SoylentNews is people
SoylentNews
Linux overlord Linus Torvalds has offered some very choice words about different approaches security, during a discussion about whitelisting features proposed for version 4.15 of the Linux kernel. Torvalds' ire was directed at open software aficionado and member of Google's Pixel security team Kees Cook, who he has previously accused of idiocy. Cook earned this round of shoutiness after he posted a request to "Please pull these hardened usercopy changes for v4.15-rc1."
[...] Torvalds has long been unafraid to express himself in whatever language he chooses on the kernel and has earned criticism for allowing it to become a toxic workplace. He's shrugged off those accusations with an argument that his strong language is not personal, as he is defending Linux rather than criticising individuals. On this occasion his strong language is directed at a team and Cook's approach to security, rather than directly at Cook himself. It's still a nasty lot of language to have directed at anyone.
Some 'security people are f*cking morons' says Linus Torvalds
[Reference]: [GIT PULL] usercopy whitelisting for v4.15-rc1
[Linus' Response]: Re: [GIT PULL] usercopy whitelisting for v4.15-rc1
(Score: 5, Insightful) by The Mighty Buzzard on Tuesday November 21 2017, @05:25AM (20 children)
Yeah, no. Linus is absolutely correct. You don't write additional code to stop the exploitation of known bugs and leave the bugs in. Writing code to stop unknown bugs from being exploited is all fine and good but if you know about them you fix the damned things instead of slapping a band-aid over the top of them.
My rights don't end where your fear begins.
(Score: 5, Funny) by RS3 on Tuesday November 21 2017, @06:18AM (15 children)
Wait, you mean MS is doing it wrong?
(Score: 5, Insightful) by aristarchus on Tuesday November 21 2017, @06:59AM (14 children)
This is the end. The Apocalypse. Götterdammerung. Raganorak. Runaway posted something spot on and righteous. khallow did something near the same, for khallow. And Now you tell me that The Mighty Buzzard, his own self, is saying something so true that it makes blue dog democrats and yellow dog republicans agree! Well, hush my puppies! And these are not "Sad Puppies", they are in fact "Hushpuppies". [myrecipes.com] I am going to have to retire, if this keeps up.
(Score: 3, Informative) by Anonymous Coward on Tuesday November 21 2017, @08:25AM (5 children)
FTFY
(Score: 4, Funny) by aristarchus on Tuesday November 21 2017, @08:43AM (1 child)
Sure, here I am, misspelling the downfall of the gods and the end of the world in hopes of putting it off a bit, and you have to be so helpful as to correct me? Now you've done it, and it is all on you and not on me! This whole Nibiru affair, it is on this AC right here! Not me! I tried to warn you! But would you listen? It was all "it's only aristarchus again, when has he ever been right?" Except, you remember that whole heliocentric thing? Sizes of the Moon and Sol? And how there could be no Nibiru? Oh, how quickly they forget, and how often. Fortunately, Greek Gods do not do the dämmerunging thing. They are immortal. Which if probably why Greece is doing just fine while Germany's government has just suddenly dämmerung'ed. German German-spelling Nazis, anyway. After Ragnorak, who needs an umlaut any way? Ümlaut, or Umläut, anyway?
(Score: 2) by AthanasiusKircher on Wednesday November 22 2017, @02:28AM
You and that damn heliocentrism thing. Always gloating. Except where's the proof? Some "lost" treatise? Likely story. Everyone says you said it, but what if it's all just fake news?! People tweeting on their papyri...
(Score: 1, Touché) by Anonymous Coward on Tuesday November 21 2017, @08:43AM (2 children)
There, FTFY
(Score: 2) by aristarchus on Wednesday November 22 2017, @07:13AM (1 child)
That, my dear and fluffy soylentil, is an umlaut too far! Remember, as the Great TMB said when he implemented it: "With great unicode comes great responsibility."
(Score: 2) by The Mighty Buzzard on Wednesday November 22 2017, @10:19PM
Thank you for paraphrasing what I said to give it greater dignity. I believe the original message was more along the lines of: behave yourselves or I'll change your sigs to "I ❤ Moose Wang".
My rights don't end where your fear begins.
