back to article 'Kill yourself now' - Torvalds throws openSUSE security tantrum

Linux creator Linus Torvalds has issued a rare public spanking for openSUSE after falling foul of its security procedures. Torvalds has posted a rant on Google+ about his experience installing openSUSE on a MacBook Air. The installation requires the root password for many functions and he went to the Bugzilla thread to argue …

COMMENTS

This topic is closed for new posts.

Page:

        1. MCG
          Trollface

          Re: Re: Linux is just a kernel

          ....and usable applications :)

      1. Dazed and Confused
        Trollface

        @DK2

        Perhaps he just fancied an upgrade

      2. Anonymous Coward
        Boffin

        Re: Linux is just a kernel

        "You know that Linux is just the kernel and openSUSE is the OS? "

        No, I didn't, because it's not true. Linux is the OS, openSUSE is a suite of programs which run on top of the OS.

        Linux consists of a kernel which, combined with device drivers, makes up an OS. openSUSE certainly includes a few extensions to the OS but the vast majority of it is just ordinary computer programs. An OS is a system which mediates access from such ordinary programs (like Bash or Firefox) to hardware.

        If your lecturers told you otherwise, I'd suggest you ask for your tuition fees back.

        1. Anonymous Coward
          Anonymous Coward

          Re: Re: Linux is just a kernel

          Nope. If you're going to be pedantic, and you are, what you are talking about Robert is GNU/Linux, although all but the most ardent of Stallmanites drop the GNU part. Linux itself is merely a kernel. All the automagical stuff is handled by the GNU/other OSS projects bits and pieces, including such things as device drivers.

  1. Voland's right hand Silver badge
    Devil

    Let me guess

    He did not add his daughter to the lpadmin group.

    In that case the web interface of cups outright tells you to sod off and the gui/command line tools start asking for root password.

    We have all been there :) By default most distros put only the "first" user you add at setup into "power" groups and do not give any extra users you add any of these unless you add them manually. Example - first user on a debian box has powerdev, network, etc by default (not sure about lpadmin, but probably that too). Run an adduser to add your daughter and guess what - she has none of those :)

    1. sisk

      Re: Let me guess

      Eh....this is Linus Torvalds we're talking about here, not some Linux newb. I'm fairly certain that's not the issue here.

      1. Anonymous Coward
        Anonymous Coward

        Re: Re: Let me guess

        We all make mistakes, even the Honourable Torvalds. In fact, the more we know, the better our mistakes.

    2. Volker Hett

      Re: Let me guess

      Hm, there is no lpadmin group in my OpenSuse 12.1 installs.

  2. Steve Davies 3 Silver badge
    Thumb Up

    This is a developing pattern

    Where the OS designers have this attitude that users are 'The Enemy' and should be repelled at all costs.

    There is no reason why you should have to have elevated access to do add printers or connect to new wifi systems.

    I guess the money flowing into SUSE from Microsoft is starting to pay dividends, to wit, make SUSE harder for the end user to 'do stuff' than Windows then the user won't switch away from Windows.

    I fully expect that the next version of SUSE will be like Windows 7 and ask for permission to do even trivial things like copying a directory tree.

    Don't even get me started about the Windows 'Run As Admin' kludge.

    Keep on trucking Linus.

    1. eulampios

      Re: This is a developing pattern

      I am curious to find out if the current Linus' ordeal caused by the Novell's novel whim (sorry for the impromptu pun) or was it a long time security policy of the distro?

      1. Marshalltown

        Re: Re: This is a developing pattern

        I haven't used SUSE in quiet a while, however, it used to be reasonably friendly without exposing your root passwd to any passing key logger. Never have used it on a laptop though, and never used it on a wireless system either. Linus' complaint makes a lot of sense, but only if distro publishers really want to see their product on more desktops.and laptops.

    2. markjohnsoncardio
      Black Helicopters

      Re: This is a developing pattern

      @Steve Davies - "There is no reason why you should have to have elevated access to do add printers or connect to new wifi systems."

