Jump to content


Photo

Masturbating Monkeys


  • Please log in to reply
19 replies to this topic

#1 slimdog360

slimdog360

    Primarch

  • Atomican
  • 1,515 posts

Posted 10 September 2008 - 07:58 PM

http://www.networkwo...ity-circus.html

While Linus makes some good points, he still can't get out of the habit of sounding like he has his head up his arse.

I for one welcome our new chicken overlord.


#2 Waltish

Waltish

    Guru

  • Hero
  • 14,219 posts
  • Location:Cooya Beach FNQ

Posted 10 September 2008 - 08:09 PM

http://www.networkwo...ity-circus.html

While Linus makes some good points, he still can't get out of the habit of sounding like he has his head up his arse.


Shouldn't you be posting this bile in the windows section.

He makes perfect sense with what he said.

? After All This Time ?

 

.....<--{ Always }-->


#3 TheSecret

TheSecret

    Champion

  • Banned
  • 6,301 posts

Posted 10 September 2008 - 09:20 PM

Linus is not the person to listen to regarding security vulnerabilities.
The most difficult subjects can be explained to the most slow-witted man if he has not formed any idea of them already; but the simplest thing cannot be made clear to the most intelligent man if he is firmly persuaded that he knows already, without a shadow of doubt, what is laid before him. - Tolstoy

#4 Waltish

Waltish

    Guru

  • Hero
  • 14,219 posts
  • Location:Cooya Beach FNQ

Posted 10 September 2008 - 09:30 PM

Linus is not the person to listen to regarding security vulnerabilities.


Yah of course you would be in a position know better than Linus, we should just disregard what Linus says I mean he only wrote an OS kernal then got others to join in and he now Is the man in charge of developing the kernal in the fastest growing OS.

WTF would Linus know about how security relates to the Linus er GNU/Linux OS.

? After All This Time ?

 

.....<--{ Always }-->


#5 TheSecret

TheSecret

    Champion

  • Banned
  • 6,301 posts

Posted 10 September 2008 - 09:39 PM

Yah of course you would be in a position know better than Linus, we should just disregard what Linus says I mean he only wrote an OS kernal then got others to join in and he now Is the man in charge of developing the kernal in the fastest growing OS.

WTF would Linus know about how security relates to the Linus er GNU/Linux OS.


I did not say that I know better than Linus, but many other developers who actually work with security, are in a position, and I trust their opinions far more in relation to security matters. Linus is a developer first and foremost, and security has never been a priority for him.

Also, you misused the term GNU/Linux. That term, if it is even worth using, should be used to refer to a kernel running GNU software, not to refer to the kernel by itself.
The most difficult subjects can be explained to the most slow-witted man if he has not formed any idea of them already; but the simplest thing cannot be made clear to the most intelligent man if he is firmly persuaded that he knows already, without a shadow of doubt, what is laid before him. - Tolstoy

#6 Waltish

Waltish

    Guru

  • Hero
  • 14,219 posts
  • Location:Cooya Beach FNQ

Posted 10 September 2008 - 10:01 PM

I did not say that I know better than Linus, but many other developers who actually work with security, are in a position, and I trust their opinions far more in relation to security matters. Linus is a developer first and foremost, and security has never been a priority for him.

Also, you misused the term GNU/Linux. That term, if it is even worth using, should be used to refer to a kernel running GNU software, not to refer to the kernel by itself.


Thats why the term GNU/Linux has the letters OS after it to indicate I was saying GNU/Linux Operating System which in fact is a Linux Kernel running GNU software.

We all know Monopoly Stuff's OS cant get by without an army of security bods keeping an eye on it and much noise about security being made.

But the Linux kernel developers while taking appropriate security measures need not get as alarmist about it, which is basically what Linus was saying.

? After All This Time ?

 

.....<--{ Always }-->


#7 TheSecret

TheSecret

    Champion

  • Banned
  • 6,301 posts

Posted 10 September 2008 - 10:09 PM

Thats why the term GNU/Linux has the letters OS after it to indicate I was saying GNU/Linux Operating System which in fact is a Linux Kernel running GNU software.