(Score: 2) by Aiwendil on Tuesday November 21 2017, @09:06AM (3 children)
Huh, funny, didn't know Hushpuppies was a pastry, I only knew that term as a reference to Guns with silencers (in particular Smith & Wesson Model 39 Mk 22 Mod 0 [wikipedia.org](search for: hush)
Learned something new and potentially useful today, thanks.
(Also - Ragnarök)
(Score: 3, Informative) by aristarchus on Tuesday November 21 2017, @10:13AM (2 children)
Oh, great, now we have umlauted in both German and Norse! This will certainly bring the apocalypse (that's greek, by the way, ἀποκάλυψις, the "falling down", or "away", not sure which) upon SoylentNews! In times, or ends of times, like these, I recommend spirits, especially Ouzo.
(Score: 2) by c0lo on Tuesday November 21 2017, @03:13PM (1 child)
But of course magister.
At +30C, no other spirit works better - except, once in a while, some Cuban rum (if one mixes it well with jazz).
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Tuesday November 21 2017, @05:53PM
I'll only use Ouzo as a substitute for Absinthe if I can't get any and want the visual appeal of the anise louche.
(Score: 4, Funny) by kazzie on Tuesday November 21 2017, @09:24AM (1 child)
That's the final great battle of people wearing raincoats, right?
(Score: 3, Funny) by pendorbound on Tuesday November 21 2017, @02:35PM
I just like to take this moment to thank the admins for bringing proper Unicode support to slashcode. Without their forethought and benevolence, dē𐌴ᚹ å𐌽d ⲙéàⲛ¡ngfül dèbÅⲧཇs Տüçᚺ äs ϯh¡Ⴝ øႶe wºùld Σïოpl¥ ᥒØᝨ ᜐε pøssiblé.
(Score: 2) by G-forze on Tuesday November 21 2017, @04:14PM (1 child)
Ragnarök
Let's not postpone the inevitable any more than we have to. ;)
If I run into the term "SJW", I stop reading.
(Score: 3, Funny) by Azuma Hazuki on Tuesday November 21 2017, @10:03PM
Raganorak is the trainspotters' apocalypse then? The Teatime of the Timetables?
I am "that girl" your mother warned you about...
(Score: 2) by edIII on Tuesday November 21 2017, @07:06AM (1 child)
Having read his response, the only thing I disagree with is his ideology that seemingly *only* allows for fixing bugs to increase security. Security is layered, and defense in depth should always be a good goal. Unless I misunderstood what he was trying to say:
Otherwise I agree with you about the band-aid.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Tuesday November 21 2017, @07:51AM
What I got out of it was something rather different.
"Security problems" in this context are not design problems. "Security problems" are specific, identified bugs. As such, for this type of "security problem" the proper response is in fact to address the bug, not to change fundamental kernel behavior.
Now, there can easily be "security problems" in a more broad sense, e.g. "the way the kernel currently does things is dangerous and we need to come up with a better way." These are design problems, and may warrant a more large-scale response. But those should be properly developed over time and people should be warned in case it breaks software so problems can be addressed in advance, rather than after an automatic update goes horribly awry. Addressing a bug in a patch should not result in fundamental redesign more or less on the fly, which seems to be what was done by the programmer Linus is irate with. This patch seemed to make things secure by throwing anything that might even potentially cause a violation under the bus, on the assumption that this is without question the best and only acceptable solution and anything that it disrupts is indisputably expendable. Clearly, it is not necessarily so unquestionable or indisputable after all.
A major problem is that some security people are willing to sacrifice anything and everything in the name of perceived short-term security. I think this was one of those situations.
(Score: 0) by Anonymous Coward on Tuesday November 21 2017, @03:08PM (1 child)
Being right doesn't make him any less of a narcissistic asshole. He is right about not leaving a bug in and working around it, but his attitude that he's being an asshole for Linux just smacks of rationalization.
(Score: 3, Insightful) by tangomargarine on Tuesday November 21 2017, @03:54PM
You have to be a bit rude from time to time to get anything done. How much varies depending on who you're working with.
Now obviously it's a different question if you *enjoy* being rude to people. But you'll excuse me if I don't trust you to make that diagnosis, Mr. Armchair Psychologist.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"