there's more to actual bullying than I initially stated, thanks for clarifying that.
>> His attacks and critique are never on the personal basis
This is really not true. Linus takes it way too far from time to time. The person is always in the wrong, but Linus goes well beyond what is necessary.
Again, I get it and I don't mind. But he makes it personal occasionally.
I would say, er, this time, partially. On the patches pushed by David, apparently he confused an acronym, and the patch Linus ranted about being garbage may not be so garbage-y. At least, David pushed back on his messages with some of his reasoning, and a kind note to tone down the shouty (http://lkml.iu.edu/hypermail/linux/kernel/1801.2/05282.html). Linus's rants on the general Intel situation still seem to apply. :)
People get angry, it happens (a bit more with Linus than some, it's a personality flaw, but it's not like any of us are perfect). I guess the general thing is more that, for some reason, people are way too overly fascinated with Shouty Linus compared to Linus the general kernel developer. There's a lot of posts on the Linux Kernel list... but the odds of a single post from this list being shared on social media dramatically increases for every Linus swear word included.
"You're a moron, because of this and that issue" isn't as personal as "you're a moron, because you were born stupid, and your family is stupid too" See the distinction? It's up to the person to take it personal or not to.
Jobs was a bully who got the big picture right, but often got the details wrong; folklore.org has plenty of stories about people going round Jobs to get shit done.
Linus is abrasive, but he usually has a good explanation for why the target of his ire is a moron, e.g. everytime some coder without Linus’ experience suggests converting the kernel codebase to C++.
Let’s be honest, most developers are average at best, and knowledge is our status play. Scoring points against Linus’ decisions are one way to get you noticed, which makes him a target. If I had to deal with that shit everyday, I would do my best to discourage point scorers by putting them in their place as well.
This is the only way you can get Linus to really lose his shit. I'm surprised his comments in this Intel thing approach the level of anger he has for C++. It's my barometer for how important something is to him.
I think you are very harsh with "they’ve shown they can’t be trusted with quality". Their product is incredibly complex, it's amazing only so few mistakes like this happen.
I totally agree with "they can’t be trusted to be transparent or even take ownership of the problems they create" though. When you play at Intel's level and mess up on that order of magnitude, doing what they did make you loose all trust.
> Intel & friends have absolutely disgusted me lately [...] - they can’t be trusted to be transparent or even take ownership of the problems they create.
Well, it's the natural outcome of a system based entirely on competition. When the only incentive is "beat everyone else, nothing else matters" then this eventually happens.
There's lots of people who call out bullshit. But people usually don't listen or respect them unless they have power - which Linus has. There are plenty of other professionals who have been complaining lately.
I'd like to believe that one of the reasons Linus has that kind of reaction is because of the scope and impact his decisions and this kind of patches can have on people all around the world. This is a very specific situation, in which the advices in Sandya's article may not apply.
However, I fail to see how Sandya's observations are BS. A code review is a place to improve code and oneself, and there's a pretty large distinction between constructive criticism and sarcastic/aggressive comments. Being respectful/mindful of your colleague in that situation is in my opinion the minimal requirement.
In many cases it's not a patch that is a problem, it's the submitter and their approach/mindlessness/laziness/ethics that led to the patch being of an unacceptable quality. If you are trying to fix a watch and someone comes and suggest to hit it with a hammer, there's really not much place for being "respectful" with an answer.
> If you are trying to fix a watch and someone comes and suggest to hit it with a hammer, there's really not much place for being "respectful" with an answer.
That's actually the opposite of what I see in Linus. He seems to reserve these responses for people who should have known better.
So if I suggest fixing the watch by smashing it with a hammer, it probably wouldn't even merit a sideways glance. I'd be ignored like background noise. (or at most, invited to look for something more in tune with my skillset, perhaps hanging wallclocks).
When Intel show up with a hammer, the hammer is only half of the offence.
People are quick to downvote calling such things BS, because it sounds just nice and well-intentioned when presented like that. The problem is that such "rules" can be and are used to harass and shame people who are focused on the code and just want to get things done, without either sugarcoating their thoughts or being intentional assholes about it. It also just plain ignores people who actually prefer getting plain, straight to-the-point reviews, and makes their preferences less valid.
In an ideal case, the reviewer "should" perhaps consult with the reviewee's therapist and craft the reviews to most benefit the reviewee based on their emotional state - but we don't have an ideal world of infinite resources, and some of these rules go beyond a reasonable "don't be an asshole" line and make code review into an even more mentally taxing task: one where you can't treat the other person as an adult peer, instead having to talk to them as if they were insecure teenagers who could misinterpret anything as rudeness or attacks on them.
Actually, if what you are looking for is "to the point" reviews, then you should agree with the article's advices. To name a few:
- Pointing to a common reference instead of simply stating your opinion in a review will get the improvement you want done faster
- Writing a single comment for a repeated error is faster to do for the reviewer
- Explicit communication instead of emojis and sarcastic comments will bypass the need for further explanation, which will make the whole process faster
Finally, you seem to take issue with only a few of the author's points ('some of these rules go beyond a reasonable "don't be an asshole" line'), could you explain which ones and why? I am interested to know what exactly makes the process too taxing for you.
Don’t be silly. Those are just the baseline of efficient professionalism. Harnessing anger is out of scope of those, just like knowing mouth-to-mouth, how to use the fire escapes, knowing what your stock options are worth, when to blow a whistle to corruption, when to break the speed limit to save a life, or whatever the hell other important facets of life exist.
Linus Torvalds stands guard over the the most import bit of human infrastructure ever in the history of the world. I mean that literally. There is no one thing that is so universally important.
If I were Lord God of the cosmos, I'd give Linus Torvalds my magic and go farm Yabbies and sleep like a retired God at night, knowing that the world will be even better in the morning.
Sorry, but being "nice" is totally inappropriate and unhelpful.
We all get X +/- N points to assign to various traits and skills. Linus maxed the intelligence and technical ability sliders and somewhat ignored the charisma and tact ones.
I agree with you, and though I haven't evaluated your first statement, the fact that I have to think about whether or not you are right at all is good enough.
We don't have to like Linus' communication... methods. I often don't. But no one is perfect, and I'm willing to cut Torvalds some slack for being a dick for past - and future - accomplishments. People think that greatness doesn't excuse demeanor... but it does when the greatness is that far along the SD curve.
> We all get X +/- N points to assign to various traits and skills. Linus maxed the intelligence and technical ability sliders and somewhat ignored the charisma and tact ones.
That's an unhelpful model. It implies that hitting the gym or studying or putting on make-up will make harm you in equal measures as it helps you.
It does make me worry about the day that Linus retires. I imagine the kernel has enough momentum to carry on for a while but without a leader like Linus I can see it very slowly starting to unravel and quality issues starting to sneak in, much like we're seeing with post-Jobs Apple.
Thankfully it doesn't seem that time is coming any time soon.
> I can see it very slowly starting to unravel and quality issues starting to sneak in
I know what you mean here, and I agree with you 100%.
That being said, I can't help but chuckle because if you've ever looked at a vendor's GPL source code for the kernel (Android phone, NAS/router) you know it's the SoCs vendor's old SDK (lots of bodge) with the ODMs additional bodges for their product customizations.
Yes, I am VERY glad that the mainline kernel has Linus and his nose for BS. But just go look at the vendor forks if you want to see some even worse shit than these patches!
Allwinner's GPL is basically garbage. You can find quality rants from tkaiser (Armbian) about this.
MediaTek doesn't even release theirs! Yes, this IS a GPL violation, and no they don't seem to care.
At least Amlogic seems to have woken up and realized an active kernel development community is an asset for them.
What about *BSD ? How are they managing their kernels and other important decisions?
