Linus Torvalds on the Need for Rebootless Patching
Linus Torvalds is the creator and original developer of the Linux kernel. So when he has something to say about the future of software and cybersecurity, it’s wise to listen.
Recently, at the KubeCon + CloudNative + Open Source Summit China in Shanghai, Torvalds warned of forthcoming challenges in the world of managing software. At the root of these challenges, he said, are two hardware issues that are causing DevOps teams major headaches.
Firstly, Torvalds pointed to the looming issue of Moore’s Law exhausting itself. For decades, processor vendors have relied on hardware performance doubling every year or so. But Moore’s Law will soon soften, and this rate will slow down. When this happens, developers will have to use innovative code, not hardware, to keep increasing performance.
More pressingly, Torvalds identified the cybersecurity problems linked to the speculative execution model that Intel and other processor vendors use. This model is what has opened the door for malware vulnerabilities such as ZombieLoad, Fallout, Spectre and Meltdown. These issues have caused consternation amongst the Linux community.
Countering Linux Vulnerabilities
Torvalds pointed out that the only way to counter such vulnerabilities is to patch the Linux kernel, and that for most organizations, such patching is a painful process. This puts organizations in a Catch-22: Wait to slot the new patch into their rebooting cycle, which means remaining insecure for weeks or months. Or drag everyone in at the weekend, on short notice, to perform an emergency reboot, risking downtime and unforeseen issues.
The Importance of Live Patching
Torvalds didn’t mention KernelCare by name, but what he is advocating is the importance of live patching. The vulnerabilities will keep coming, he said, which means the patches will keep coming. DevOps teams need a better process than constant reboot cycles; they need a way to react to the stream of new patches that is efficient and low-stress. This is precisely what a live kernel patching service like KernelCare offers.
Torvalds has always had a talent for accurately predicting the future of Linux, and of software development. He has been right before, and he’s right again here: live patching is becoming a must-have for any DevOps team that wants to survive in the current era.
Continue reading: Three Big-Name Data Breaches