We all know Monopoly Stuff's OS cant get by without an army of security bods keeping an eye on it and much noise about security being made.

But the Linux kernel developers while taking appropriate security measures need not get as alarmist about it, which is basically what Linus was saying.


He is advocating security through obscurity, and suggesting getting rid of security updates, and jus thave updates. Which I think is stupid. I have always respected Linus's technical, neutral and well crafted to the point answers, but his opinions on security are immature. I think this is best evidenced by LSM.

He is also taking a shot at among others, the OpenBSD developers, for no reason.

You were talking about Linus, in context as the devloper of Linux, so how does GNU/Linux apply?
The most difficult subjects can be explained to the most slow-witted man if he has not formed any idea of them already; but the simplest thing cannot be made clear to the most intelligent man if he is firmly persuaded that he knows already, without a shadow of doubt, what is laid before him. - Tolstoy

#8 Waltish

Waltish

    Guru

  • Hero
  • 14,219 posts
  • Location:Cooya Beach FNQ

Posted 10 September 2008 - 11:32 PM

He is advocating security through obscurity, and suggesting getting rid of security updates, and jus thave updates. Which I think is stupid. I have always respected Linus's technical, neutral and well crafted to the point answers, but his opinions on security are immature. I think this is best evidenced by LSM.

He is also taking a shot at among others, the OpenBSD developers, for no reason.

You were talking about Linus, in context as the devloper of Linux, so how does GNU/Linux apply?



Security through Obscurity is not what he was advocating at all , the term Security through Obscurity was used by some folks to claim that Linux is secure because no one uses it so no one attacks it.

Linus was just saying less hoohaa about security and more concentrating on the code is better and more productive, as in its better to just fix it rather than do a song and dance about it.

I am sure that if you read carefully the article you will see he had his reason for what he said about the BSD devs , maybe not a valid reason to you or someone else.

? After All This Time ?

 

.....<--{ Always }-->


#9 TheSecret

TheSecret

    Champion

  • Banned
  • 6,301 posts

Posted 11 September 2008 - 12:14 AM

You make very little sense. But, what do you know? The ignore feature has a use, so V3 is not all bad.
The most difficult subjects can be explained to the most slow-witted man if he has not formed any idea of them already; but the simplest thing cannot be made clear to the most intelligent man if he is firmly persuaded that he knows already, without a shadow of doubt, what is laid before him. - Tolstoy

#10 Waltish

Waltish

    Guru

  • Hero
  • 14,219 posts
  • Location:Cooya Beach FNQ

Posted 11 September 2008 - 12:19 AM

You make very little sense.

But, what do you know? The ignore feature has a use, so V3 is not all bad.


So hurry up and use the ignore feature.

Though it is probably just for messages, but rest easy its unlikely that I will ever message you.

? After All This Time ?

 

.....<--{ Always }-->


#11 iamthemaxx

iamthemaxx

    Super Hero

  • Super Hero
  • 29,287 posts
  • Location:(Check Length)

Posted 11 September 2008 - 12:24 PM

Feel the love!

#12 slimdog360

slimdog360

    Primarch

  • Atomican
  • 1,515 posts

Posted 11 September 2008 - 12:35 PM

http://xkcd.com/386/

I for one welcome our new chicken overlord.


#13 bastard

bastard

    Champion

  • Atomican
  • 6,917 posts

Posted 11 September 2008 - 01:30 PM

Sounds like a good way to just hear what you want without objection...
Catfood. Good for cats. http://gamercard.xbo.../bastidius.card

#14 Waltish

Waltish

    Guru

  • Hero
  • 14,219 posts
  • Location:Cooya Beach FNQ

Posted 11 September 2008 - 01:43 PM

Feel the love!


Are you a Hippy ?

? After All This Time ?