I know next to nothing about the BSD communities, my only interaction with the BSD is discussing the taste of a pizza Theo de Raadt and I shared about 20 years ago and young me had no idea who he was. I later heard he is at the helm of OpenBSD and is used to strongly defend his opinions but it is only hearsay.
I have no idea how FreeBSD or OpenBSD communities are organized but I suspect they might not be relying on one specific individual for their major decisions?
As for NetBSD, there's hundreds of people with commit access and a small group of respected developers to resolve disputes, with some extra democracy / laws restricting it. FreeBSD is similar but I never bothered to check the details.
I think we generate less hackernews-worthy drama posts overall because when someone is repeatedly abusive, they're asked privately to stop/apologize, and if they keep at it, they risk being kicked from the project.
With hundreds of contributors and a weak hierarchy, no one person is too important to be kicked.
Are people reading the rest of the thread? Linus admitted mistaking an acronym and changed his tone from "pushing garbage for unclear reasons" to just "garbage patches".
Can it be that Linus is so angry with people and their incompetence because he actually gives a shit about Linux and the code?
I'm not interested if his rants are ethic or not, if they are effective or not. I'm just trying to understand why he's ranting? Because he's an ill adjusted person? Or is there something else?
Linus is 'infamous' for being very angry with people who write shitty code. Why is that? If you read the chapters written by him in 'The Hacker Ethic', you find out that he codes because he's enjoying it, it's what makes him happy, so to speak. Therefore, he is invested in the code he writes. It's not just a job for him. It's his life's project, his 'baby' if you will.
Can it be that because he's so emotionally invested into the code, when he sees that other people push shitty code and don't care about it, the intensity of the emotions he feels are way higher than the emotions of a manager who's just 'doing his job'? Can it be that because he cares so much, he's having a hard time not reacting so 'emotionally'?
I think we've covered the technical part of this now, not that you like
it â not that any of us *like* it. But since the peanut gallery is
paying lots of attention it's probably worth explaining it a little
more for their benefit.
This is all about Spectre variant 2, where the CPU can be tricked into
mispredicting the target of an indirect branch. And I'm specifically
looking at what we can do on *current* hardware, where we're limited to
the hacks they can manage to add in the microcode.
The new microcode from Intel and AMD adds three new features.
One new feature (IBPB) is a complete barrier for branch prediction.
After frobbing this, no branch targets learned earlier are going to be
used. It's kind of expensive (order of magnitude ~4000 cycles).
The second (STIBP) protects a hyperthread sibling from following branch
predictions which were learned on another sibling. You *might* want
this when running unrelated processes in userspace, for example. Or
different VM guests running on HT siblings.
The third feature (IBRS) is more complicated. It's designed to be
set when you enter a more privileged execution mode (i.e. the kernel).
It prevents branch targets learned in a less-privileged execution mode,
BEFORE IT WAS MOST RECENTLY SET, from taking effect. But it's not just
a 'set-and-forget' feature, it also has barrier-like semantics and
needs to be set on *each* entry into the kernel (from userspace or a VM
guest). It's *also* expensive. And a vile hack, but for a while it was
the only option we had.
Even with IBRS, the CPU cannot tell the difference between different
userspace processes, and between different VM guests. So in addition to
IBRS to protect the kernel, we need the full IBPB barrier on context
switch and vmexit. And maybe STIBP while they're running.
Then along came Paul with the cunning plan of "oh, indirect branches
can be exploited? Screw it, let's not have any of *those* then", which
is retpoline. And it's a *lot* faster than frobbing IBRS on every entry
into the kernel. It's a massive performance win.
So now we *mostly* don't need IBRS. We build with retpoline, use IBPB
on context switches/vmexit (which is in the first part of this patch
series before IBRS is added), and we're safe. We even refactored the
patch series to put retpoline first.
But wait, why did I say "mostly"? Well, not everyone has a retpoline
compiler yet... but OK, screw them; they need to update.
Then there's Skylake, and that generation of CPU cores. For complicated
reasons they actually end up being vulnerable not just on indirect
branches, but also on a 'ret' in some circumstances (such as 16+ CALLs
in a deep chain).
The IBRS solution, ugly though it is, did address that. Retpoline
doesn't. There are patches being floated to detect and prevent deep
stacks, and deal with some of the other special cases that bite on SKL,
but those are icky too. And in fact IBRS performance isn't anywhere
near as bad on this generation of CPUs as it is on earlier CPUs
*anyway*, which makes it not quite so insane to *contemplate* using it
as Intel proposed.
That's why my initial idea, as implemented in this RFC patchset, was to
stick with IBRS on Skylake, and use retpoline everywhere else. I'll
give you "garbage patches", but they weren't being "just mindlessly
sent around". If we're going to drop IBRS support and accept the
caveats, then let's do it as a conscious decision having seen what it
would look like, not just drop it quietly because poor Davey is too
scared that Linus might shout at him again. :)
I have seen *hand-wavy* analyses of the Skylake thing that mean I'm not
actually lying awake at night fretting about it, but nothing concrete
that really says it's OK.
If you view retpoline as a performance optimisation, which is how it
first arrived, then it's rather unconventional to say "well, it only
opens a *little* bit of a security hole but it does go nice and fast so
let's do it".
But fine, I'm content with ditching the use of IBRS to protect the
kernel, and I'm not even surprised. There's a *reason* we put it last
in the series, as both the most contentious and most dispensable part.
I'd be *happier* with a coherent analysis showing Skylake is still OK,
but hey-ho, screw Skylake.
The early part of the series adds the new feature bits and detects when
it can turn KPTI off on non-Meltdown-vulnerable Intel CPUs, and also
supports the IBPB barrier that we need to make retpoline complete. That
much I think we definitely *do* want. There have been a bunch of us
working on this behind the scenes; one of us will probably post that
bit in the next day or so.
I think we also want to expose IBRS to VM guests, even if we don't use
it ourselves. Because Windows guests (and RHEL guests; yay!) do use it.
If we can be done with the shouty part, I'd actually quite like to have
a sensible discussion about when, if ever, we do IBPB on context switch
(ptraceability and dumpable have both been suggested) and when, if
ever, we set STIPB in userspace.
Are state actors or others trying to take advantage of meltdown needing fixes & patches to insert their own version of fixes & patches that end up benefiting them?
As far as we know, there has never been a single attack using either of specter or meltdown issues. No code had been found, nothing.
It appears to be very difficult to take advantage of, and the initial idea of a JavaScript exploit seems to not be possible.
Part of the reason for all of this might be that the attacker needs to run code on the target machine, and one the attacker can do that, there are far easier ways to read memory.
Meltdown is almost trivial to take advantage of, as these things go, and it was discovered independently by more than one researcher. That makes it somewhat more likely to have been exploited by a government level attacker.
However, just being able to read all of kernelspace is more of a force-multiplier than being useful on its own. You still need to get your code executing in user-space to do anything, ant it's value even then is at least partly tied up in its ability to easily defeat KASLR.
Trivial, yet nobody has managed to produce a working exploit that doesn't require a running start. The poc exploits wouldn't work in the wild. They are running with interference of a real system.
Also, meltdown requires the data to be snooped to be in L1D cache. So the current demo exploit has to keep pushing the data into cache to be read.
Something simple like steal a password from sudo should be trivia right? I'd not convinced i need to worry.
And making non public facing machines pay the price of the mitigation seems like too much.
Absolutely. I will be really pissed of if I'm forced to run a -30% kernel performance on my dev laptop, or god knows how much of my 1/2 decade old T420's to fix a problem I don't have. Yes, I expect my cloud provider and bank to apply the patch, my ARM based router is fine.
- cookies (e.g., for online banking sessions)
- keys (e.g., for pushing to git repos)
- browser history
- identities (oh, did you post anonymously somewhere?)
- ...
