SoylentNews is people
SoylentNews
Linux overlord Linus Torvalds has offered some very choice words about different approaches security, during a discussion about whitelisting features proposed for version 4.15 of the Linux kernel. Torvalds' ire was directed at open software aficionado and member of Google's Pixel security team Kees Cook, who he has previously accused of idiocy. Cook earned this round of shoutiness after he posted a request to "Please pull these hardened usercopy changes for v4.15-rc1."
[...] Torvalds has long been unafraid to express himself in whatever language he chooses on the kernel and has earned criticism for allowing it to become a toxic workplace. He's shrugged off those accusations with an argument that his strong language is not personal, as he is defending Linux rather than criticising individuals. On this occasion his strong language is directed at a team and Cook's approach to security, rather than directly at Cook himself. It's still a nasty lot of language to have directed at anyone.
Some 'security people are f*cking morons' says Linus Torvalds
[Reference]: [GIT PULL] usercopy whitelisting for v4.15-rc1
[Linus' Response]: Re: [GIT PULL] usercopy whitelisting for v4.15-rc1
(Score: 2) by DECbot on Wednesday November 22 2017, @12:01AM
I comprehend their threat model as "there are undisclosed bugs in the kernel that malicious apps in the play store can use to gain privileged access to the Android kernel. We need the kernel to panic when a bug is utilized to reduce our liability and give us time to patch the bug." While Linus's stance is "you should focus on reducing bugs, not increasing code count by creating hoops for the kernel to jump through and increasing the likelihood of kernel panics. Only morons want to make the kernel panic instead of patching bugs."
To give a bad analogy, a home has a thermostat that produces undesired operation when subjected to cold drafts. The Pixel team suggests implementing a home security system that will report open windows and doors to the police when it suspects a draft and puts the house in lockdown in which nobody can use the house until it is rebooted. Linus says that's stupid and they should instead invest in a caulk gun and some better insulated windows and doors to prevent the drafts from coming in. However, it is summer so you don't know if you have any cold drafts that disrupt your thermostat when winter comes. But I only have a layman's understanding and thus could be missing something.
cats~$ sudo chown -R us /home/base