 

.....<--{ Always }-->


#15 wilsontc

wilsontc

    Champion

  • Atomican
  • 4,242 posts

Posted 11 September 2008 - 06:36 PM

What a fool. He should be encouraging all contributors to the kernel to think about making their code secure, rather than just ragging on people who fix issues. OpenBSD, and to a lesser extent NetBSD, understand that security isn't something that you bolt on, but something that is maintained with careful code. Linus' law states that "Any bug is shallow if given enough eyes". This should include security issues, but because there are so many Linus worshippers out there, they take his word as gospell. If only Linus was a little less egotistical, and a little more sensible. Then maybe newbie coders would think more carefully about security when developing their patches, rather than waiting for other people to come in with another set of patches.
emccat, Sep 23 2008: you could build like 40 probably more space shuttles or reserch a new type of ion drive (i mean i have come up with a working in theory proptype design AND IM 14) i mean really you'd think that you'd try to settle on the moon at least for all the minerals and crap there.

#16 Linux_Inside V2

Linux_Inside V2

    Guru

  • Atomican
  • 16,187 posts

Posted 11 September 2008 - 10:37 PM

If only Linus was a little less egotistical, and a little more sensible.

He's human, and this isn't about money so he doesn't need to care about a public image to get in the way of his true personality

He really means that we don't have to trumpet on about security issues and publish the exploit information to the entire world like everyone loves doing at the moment

Security issues should be a bit more discrete, telling the whole world about a security exploit is a bit irresponsible IMHO

One reason I like Linus is because he's such an utter tool and an arrogant cunt to boot - just like me!

#17 TheSecret

TheSecret

    Champion

  • Banned
  • 6,301 posts

Posted 11 September 2008 - 11:05 PM

The standard procedure at the moment is to tell the vendor of the problem, have the vendor issue a patch, and then tell people about the problem, or if the vendor does not release a patch given adequate time, disclose the problem to a mailing list. This method is fair on the vendor, and the users, and puts accountability where it belongs. How is getting rid of that system, and just including security bugs in with all the other bugs an improvement?
The most difficult subjects can be explained to the most slow-witted man if he has not formed any idea of them already; but the simplest thing cannot be made clear to the most intelligent man if he is firmly persuaded that he knows already, without a shadow of doubt, what is laid before him. - Tolstoy

#18 Waltish

Waltish

    Guru

  • Hero
  • 14,219 posts
  • Location:Cooya Beach FNQ

Posted 12 September 2008 - 02:02 AM

The standard procedure at the moment is to tell the vendor of the problem, have the vendor issue a patch, and then tell people about the problem, or if the vendor does not release a patch given adequate time, disclose the problem to a mailing list. This method is fair on the vendor, and the users, and puts accountability where it belongs. How is getting rid of that system, and just including security bugs in with all the other bugs an improvement?


You really need to read both pages of that article you will find it not quite the way you describe it.
Here I will give every one a click free way to read both pages themselves.


-------------------------------------------------------------

Last month Torvalds stated in an online posting that "one reason I refuse to bother with the whole security circus is that I think it glorifies -- and thus encourages -- the wrong behavior. It makes 'heroes' out of security people, as if the people who don't just fix normal bugs aren't as important. In fact, all the boring normal bugs are way more important, just because there's a lot more of them."

Never one to mince words, Torvalds also lobbed a verbal charge at the OpenBSD community: "I think the OpenBSD crowd is a bunch of masturbating monkeys, in that they make such a big deal about concentrating on security to the point where they pretty much admit that nothing else matters to them."

This week Torvalds -- who says the only person involved in the OpenBSD community with whom he talked to about the "monkeys" barb found it funny -- acknowledges others probably found it offensive.
Via e-mail, he also explains why he finds security people to be so anathema.

Too often, so-called "security" is split into two camps: one that believes in nondisclosure of problems by hiding knowledge until a bug is fixed, and one that "revels in exposing vendor security holes because they see that as just another proof that the vendors are corrupt and crap, which admittedly mostly are," Torvalds states.

Torvalds went on to say he views both camps as "crazy."

"Both camps are whoring themselves out for their own reasons, and both camps point fingers at each other as a way to cement their own reason for existence," Torvalds asserts. He says a lot of activity in both camps stems from public-relations posturing.

He says neither camp is absolutely right in any event, and that a middle course, based on fixing things as early as possible without a lot of hype, is preferable.

"You need to fix things early, and that requires a certain level of disclosure for the developers," Torvalds states, adding, "You also don't need to make a big production out of it."