PoC code that runs in-browser exists. It's only a matter of time before it's weaponized.
I'm afraid that jnordwick doesn't consider PoCs to be "real" enough for some reason. [0] I think he's waiting for a piece of malware to be found in the wild before he'll consider it a problem.
Just something that would work in the wild. There are a number of things that might theoretically be possible if the machine of complicit with you but aren't actually exploitable.
Like i said:
- JavaScript appears to not be a possible attack vector. So now we're just worried about already had access to run a native binary.
- so a native program that sat snooping sudo passwords would be a good demo, but obviously if a rogue binary had to sit running for days with only a part success rate, we would be able to attack stupid managers and evil corporations because it wouldn't be very impressive. If I'm already running binary code, i have a lot of better ways to attack the system.
> JavaScript appears to not be a possible attack vector. So now we're just worried about already had access to run a native binary.
All the major browsers have pushed patches, to close this, because it was a gaping hole. You're only not worried, because they've already fixed it. (Well, when I say major browsers, I haven't seen or heard anything from Microsoft's Chakra engine.)
Take note that it involved killing off SharedArrayBuffer in JS, at least for now.
> but obviously if a rogue binary had to sit running for days with only a part success rate
That's misreading the situation.
A tight loop is required, yes, with partial failure, but it is not so low as taking days. The original implementation [0], read at around 10KB/s. Whilst that isn't fast if you're somehow trying to read gigabytes of data into cache, and then attack it, it's more than enough to read passwords out of data.
> So now we're just worried about already had access to run a native binary.
Now we're worried about any unpatched JavaScript engine, like perhaps Chakra, which would make all Edge users vulnerable.
You also don't need access to an executable binary. You could also target any DLL that gets dynamically linked on Windows. In fact, the example Windows implementation hooks into ntdll.dll, which has a known location on all versions of Windows, which allows it to bypass ASLR.
I'm not sure I understand his position on Spectre, but he's been pretty clear that for the most part he's been talking about Meltdown. Honestly I'm not familiar with how much of a perf hit the Meltdown patch alone causes, because I always see the bad perf numbers with their combination, but I suspect it's bad. Since Meltdown has no JS exploit, there's no reason to worry about JS. Given that browser exploits are out of the question, the threat reduces to the normal threat of running untrusted code. I see no reason to worry more about Meltdown specifically than I have to worry about any application I run sneakily running `xinput test-xi2 --root`, so given the choice, I'm not going to apply the Meltdown patches on my desktop machine and suffer a perf hit for no good reason. Spectre patches, maybe, but I might not if the browser situation is confidently dealt with.
I think it would be useful to write up a technical article on the cache side channel attack and how it is used by meltdown and specte and their different methods of exploit.
Maybe that would shed some light on who needs to worry and why.
I'm surprised the js jit writers have escaped with so little blame for Spectre since in the end it is basically just a process reading its own address space (I'm actually surprised more of these vulnerabilities don't exist since things like proc/dev/run are ripe for abuse).
Why does HN not allow people to question things like this? Any attempt to bring some non hyperbolic view to the topic is continually voted into the ground.
I think it is useful to know that these exploits just might not be as bad as they are being made out to be.
Ice talked to a number of people that don't seem to understand that there are limits on these: somebody cant just start reading data from random programs.
I know what you mean, and I've felt your frustration before.
But as I've learned more about how this community works, I understand that "Why does HN [do this thing I don't like]?" is not a valid question.
HN is a vast community of many different people who think and behave differently.
Sometimes a few more people will downvote your comment than will upvote it, either because they disagree with your point or they dislike the way you expressed it.
But when you complain about downvotes, you lose multiple times over: you fail to contemplate and reflect on how your answer could have been better, you come across like a bad sport, and you break the site guidelines [1].
In this case, it seems like people just disagree with your claim and have explained why in replies.
No big deal, all you need to do is reply politely to demonstrate the correctness of your point.
It is a relatively recent issue. HN was a lot of our escape for Slashdot. But HN has developed the same bandwagony, anticorporate, managers suck, other people are stupid angst.
In the last few months it has become a monoculture similar to Slashdot. The general view has become if you don't agree you must not know what you are talking about (this is seen upthread).
Stories like these allow people to dislike Intel, say it is run by dumb managers, and just generally complain.
You're still making the mistake of extrapolating the entire community's nature from a small sample of comments and votes. It's a common reaction when we feel like our own opinions are being attacked or undervalued but it means we fail to appreciate and value the side that is worthy of our support and appreciation, and we fail to take responsibility for the role we all have in making the site better.
Comments lamenting how much better HN "used to" be have been a constant from not long after it began:
> As a hack for existing CPUs, it's just about tolerable â as long as it
> can die entirely by the next generation.
> Certainly it's a nasty hack, but hey â the world was on fire and in the
> end we didn't have to just turn the datacentres off and go back to goat
> farming, so it's not all bad.
Off-topic, but what is with the "â" in these sentences? Is that just some weird encoding error, or does it actually have meaning?
Probably an encoding error. An m-dash is E2 80 94 in UTF-8. (An n-dash is E2 80 93.) I suspect that the original UTF-8 is misinterpreted as ISO 8859-1 or a similar encoding, where 0xE2 is “â”, and the other two are unassigned or control characters.
It's upsetting that the media and some of the mainstream audience see Linus as a "crank" that only exists to complain and tear people down. Examples like this show how valuable his experience is. I would NEVER ask him to water himself down knowing it would likely make his technical analysis worse.
A lot of comments feel like they are because Linus
I want to observe this is somebody who used to work at Transmeta. They were not a large company, and whilst I don't think he directly did VLSI, he very probably understood the interaction of instruction set, chip level behaviour and upper system (specifically operating system and compiler) implications of what a chip does.
I am interested in his response to Intel on that basis. I'd prefer he was less overtly rude and aggressive about it, but I think he manages to convey a real sense of anger and concern about things: How did Intel arrive at this fix. How did Intel discuss this fix with people who have to modify systems to work with it. Qui Bono.
Someone brings shit to you front door in means that they'd like you to bring it in your house. What are you going to do? Most of us will react on such similarly to Linus.
From what I understand of meltdown and spectre, they use a side channel attack to figure out CPU cache values after some speculative execution has been done. Can it not be solved by ensuring that the CPU either clears or purposefully does not cache memory that is read during speculative execution?
I don't think its possible for a CPU to read memory without going through the cache.
Moreover, the value of speculative execution drops really hard if you can't use any cache, as it means you are restricted to operating only on registers.
The issue isn't that you can read whatever was in/got brought into cache, the issue is that you can tell which part of the cache got evicted and infer values based on that.
The "rant" is an attention getter, no more no less, a bit of theater. Once everyone is paying attention, then the real purpose begins. Yes, there are other ways of doing it, but I would argue that none, are even remotely as effective gaining the necessary focused attention.
Why doesn't Intel just go to Linus and ask politely: "Ok, we f-ed up, here is a million dollars (or whatever, 10x his normal salary or something) can you please work with us tightly for some time? Thank you."
Intel knows how to fix the problem, they don't really need Linus. What they do need is to accept a slowdown for some of their processors, but they are absolutely terrified to look bad compared to AMD in the benchmarks.
Linus is also not actually qualified to solve this problem. He's the guy we need to call bullshit, but as you said, Intel already knows what the problem - and the solution - is. Linus is simply pointing that out (which is certainly good).
Why don't they just work on a proper fix instead? I'm sure Linus would be glad to integrate a proper solution, but it's clear that his opinion is that Intel is instead bringing 'garbage' to the table.
That doesn't mean it's an improper fix. Intel's corporate inability to handle potential fallout does not change that the right/proper fix is to enable security by default.
The only improper thing is that we need this fix at all, but that bridge has been crossed, burned, and dropped into the Mariana Trench, so no going back now.