      Yeah, what could go wrong, right? Glad you don't work in my IT department:

      "Security Risks Of Network Printers

      Treat Multifunction Printers As Servers, Not Peripherals

       The new features, improved connectivity, and increased complexity of today’s printers are a double-edged sword. Although networked peripherals are undoubtedly more functional and efficient (albeit more costly), allowing devices to be shared by many users, the added capability exponentially increases security risks. What were once “dumb” appliances have evolved into embedded computers, secretly hoarding everything passing through them, often unbeknownst to their owners. "

      http://www.processor.com/editorial/article.asp?article=articles/P3224/31p24/31p24.asp&guid=

      1. PJI
        FAIL

        Re: Re: This is a developing pattern

        If Linux suppliers and advocates really want it to become a mainstream system, chosen by professionals and firms, then of course printers and other peripherals must be controlled. This could be a matter of security (e.g. printing confidential documents on a printer in the wrong department or a public area may be thought to be undesirable, or adding a printer with a scanning+email capability, fax ....) or it could just be money: most firms seem to object to unnecessary, or even vaguely necessary printing in colour on cost grounds. So they restrict the use of colour printers.

        Of course, at home, the user can take what risks he likes. But a school, for instance, may well object to some smart-alec adding the printer in the headmaster's office and printing his or her sense of humour-inspired work of genius on it. Yes, there are other, more expensive ways, such as smart cards, subnets etc.; but the simplest way is usually the best They may want to prevent the accidental choice of a printer in the school library for confidential letters to the local council.

        I suggest that those who think otherwise need to get a job in a reasonably sized firm or institution, with responsibility for budget or security and get burnt a couple of times. Being wonderful at software or design does not make one an infallible expert in the realities and practicalities of life.

        1. Anonymous Coward
          Anonymous Coward

          Re: Re: Re: This is a developing pattern

          > then of course printers and other peripherals must be controlled.

          They are unless you configure them not to be and then any user can install a printer.

          The same is true of WiFi and networking in general.

          As for date and time, this is controlled by NTP and if that isn't available (due to no network) then your computer should be able to keep reasonably accurate time until you next plug into a network.

          Linus's problem is that, with the default install, installing printers and networking needs root privileges. These settings can easily be changed so that any user can install printers or set up networking.

    3. Dan Paul
      Devil

      Re: This is a developing pattern (I wholeheartedly agree with you)

      This is exactly why I hate changing operating systems. You never know what you are getting into until it's too late. I am not a Linux user but it's even sadder to see that MS UAC is infecting Linux.

      I have a nice copy of Windows (Vista Ultimate) slightly used ( just once) because as the primary user/administrator the frikking thing would not let me manage my own damn printer and fax scanner. It got wiped off and reverted to XP Pro that evening. I don't want to upgrade because of UAC crap I have experienced with "Fista". Now Windows 8 will be out and as far as I can see that OS figures I am a 3 year old handicapped kid.

      There should be a way to reliably provide the user of his/her own computer the ability to do what they want with their property without all of these stupid, complicated permissions malarkey.

      An installation proceedure that says "Operate Like XP Pro" & "User is Admin".

      I understand if the computer is not your own and there is a business to protect. But it's my PC not anyone elses.

      The same goes for UAC telling me "do I want to trust this program I am starting?" If I load a program on my computer (in person with all of the proper clicks), the rest of the software should just STFU and quit complaining or blocking the program or not showing it in the start bar (just because it's not made by MS, so it can't be trusted).

      If something happens and I am not there to click it's "Okay" then security software should do it's job and prevent the install.

      However, If I am "at the wheel" please stay the hell out of my way.

      1. TeeCee Gold badge
        Happy

        Re: Re: This is a developing pattern (I wholeheartedly agree with you)

        Perfectly possible in Se7en. Just go into the UAC settings and drag the slider all the way down to the "knickers round ankles" setting.

        Then it'll happily let you go to hell in a bucket without complaining, just like XP.

        Actually I rather like the way that UAC works by default. As admin, I get prompted for my OK when sensitive things get touched by something I'm doing. Grunt users (i.e. the kids) need me to authorise installs / changes etc. I did hear that it was fubar in Fister, one of the reasons I avoided it.

      2. Davidoff
        FAIL

        UAC

        "I have a nice copy of Windows (Vista Ultimate) slightly used ( just once) because as the primary user/administrator the frikking thing would not let me manage my own damn printer and fax scanner. It got wiped off and reverted to XP Pro that evening. I don't want to upgrade because of UAC crap I have experienced with "Fista"."

        Really, if turning off UAC under Vista (a simple checkbox) is too complicated for you then maybe you should refrain from using computers at all? With UAC switched off Vista behaves like XP and runs everything which the current user privileges allow.