Torvalds also says he doesn't care for labeling updates and changes to Linux as a security fix in a security advisory.
"What does the whole security labeling give you? Except for more fodder for either of the PR camps that I obviously think are both idiots pushing for their own agenda?" Torvalds says. "It just perpetrates that whole false mind-set" and is a waste of resources, he says.

It's better to avoid sticking solely to either "full and immediate disclosure" or ignoring bugs that might embarrass vendors, he points out. "Any situation that allows the vendor to sit on the bug for weeks or months is unacceptable, as is any situation that makes it harder for people who find problems to talk to technical people."

Torvalds says he's skeptical about the value of synchronized releases among vendors that favor the idea of an embargo of software vulnerability information until a fix from a vendor is ready.

That process discourages thinking about design changes to make it harder to have security bugs, Torvalds says. "So, the whole 'embargoes are good' mentality is just corruption from the vendors," he states. "But on the other hand, disclosure should not be the goal."

"I don’t believe in either camp," Torvalds concludes. What he does favor is to "have a model where security is easier to do in the first place -- that is, the Unix model -- but make it easy for people to report bugs with no embargo, but privately."

He says the Linux kernel security list "is private" in the sense that "we don't need to leak things out further" to get some software issue fixed. He says the process allows, though doesn't encourage, a five-day embargo, and "even then, I will forward it to technical people on an 'as needed' basis, because even that embargo secrecy is not some insane absolute thing."

----------------------------------------------

Should go to the site there are links in the story that help with context.

http://www.networkwo...ity-circus.html

? After All This Time ?

 

.....<--{ Always }-->


#19 Lazzarus2nd

Lazzarus2nd

    Overlord

  • Atomican
  • 3,556 posts

Posted 12 September 2008 - 07:08 AM

Look im sorry, but I dont use linux - Im strictly a windows user - be that good or bad, but even I am finding this whole security crap getting a little old for both camps.I understand the code needs to be secure? But really what from? Excuse my lack of education but really the layman only really worries about cash disappearing - steal my online identy? What the fuck for? Why would someone hack a Linux system? Im sure there are hundreds of hackers out there just waiting to get me, but you know what, why would they bother? So they could get a hold of my bank account, jump on my home loan? I personally think this whole security thing is a device to sell a product that no-one really needs, what better way to sell than to say to someone "your at risk - it could spell disaster for you" and sell them something they dont understand. They did it with Windows - now welcome to the hard sell for Linux - its only a matter of time till you start paying for Virus checkers on Linux... I really think its someone trying to make money out of an untapped resource.
Rig : eVGA 780i FTW QX9650 @ 4.2 Ghz GTX 295 + 9600GT physx 4GB Team Xtreme 5-5-5 1066 3 x 320 GB WD RAID 0

#20 wilsontc

wilsontc

    Champion

  • Atomican
  • 4,242 posts

Posted 12 September 2008 - 05:15 PM

Look im sorry, but I dont use linux - Im strictly a windows user - be that good or bad, but even I am finding this whole security crap getting a little old for both camps.I understand the code needs to be secure? But really what from? Excuse my lack of education but really the layman only really worries about cash disappearing - steal my online identy? What the fuck for? Why would someone hack a Linux system?

Im sure there are hundreds of hackers out there just waiting to get me, but you know what, why would they bother? So they could get a hold of my bank account, jump on my home loan?

I personally think this whole security thing is a device to sell a product that no-one really needs, what better way to sell than to say to someone "your at risk - it could spell disaster for you" and sell them something they dont understand. They did it with Windows - now welcome to the hard sell for Linux - its only a matter of time till you start paying for Virus checkers on Linux...

I really think its someone trying to make money out of an untapped resource.


Not quite, this is about getting developers to write better code, rather than sell a product. Writing secure code costs nothing other than a little extra time and education, but Linus isn't pushing this. In fact, he takes a shot at one project that does.
emccat, Sep 23 2008: you could build like 40 probably more space shuttles or reserch a new type of ion drive (i mean i have come up with a working in theory proptype design AND IM 14) i mean really you'd think that you'd try to settle on the moon at least for all the minerals and crap there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users