The difference being Intel/Linus and a government and TdR, who is quite a bit more acerbic than Linus... and the government less tolerant of comments as such.
Still, a good find. Also, Unices! Not a word I've heard before.
Why should they ask politely? It is not like the Linux mailing list would be polite environment.
Nothing against impolite environment, people make case for it daily here and I don't care. But it combined with the standard expectation that when someone else talks to them he should be always polite is getting funny in that context.
If you want something from someone you ask it politely. If you produce BS, you get told you produce BS. I'm guessing it's a cultural thing I'm also guessing you are an American. Americans coming here often tell us we are very direct and it takes getting used to. We often tell Americans we prefer they speak their mind and don't pretend something is great or we are best friends when it isn't the case. I'm from the Netherlands but I'm guessing Linus has his Finnish roots showing from time to time.
Honestly, it's nice in the US to have waiters/waitresses that are nice, it feels insincere but I prefer it greatly to the sometimes outright moody waiters here. It's a culturing thing as well.
If Intel would be sincere, they would just admin they produced BS (Linus is the best person to call BS on such patches) and apologize to Linus for wasting his time and ask how he would like to see the patches.
1.) I am not American. I am also not talking about Torwalds, because as far as I know Linus did not explicitly demanded to be spoken to "politely" (afaik).
2.) Talking politely and talking directly are orthogonal categories. You can be impolite while not direct and also polite while being direct.
3.) An environment in which people just speak their minds and is ok with people being impolite when those feel like it is characterized by everyone speaking is mind or being impolite, not just your hero. Meaning, you will not put emphasis on "be polite" when someone you dont like asks for something.
3.) I am pointing out the difference between how people who are not Torwalds demand that you talk to mailing list and what they defend as "good way to communicate" by people they admire. Because actual openly speaking culture is symmetric.
There's more ways to be impolite than saying nasty words.
Linus had been treating all this situation very fairly so far, but I guess Intel just had to repeatedly try pushing very bad fixes to a problem they created themselves.
Imagine you go to a restaurant, and the waiter just repeatedly brings you the wrong order, repeatedly.
Ad restaurant: I would not be rude to them in that situation. I would refuse to pay wrong food if I would think I don't want to eat it.
If I would be hungry, I would be angry, but I would still not insult them and there is no rational reason to do so. I can control my anger in easy restaurant situatuon like that. At worst, I would leave.
> Imagine you go to a restaurant, and the waiter just repeatedly brings you the wrong order, repeatedly.
I agree with you in general, but that's a bad example IMO. If they are stressed out and make honest mistakes, even if they're totally incompetent and stupid, I would probably laugh harder each subsequent time and assure them it's no big deal, and it would be true. With anyone, but doubly so with anyone who handles my food.
If on the other hand they just didn't care etc., I'd leave at some point and never return. The point at which there would be something to get nasty about is also past the point where it would still make sense to be nasty about it, if you know what I mean.
Not that I think Linus is being particularly nasty, and as I said, I generally agree. But that example rubbed me the wrong way, I just had to speak up, sorry ^^
To me, Torvald's nasty attitude usually nullifies his (unquestionable) technical merits.
There's no excuse to SHOUT, curse, and treat others as imbeciles on e-mail; even less so on fora as public and prominent as the linux kernel's mailing lists.
As much as I decry patronising calls to make tech more "inclusive" and "nice", I must admit that people like Linus are a great argument in favour of that...
So somebody isn't telling the truth here. Somebody is pushing complete
garbage for unclear reasons. Sorry for having to point that out.
As it is, the patches are COMPLETE AND UTTER GARBAGE.
They do literally insane things. They do things that do not make
sense. That makes all your arguments questionable and suspicious. The
patches do things that are not sane.
Is Linus suggesting these patches are so bad that there could possibly be a camouflaged backdoor?
He certainly doesn't think it is a mistake. And that would fall within the spectrum of possibilities, but I would doubt anyone considers that as a probable reason, since it would be stupid to push something like that right now. Like future-destroying stupid.
The whole IBRS_ALL feature to me very clearly says "Intel is not
serious about this, we'll have a ugly hack that will be so expensive
that we don't want to enable it by default, because that would look
bad in benchmarks".
So instead they try to push the garbage down to us. And they are doing
it entirely wrong, even from a technical standpoint.
I'm sure there is some lawyer there who says "we'll have to go through
motions to protect against a lawsuit". But legal reasons do not make
for good technology, or good patches that I should apply.
Yes, finally the engineering community is being divided into two large groups - one that actually focuses one the technical issue at hand and one that focuses on personal insults. Everybody is winning, I suspect?
I wish people in this thread would stop turning the discussion into a straw-man argument about Linus’s language and focus their attention to the technical and security problems at hand.
Some people are easily offended, some people easily offend, some people are direct, some people are indirect - get over it.
What matters here is the quality of the code / workarounds that are being presented, by whom and what alternatives they are.
I'm fascinated by the lack of self-awareness in your comment:
"I wish people in this thread would stop talking about X and talk about Y instead. Anyway, here are my thoughts on X."
Actually, if you pay close attention, nothing is said about X, where X is Linus' language. It's a more general "these sitautions exist, but let's ignore them right now because there's something else to address which is more concrete."
You are correct though, in that the majority of the comment is spent at least dancing around that issue since little of substance was provided on the alternative that they suggest is more worthwhile.
His language is why this particular post is getting such traction. This is what he does. You can't get attention for your bluntness and not have your bluntness discussed.
His language is not particularly new or interesting. His technical point is very interesting, as it exposes a simple question-test for evaluating Intel’s motivations as an outsider.
> I wish people in this thread would stop turning the discussion into a straw-man argument about Linus’s language and focus their attention to the technical and security problems at hand.
Nitpicking, since everyone can tell what you mean, but FWIW, the phrase you are looking for here is someting like "ad hominem" or "tone argument", not "straw man"; that's something completely different.
You're completely correct - I did indeed use the wrong terminology and I've done exactly that before with characterising the change in direction of an argument as a straw-man when as you rightly point out - is not correct. Thanks for politely pulling me up on this, I do appreciate it.
> I wish people in this thread would stop turning the discussion into a straw-man argument about Linus’s language and focus their attention to the technical and security problems at hand.
There wasn't much of a technical and security discussion in what was posted. Linus spent his time writing about his feelings and how hurt they were that someone did something he didn't like. Very little of substance or merit was communicated. If you consistently behave like a petulant child in a leadership role, expect people to gawk at it.
I feel like a lot of people judge Linus by some internal moral compass which just seems pointless to me. If anything is petulant and childish it's trying to control others for not fitting within some arbitrary set of personal rules.
Linus does a good job at maintaining kernel development and often makes sharp technical commentary. By those measures his communication style seems to have been successful and practically helpful so far.
As great as it is to sit in your chair and make snide remarks about him. The Linux Kernel seems to have a proven track record of success under that role
That is to say, it is the largest collaborative software project in human history
No amount of Linus being a "petulant child" can disprove the results of his style
That’s a pretty uncharitable analysis of the situation. The point of the attack are Intel’s future intentions as implied by the patches, and the degree which those intentions are at odds with Intel’s announced guidance.
That seems like a very significant technical and security matter worth discussing, no matter the style of its delivery.
Proper way to fix an hardware bug like this, is that newer cpu gets protected by default, and they answer they are when queried.
So you can ask the CPU "what's your status on bug X" and the cpu answers "i'm good, you don't need to do anything" (newer fixed chips), or "i know about it but was already built, and need microcode update/special behavior to protect myself" (current chips with microcode update), "no answer / I'm not good" (old chips without update).
So new stuff is protected, and you add more protection (and slowdowns, and special stuff) for older chips that don't know how to deal with it.
What Intel is trying to do here, is to go the other way: the chips, even the new ones, will stay vulnerable by default, and when queried they say "I have a fix but I don't use it, you can enable it by asking !" and the kernel is supposed to enable it.
It's terrible for a lot of reasons, like "boot an older os and it's vulnerable since it doesn't know to call this", "additional code to enable this feature has to run for all of eternity for new chips now, instead of having to run for older chips and being phased out over time", etc ...
The reason why Intel does that seems obvious: by default the chip does not lose speed since the fix is not enabled, and so instead of "intel chips lose 30% speed over night because of a flaw" it becomes "intel adds a special security mode that protects you even more for critical applications, at the cost of some speed".
Purely marketing speech and decision at the cost of proper engineering decisions, and they need and try to get OSes like Linux to play along.
That's what he means by "[it] shows intel had no intention of fixing those flaws".
Additionally there seems to be a second issue in that the quality and behavior of the patches they submitted are trying to hide this deceptively simple but technically terrible behavior by making it look/sound obtuse and complicated.
In other words, intel is using its presence and weight to try and push a shitty solution, but one that is better for them marketing wise. Linus is flabbergasted to be treated like an idiot or a obedient drone that should apply such obvious abusive patches.
For a while, they were really the only game in town when AMD was struggling to keep up, performance-wise. Now with Ryzen there's really no reason for me not to switch back. I was an AMD fanboy from the K6-II through a few Athlon revisions.
Linus also says that this shows Intel means never to fix Spectre2. Of course, that would only be their current position -- they could change their minds later. That strongly implies that the decision to disable by default is a marketing decision, but take this with salt -- it could also be a bad engineering decision.
> In other words, intel is using its presence and weight to try and push a shitty solution, but one that is better for them marketing wise. Linus is flabbergasted to be treated like an idiot or a obedient drone that should apply such obvious abusive patches.
I see where the brashness comes from. Shady dealings on Intel's part.
It's not entirely clear to me, but in some of the followup emails it appears that Linus was mistaking the purpose of some patches (or flags at least) due to unobvious naming, but I'm unsure if that significantly alters his criticism. He says it still applies, but is much more muted in tone about it (and whether that's from the original email possibly not being intended to by public or not, I don't know).
This doesn't make sense though. If Intel indeed plans to leave chips vulnerable except if you set a flag, then how are these bullshit patches? This will be the only solution Intel is going to deliver right? I get that he doesn't like it, but that doesn't explain why he feels lied to. If Intel says "we're going to not turn the patch on by default", wherein does he suspect the lie?
He's complaining about their "fix" being terrible, but isn't fully against using it the end since as you said, that's all there is going to be to have the chips work properly.
The reason he refuses those current patches and directly call it a lie/deception is because of what my last two paragraphs related; if you read his message (where the link points to) it's about half way: Intel tries to disguise it by doing it in a convoluted way. Basically they try to avoid making it obvious when looking at the code, because they don't want a "if (intel_chip) enable_fix_because_default_is_broken_on_intel();" and instead pushes something that looks like the kernel needs to do lots of complex stuff [aka, "it's complex, and a fix-on-chip is not enough the kernel needs protection anyway !", and that means a terrible patch with lots of garbage and filler code.
Intel's intention is clear in that they specifically pushes this in the same patchset as the "tell the chip to be secure", trying to mush the two things together to make it looks like it's all the same thing, whereas in reality it should be two patchset: one to enable the security mode, and bad for intel marketing wise. And a second one to add those "fixes" to the kernel, that would be refused because terrible and in part unecessary since retpoline already protects it.
What Linus is saying is "sure I need the first change, but since you're intent on pushing them together I'm refusing them, because the second one is pure garbage, and you mix them together to hide the first".
Eg quotes from said mail to show it's indeed his problem:
> So instead they try to push the garbage down to us. And they are doing
it entirely wrong, even from a technical standpoint.
and
> The patches do things like add the garbage MSR writes to the kernel
entry/exit points. That's insane. That says "we're trying to protect
the kernel". We already have retpoline there, with less overhead.
(what he means here is that they try in their patch to make it look like the kernel needs a special protection, while it already has it through retpoline)
and
> So somebody isn't telling the truth here. Somebody is pushing complete
garbage for unclear reasons. Sorry for having to point that out. If this was about flushing the BTB at actual context switches between different users, I'd believe you. But that's not at all what the
patches do.
(eg "why are you pushing all this crap around to hide what's really happening/need to be executed")
The reasonable expectation would be that Intel fixes one (or both) of the bugs
- In newer CPU's. There should be mitigations against these attacks. That would probably seriously hurt intel by delaying their future processor launches
- In Older/existing CPU's through microcode updates. Bar literally making "fixed" versions of every Intel CPU in the last 10~ years. This is the only way to resolve the issue on existing hardware
Instead of doing that. Intel wants to avoid the much-reported "30% performance hit" by simply saying "Well if you want this FEATURE, you can enable it in your OS!"
Intel is trying to downplay a massive security vulnerability in their hardware as something that OS vendors can just let users opt in/out of
It's not Intel's issue, it's a design flaw per se, affecting _all_ CPUs that use predictive branch execution that has effects on the processor cache, which are pretty much all processors produced in this millenium.
That said, there _might_ be a solution to this problem in a way that predictive branch execution does not need to be removed completely from future architecture, which would be a thing we don't really want to loose, even if it increases safety. During that time, it makes sense to disable it, but not by default. The only implication is that older systems must be patched, which is every admin's responsibility.
> It's not Intel's issue, it's a design flaw per se, affecting _all_ CPUs that use predictive branch execution that has effects on the processor cache, which are pretty much all processors produced in this millenium.
Just because other CPUs have this flaw, doesn't mean this isn't Intel's issue. Regardless of the state of other CPU manufacturers, Intel is producing buggy CPUs.
To be clear: I'm not knowledgeable about this at all, so I could be way off base, but my reading is that he's saying that the patches seem to be doing things that don't make sense (given the information supplied with them) - that is, Intel are trying to sneak in extra fixes or other things alongside without talking about them.
The bullshit part is that Intel is trying to push this as a 'solution'. Linux is incredibly important, so if Linus does not approve of this 'solution', it'll be very difficult for Intel to go through with it (of course, they could also be brash and still do it).
See my second message (next to yours), it's not just that, yes he thinks and clearly says that thissolution is terrible but that's not why he calls them out to be basically liars; this one is because they put useless filler garbage code all around to hide what's happening in their patches.
I think we're lucky to have someone as clear, outspoken and refusing such crap in charge of the kernel.
Part of the problem is Linus doesn't actually understand the different portions of what Intel is doing, and is mixing up IBPB and IBRS. They do different things, and he's thinking they're all part of the same thing.
This could be a sign that these things are poorly written and need to be refactored into something more obvious, or it could be that they're so fundamentally complex that it's going to be difficult to grasp without context.
> "boot an older os and it's vulnerable since it doesn't know to call this"
Presumably the hardware that fixes this is not even available on the market yet. How likely is it that somebody will go out of their way to install an obsolete OS version on their brand new hardware?
The problem is that every fix that you could think for Spectre reduces the performance of the CPU.
So not enabling this by default it's a good choice, Spectre is very difficult to exploit: so if you do critical things you enable the fix, if you use the computer for gaming, video rendering, and things where you don't care too much about security but you care about performance, you don't enable it.
Why not the other way around? You have the fix enabled and if you don't know you get protected by default. If you really know better then you can disable the fix (via a special CPU instruction), because you know you're not running anything critical?
> you can disable the fix (via a special CPU instruction)
The CPU can not be allowed to disable the fix, because then that could be done by an attacker. Therefore the only more secure way is to move in the secure direction, from insecure to more secure.
Nonsense, just make it so that only privileged kernel code can modify this configuration. Tons of CPU configuration parameters already work that way, it's a non-issue.
If for some reason you even want to forbid even privileged code from modifying the config then add an other "lock" bit that forbids subsequent reconfiguration till the next reboot.
Uh no, they would obviously make it so only kernel code can run that, like many other such settings.
And if an attacker can run code at the kernel level it's a non issue, as they're already on the other side of the airtight hatchway anyway [1]: they're in control of the computer and the memory.
Agreed, I keep hearing it's difficult yet user om2 on the webkit team says they were able to come up with multiple attacks internally in the webkit team once they'd heard about the trick [1].
Safari/webkit have since rolled out mitigations to prevent the attacks that they figured out but it puts the lie to the idea that Spectre is only a theoretical attack that we've yet to see an exploit for.
“Retpoline” sequences are a software construct which allow indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches.
The name “retpoline” is a portmanteau of “return” and “trampoline.” It is a trampoline construct constructed using return operations which also figuratively ensures that any associated speculative execution will “bounce” endlessly.
Maybe I wasn't clear. Your explanation and the linked article is very informative, but I wanted to understand what's the "garbage" Linus is talking about. As I said, I do understand retpolines from a high level.
The garbage part is still somewhat beyond my understanding but as I see it he isn't so much talking about the decision to not disable insecure branch prediction by default but rather addressing some very weird behaviour the patches add to kernel entry/exit points. Namely writing to MSRs (Model Specific Registers). This seems non-sensical as the branch predictor shouldn't need screwing with at this stage because the kernel already has retpoline protection. So he is musing there is further ulterior motives here.. perhaps another vulnerability (beyond Meltdown/Spectre) they are getting out ahead of with these very peculiar changes.
He is still ofcourse mad that they don't seem like they want to fix Spectre correctly but that seems tangential to how pissed he is that they are trying to get code merged that clearly does something other than just mitigate Spectre.
Unfortunately this entire thread is derailed with garbage about how Linus talks, rather than the fact he thinks Intel is doing something really fucking dodgy here and we should all try work out what it is.
1) Recent patch submissions imply that Intel has no good hardware or microcode mitigation for spectre-like attacks. There is a sub-complaint that Intel has a bad (i.e. kills performance) fix, but will not enable it by default because benchmarks matter.
2) This series of patches in particular appears to be doing either something different, or more than what their descriptions imply
These patches do various things, presumably to manipulate the opaque internal state of the CPU, but only Intel knows for sure precisely what they do.
> Intel has no good hardware or microcode mitigation for spectre-like attacks
I was under the impression that for at least one category of attack, there is no hardware mitigation possible because it's a fundamental problem with the x86-64 design. Fixing it would require building a chip that uses some other architecture. Is that not the case?
That's not exactly true. You could build an x86-64 chip without these flaws, but it would require a new internal architecture with a lot more silicon.
One obvious approach would be to have two caches per core. Speculative execution would use a different cache than normal execution. If the speculative action is committed to, it swaps which cache is the normal one and which is the speculative one. Then you'd also need to flush the branch predictor on context changes. And a few other issues.
Nothing that's impossible to do, but it would require a huge amount of new design and a lot more silicon just to maintain the performance of current chips without mitigation.
It will very probably not be double caches and nothing that kind of order for requested new silicon area. Its only an annoyance because the design are not gonna change for solid Spectre resistance (at least for its currently known versions v1 and 2) for the next chips, because their design are already complete since month if not years, and yes, that would be very significant changes. But separating the caches? Never gonna happen. Anything taking the same space as separating the caches? Never gonna happen, and actually not needed.
Yes a solid Spectre fix will obviously make designers rethink their microarch in some deep aspects. But somewhat good mitigations should be available as soon as the next chips, and off-by-default is completely utterly insane. The OS is not part of the platform (except in some special cases that can disable the mitigation for performance if they like), and the platform is supposed to be retro-compatible, maybe not perfectly but reasonably. Ok it has already been somewhat less true than before in the few recent year, but lets not encourage that behavior. So shipping new CPU that are broken by default but can be somewhat less broken as an opt-in is an attempt to mask the level of the fuck-up, or maybe to avoid the creation of a new stepping. We should not tolerate that from Intel, a stepping is expensive but they have the money to do it.
My point was solely that there are ways to preserve x86-64 as an ISA, and listed the single most obvious way to go about it. I never suggested that it was the best solution, or that those changes would be made any time soon, or that Intel's behavior has been anything but atrocious.
I'm no chip designer, but maybe a 'small' speculation cache which allows quick moving to the real caches might be better just in terms of less cache needs. If there's not enough space then you can't speculate farther, and that's that.
Of course, that'd probably need more complex logic to manage this new cache, which makes things more difficult. Then again, not sure how two caches interacts with potential speculation across multiple branches (does Intel even do that?)
It may interest you that a virus which kills its host won't spread as well as viruses which co-exist. This is basic from epidemics transmission rate. The longer an infected host keeps spreading the infection on, the more individuals will be infected. If the host is killed it will no longer spread the infection and therefore the infection may infect fewer hosts and this reduction in transmission rate alone may prevent a major outbreak.
In nature, we usually only consider two success metrics: hosts infected and hosts killed. To maximize hosts infected, keeping the host alive and transmitting is very successful, so the most successful examples are those we barely even take note of (common cold, intestinal worms, etc.). To maximize hosts killed, in the physical world you either need a long incubation period where the host stays alive and transmitting (AIDS) or agressive transmission methods that humans have been getting quite good at shutting down (with the exception of transmission by mosquito).
In the world of digital viruses traditional metrics can apply too (Ransomware is measured by hosts "killed", botnets by hosts infected), but those are no longer the only interesting metrics. A virus that spreads within a certain IP block and one month after inception bricks everything it can reach might be regarded as highly successful, despite killing itself in the process.
I suspect it has more to do with the American culture. Every time I watch something American, be it a TV show or YouTube from a big name, things are constantly bleeped out or you notice they don't mention swear words. It's super annoying - either accept it and stop beeping, or stop swearing all the fucking time. It's also not as if you have no idea what that beep meant.
>Not doing the right thing for meltdown
would be completely unacceptable.
Like not patching it at all. Like selling new ARM Chromebooks with no plans to ever patch meltdown in the firmware or kernel. Because that's what Google+Partners is doing with Rockchip Chromebooks AFAICT.
I did that. We've observed over the years that celebrity names in titles tend to make for poorer discussion. HN is better when the focus is on content rather than personalities.
That's a good blanket rule, but Linus' comments are uniquely important. He is a subject matter expert and context is important regarding who is doing the yelling. This isn't some celebrity who is famous for something irrelevant.
Am I the only person who finds this extremely difficult to read? The top says "David wrote" and then it looks like he's replying to a message from Linus Torvalds. So any quoted text is by Linus, right? But then....the letter is signed by Linus? So who wrote it? I know this is some ancient technology but Jesus, the user interface is horrendous.
Probably depends on how old you are. To me it was completely obvious and much, much clearer than most 'modern' user interfaces. Every person replying prefixes each line with > . Proper email clients do this automatically. This way you can tell from the number of >'s how far back on the 'stack' you have to go to know who wrote it. You start reading from the top, mentally associating an indent level (nr of >'s) with a person/email address. It's easy to follow any mail with up to say 3 or 4 different people; after that it takes some thinking sometimes, in long emails.
I'm actually surprised at the number of people here complaining about the legibility. This is absolutely basic knowledge; or maybe I'm just even older than I imagine myself to be. How can someone who can't even figure this out write software? (I realize that not everybody on this site is a programmer nowadays, but still)
People live in Slack and github today. The last time I had an actual conversation via email was probably 2 years ago.
It's rather refreshing to see the Linux kernel keeping the tradition of using mailing lists. Every company I've worked at has felt the need to gather a bunch of people in a room (or teleconference) and "knock things out" in real-time. Then, everyone leaves and develops a severe case of amnesia. Never mind that for technical debates you really need some time to think and reply in detail. Which Slack is not good at, but... surprise, email is. But alas, it's "too old."
I find people to be completely befuddled when I use bottom posting, with interleaved posting faring only a tad better.
The worst part being Exchange/Outlook users whose quoting system is braindead and has the uncanny power to routinely throw off any form of automated top-posting quote folding detection, making for a terrible reading experience in MUAs that support threading properly, as well as said users making heavy use of a Word-afflicted form of interleaved posting that consists of using colors and sizes to reply inline within the quoted part. On the same line no less.
Please for the love of all that is holy could someone in vicinity of the Outlook team add support for "quote-this-selected-text" and "{in,de}crease-quote-level" as well as prefixing the full-quote with a proper marker instead of going full-on Z̭͕͕͘a͠l̛̬̮͇g̪̩͜o͏̹͚̯͖̜ͅ.
There isn't a week that passes where I don't miss Google Wave. It was a bit bloated, and javascript engines weren't quite up to speed for it (it was practically unusable on FireFox), but I still believe it was the best chance at an email evolution that we'll see in our lifetimes.
It's easier to read in a proper email agent, which usually color-code quotation levels, allows quotation collapse, and similar things. But that means you're an old fart reading their email in an actual, dedicated application instead of some webmail :)
The issue I have with most mailing list interfaces like this is how difficult it is to find context. This post is a perfect example, it's pretty easy to find David's email by clicking the "In reply to:" link but I've been searching for a good 10 minutes and I still can't find Linus' original email. Going to "Messages sorted by: [ thread ]" doesn't show it, going to "Messages sorted by: [ date ]" and looking for emails sent around 2018-01-21 11:34 doesn't show it, and short of searching through every single one of Linus' emails I don't really know how to find it.
I don't know, I'm 27 and a C++ programmer and found it difficult to figure out who's talking at the time. I'm just more used to more modern forums where each "block" is wrapped in quote tags with signature on top.
Well, "modern" technology does this too; Markdown quoting on many sites works exactly like that - the only difference is that mailing lists prefer not prettifying messages. This email would look like this if copied directly to Reddit (and GitHub):
"All of this is pure garbage. Is Intel really planning on making this shit architectural? Has anybody talked to them and told them they are f*cking insane? Please, any Intel engineers here - talk to your managers."
David Woodhouse replied with:
If the alternative was a two-decade product recall and giving everyone free CPUs, I'm not sure it was entirely insane."
The rest is written by Linus, with all further quoted segments being something David Woodhouse wrote.
> "the user interface is horrendous"
The user interface is perfectly clear if you know how to read it.
Someone did take that tone with him. Granted, it was Linus himself, but still, he is someone and he did it.
"In fact, it seems to be such a fundamental bug that I suspect I'm entirely wrong, and full of shit. So it's an interesting and not _obviously_ incorrect theory, but I suspect I must be missing something." [1]
And it is funny. And I respect that he is equally blunt when speaking of himself.
> Am I the only person who finds this extremely difficult to read?
I found it clear in this case.
I'm often confused by mailing lists and nobody in the HN thread mentions anything, but this time it was 100% clear to me on the first read and I see lots of complaints.
The first reading I had the same trouble, but you should watch the >> (Linus's previous post) and > (David's post) to figure out who said what. And this post is by Linus replying to David.
Said current patches haven't been merged. Just posted to the mailing list for review.
Retpolines for Spectre, and PTI for Meltdown, are still in the kernel. Linus doesn't have too much disagreement with them. It's the IBRS / IBPB code for Intel's CPUs that Linus has a problem with.
Also, not everything can be mitigated in microcode, for many reasons, not all of which I understand myself. Sometimes, only a fundamental hardware-redesign can fix the issues proper.
Well, for one thing, modern CPUs aren't microcoded much. Real microcoded CPUs went out with the 1980s. The microcode in today's fast CPUs is mostly initialization, and maybe emulation support for some instructions nobody uses any more, like decimal arithmetic or 16-bit mode. The microcode can maybe turn some stuff off and tweak some tuning parameters. Anyone know what Intel's "fixes" really do?
All instructions that decode into more than four micro-ops still go trough microcode. Typically 5% of micro-ops are still coming from the microcode sequencer even in modern architectures.
Compiler has large effect. Common operations like CALL and PUSH go trough microcode even in m64 but there are alternatives. Many floating point operations have assists. Nonoptimal memory alignment might go trough microcode.
Wat? All the major hardware manufacturers from Intel to the hundreds of no name ARM licensees fix and cover up major issues in silicon with fixes in microcode (unless most chips from a particular mask/process are too screwed up, see Intel's 7nm process).
Doing otherwise would throw the onus onto kernel maintainers for Windows, Linux, and the various BSD distros, and they don't want a crapton of one off fixes for the plethora of CPU errata that Intel and others patch in microcode.
Really abusive language. There are ways to communicate his objections to the patches with extremely strong language WITHOUT resorting to abusive language.
I wouldn't tolerate anyone treating me like this. There are unseen consequences to a wild tongue.
In my country, if someone brought me something terrible, in a professional environment, I would tell them it's bullshit, and go try again. And that would be fine and dandy, and expected. (I'd expect the same treatment of myself. And it has happened.)
I get the feeling, that in the US, you can't criticise. You have to use some political language to say you like it, whilst meaning you don't.
Linus is Finnish. He says what he means. And it's expected, and entirely acceptable.
There are a handful of nations around the world, where saying exactly what you mean is far more valued than trying to preserve whatever emotion someone has invested into their work.
As a Kiwi, living in Australia I totally agree and understand, during code review in ops if something crap - I’ll things like ‘hmm, this looks a bit crap, maybe refactor for improved readability?’ Or ‘this has code smell written all over it, we can’t accept this kind of quality into production’ - I could just as easily say ‘Ross, this is shit - just rewrite it’ and my not so hypothetical Ross in this situation would read that - probably laugh, agree and rewrite it the next day OR ask for clarification stating why he doesn’t think it’s shit.
My point is, what matters is the product, the code, the result and the quality there of. The communication around it is entirely based on the relationship and expertise of those around you.
Question is, is it constructive? Does ranting really yield better results than just stating the facts (both short term for fixing the problem and long term for working together)?
It might work for Linus on the LKML, but it certainly doesn't for everyone and in all circumstances.
> It might work for Linus on the LKML, but it certainly doesn't for everyone and in all circumstances.
Exactly, it's cultural.
And, I wouldn't call it ranting. If you look at Linus' famous examples of this, he may first call it bullshit (calling it as it is), and then he goes on to explain why it is, and usually also explains how to polish the turd into what it should have been.
It certainly works in my experience, having been on both ends of this sort of communication.
It tells you that your quality has fallen well and truly below the expected level of output.
But it isn't something held against you either. Because in these same cultures, it is okay to make a mistake, even costly ones. Because they make you better.
I've shown you that what you made is crap, and why it is crap. So now I know that you know that sort of thing is crap, and will strive to make something better. And you also know I won't turn around tomorrow and remind you of it, because you're passed it. Probably not even in jest.
Do you think Linus would get a maximally friendly reception if he said:
> You clearly mean well. Your heart is in the right place. Thank you so much for all your hard work. There's this weird thing going on where it seems like a bunch of patches experiencing opportunity for improvement are being pushed. These patches also could maybe be better explained.
> I don't understand. Can you help me understand, so we can fix our problems together? Again, thank you so much for your hard work!
And, incidentally, does the above not just drip insincerity to you? It does to me, and I know how powerful the Dale Carnegie-esqe "complement sandwich" approach is.
Linus is justifiably angry at someone screwing with code he is responsible for in ridiculous ways, without any real explanation of why a ridiculous approach was chosen. He's maybe a smidge less than fully satisfied with either point. The person in question really should know better on all points.
Thank you for saying so and well spotted! You're absolutely right. There is very much a large middle ground.
Is it possible that a middle ground of politely offering carefully tempered criticism might exist? It certainly does! Is it possible that it could potentially lack the same impact as the approach Linus used? This strikes me as also possible. My experience to date is that polite criticism carefully wrapped to avoid being upsetting in any way to someone emotionally invested in their work is often not received with the intended level of urgency.
I'm sure that's just my total ignorance and lack of social graces. Can you please help me understand better?
In my experience being aggressive or patronising tends to cause people to become combative which in turn makes them (subconsciously or otherwise) less likely to actually understand the point you're trying to make and more likely to waste time trying to convince you of their point. I find that presenting your case in a calm and relatively neutral way (note not "wrapped to avoid being upsetting in any way ...", that's a false dichotomy in my opinion) tends to be the most effective approach overall.
To me you'd get a better response from Linus if your patch wasn't some corporate garbage with ulterior motives. If the person who posted the patch had actually offered a solution that wasn't a pile of crap then there could be a dialog regarding ways to improve.
Run through the Linus drama filter, the only thing I get from this is "Linus doesn't like the Meltdown/Spectre patches'; Linus having issues with a patch is, well, not particularly newsworthy. Is there something more significant here than a bad first go at this?
I don't completely understand the technical issues, but reading between the lines I think the patches in question add super huge overhead. The overhead is so huge that nobody in their right mind would enable them by choice. However, the behaviour is governed by an opt-in configuration at boot time. What this means is that by default the patches will do nothing but if you opt in, you will get a huge performance hit.
The end result is that Intel can say, "We've fixed the security holes". Linus can apply the patches and say, "I've fixed the security hole". However no distribution will enable it because they will suffer from a massive performance penalty if they do. The end result is that the security hole will remain, but the average person/manager/etc will not be aware of it.
As far as I can tell Linus is calling that out as being complete BS. From what I can tell, his reasoning is that if there needs to be a performance hit, then Intel can eat it. They will have to get their act together and fix the problem in upcoming processors or else basically nobody will buy them. The implication is that Intel has no intention of fixing the problem in the next generation of processors and is hoping to sweep it all under the rug -- they have a fix. It's not their fault if nobody enables it.
The situation is a bit delicate because if Linus forces the Intel processors to be slow, then Intel will blame him -- their patches are only slow if you opt in to some completely-not-understandable-kernel-patch-option. He's basically refusing to play ball at all -- which is probably the correct stance (assuming I understand what's going on -- insert disclaimer about being a random person from the internet here).
I don't think Linus is necessarily blaming anyone in particular. That's why he says the reasons behind the patches are unclear. I think he's hoping that causing bad publicity will get Intel to abandon their tactic of being politically careful. Getting slagged of by Linus carries a certain stigma and Intel may consider it prudent to offer up information more quickly in order to stem the damage.
Particularly interesting; the opt-in creates an incentive for OS vendors to comply, as being the only platform to go all-in would create an impression to the end user of poorer performance using your product.
But are we talking about fixing it on current chips or future chips? If the former I understand Linus’ position only if there is a better solution. But if it is a hardware problem it may not. If we are talking about future chips, I thought that the fix even on 7th and 8th generations had a low overhead. Why would it have a bigger overhead in future designs?
> I thought that the fix even on 7th and 8th generations had a low overhead.
One of the fixes slow down kernel syscalls by a significant amount. So much so that your IO will be heavily affected. Intel is mostly responding is dishonest ways, e.g. showing the impact on CPU-only benchmarks.
The current patches do have a significant impact!
What someone else explained here is that due to the heavy impact, it seems Intel isn't planning to fix it in future CPU's. Basically a "if you are super security minded enable that special slow secure mode Linux has where they slow down your performance". Meaning, blame Linux/your requirements not Intel.
To be honest, unless there is a better solution (and I don't think I heard anyone suggesting that Intel could have mitigated it in some other way in older chips), I think it makes sense to make the fix optional.
The vulnerability as I understand it doesn't affect everyone in the same way. Save for the javascript vector which can be easily mitigated (and will be), most consumers and single tenant servers aren't really affected (if you have rogue code executing in user mode, access to kernel memory is the least of your worries, it will have encrypted your data and made your device a spam or DDOS bot before). The risk is really in a large organisation where you need to be resilient to one machine going bad, and in a multi-tenant infrastructure (cloud / hosting providers).
I don't really get the blame game that seems to be at stake here.
What some have offered up as the ideal approach is to make the fix optional, but default to on.
There might be some level of concern for the consequences of adding to the patch-maintenance load of technical organizations. Already, IT groups and application maintainers cannot always be fully relied upon to have their machine fleets and libraries up to date.
It's also possible that an unpatched machine might suffer from some risk in the form of a significant privilege escalation vulnerability here. Some might opine that any such vulnerability should be closed off wherever possible, as there may be other threats than cryptolockers or botnetting.
> See the difference between IBRS_ALL and RDCL_NO. One implies Intel will fix something. The other does not.
I think that's a pretty interesting claim on his part. I can't weigh in too much on the evidence to support this claim, but it's certainly more than just a rant it seems.
> Linus having issues with a patch is, well, not particularly newsworthy.
Why not? The lead engineer of the linux kernel project has specific issues with security patches from a major hardware vendor.
I understand the constant distaste that some users here have with Linus' style, but I don't understand the constant need to denigrate his positions by attempting to paint them as particularly diminutive.
I also have zero criticism of Linus for his style. However to be fair, the point being made by GP is I think that if the frequency of severe patch criticism by Linus is high enough ("not newsworthy"), then the information content of all his criticisms is reduced accordingly.
David Woodhouse works for Amazon. He previously worked for Intel.
It is a series of patches from engineers at both Intel and Amazon. Linus was replying to an in progress discussion where people that are working on the patches are discussing things.
There's some disagreement between the people working on the patch series (which is what Linus jumped into), but Linus also seems to be misunderstanding some fundamental things about the nature of the patches to begin with. (Reading the rest of the thread is more informative, but less entertaining, than just the bit with Linus yelling about things)
Intel will make a fix but the fix will be disabled by default as that results in the best performance numbers, those that will be reported in the media.
When you want to use the CPU in the cloud, you have to enable the fix and get much lower performance. But nobody in the media will care about that as they have the nice performance numbers and therefore Intel don't care to implement a fix with high performance.
I get that Linus is adored for "rejecting political correctness" or "speaking truth to power", but this email just shows how little such rants can achieve: he makes almost no argument, relying on his authority instead.
i'm actually not quite sure what he's trying to achieve... There's no chance that a patch will make it into the kernel against his objections, so he doesn't really need to convince anybody.
If he's trying to make a case against Intel, he's unlikely to succeed with the digital version of screaming expletives at people.
I have absolutely no "moral" objections against the use of all the FUCKING BULLSHITS anybody wants. But there's a reason this style isn't used more often in politics/law/philosophy or any other profession trying to change peoples' minds: it really doesn't work.
If anything, these rants show that Linus is unable to effectively use language to make his arguments. It makes him appear small, weak, and angry.
Are we reading the same thing? He states very clearly the specific technical issues and behaviour from Intel that he perceives to be "FUCKING BULLSHIT".
>> But there's a reason this style isn't used more often in politics/law/philosophy or any other profession trying to change peoples' minds: it really doesn't work.
The United States has a president who literally just did that for an entire year.
Furthermore, we are left to wonder if Microsoft is also being fed “bullshit” patches, and if they may be less discerning than Linus regarding a proper solution.