        "There should be a way to reliably provide the user of his/her own computer the ability to do what they want with their property without all of these stupid, complicated permissions malarkey."

        Well, we went there, and the majority of users have proven to be too moronic to handle their own PCs and prevent it from becoming members of a botnet.

        "I am not a Linux user but it's even sadder to see that MS UAC is infecting Linux."

        It isn't. In fact, this was first seen on Apple's Mac OS X.

        1. Dan Paul
          Devil

          Re: UAC

          Listen "davidoff" you pedantic, pompous, sarcastic twat, that night I was 3 hours on the phone with MS tech support TRYING to keep functionality of UAC and still allow me to configure the PC to do what I wanted. MS Tech Support threw up their hands and apologized becuase they could not help me fix the problem without suggesting a complete reinstall. I got the copy of Ultimate Vista from a buddy who worked for MS the same month it came out.

          And by the way in the first version of Vista (no service packs) UAC was completely and utterly f*cked up and could not actually be "turned off" as it still acted to prevent people from doing what they wanted to do. That is the problem I experienced and MS could not solve.

          Perhaps you should make some attempt to be less of a prick. I pity the people who have to work with you.

          As far as ever having any rootkit or other computer virus infections, I have been free of that crap for almost 10 years now using nothing but freeware programs.

          1. Keep Refrigerated
            Trollface

            Re: Dan Paul

            Can't tell if successful troll or you really believe "operate like XP Pro" should be an installation setting for all OSes.

          2. Anonymous Dutch Coward
            Trollface

            Re: Re: UAC

            Seems you fell hook, line & sinker for their marketing then. Why did you install a pre-SP1 operating system*) in the first place?

            Good luck with your free software - perhaps you should switch to OpenSUSE for good measure?

            *) in Vista's case, perhaps at least 2....

    4. Gordon Fecyk
      Thumb Down

      Somehow, someone managed to blame Microsoft for a non-Microsoft problem.

      "I guess the money flowing into SUSE from Microsoft is starting to pay dividends..."

      SUSE doesn't need any help from Microsoft to make Linux harder to use. They have legions of religious fanatics who were working on making Linux harder to use for two decades. They keep designing for other Linux users than for other regular users.

      "Don't even get me started about the [s/Windows/Linux] [s/'Run As Admin'/'su'] kludge."

      [s/pot/kettle]

  3. Anonymous Coward
    Anonymous Coward

    Sounds like he should have just left the Macbook Air on it's default OS.

    1. Anonymous Coward
      Gimp

      "Sounds like he should have just left the Macbook Air on it's default OS."

      Maybe he just needed a proper OS instead of a Fisher Price one?

      1. fishman

        Re: "Sounds like he should have just left the Macbook Air on it's default OS."

        Fischer-Price? He wasn't installing Windows 8 with Metro.

      2. Anonymous Coward
        Anonymous Coward

        Re: "Sounds like he should have just left the Macbook Air on it's default OS."

        Since when was BSD "Fisher Price"? Sounds more like Linux. You do realise you are dismissing an OS older than you are and the basis of more OSs than you know exist, including most of the secure and high performance UNIX implementations, the one on variants of which many of the standard tools such as ssh(1), DNS, CUPS and others were developed?

        Get a life, get an education, get experience, get a Mac, discover the terminal mode and a decent shell such as ksh or tcsh, then come back with your ignorant comments when you have got some experience - and study some technical history and something other than a home Linux system.

        Oh, I know, you think the GUI is the operating system and shell. Oh dear.

        1. Anonymous Coward
          Anonymous Coward

          Re: "Get a life, get an education, get experience, get a Mac,"

          The first 3 I already have, thanks. As for "get a Mac" - I'd rather get herpes.

        2. chris 233
          Mushroom

          tcsh!?!

          Abortion! What a miserable shell. A mess. Useless for scripting. Stick to bash or zsh.

      3. Anonymous Coward
        FAIL

        Re: "Sounds like he should have just left the Macbook Air on it's default OS."

        Why not go the whole hog and pronounce your penis to be bigger than his?

    2. Mike 29
      Thumb Up

      Agreed. Then there wouldn't be a printer driver available, hence no need for passwords.

      1. Anonymous Coward
        Anonymous Coward

        Printer driver

        No printer driver available? Just shows you don't know that both OSX and SuSE Linux use the same printing system, CUPS.

  4. Anonymous Coward
    Anonymous Coward

    Hmm...

    Kernel writer in not understanding wider OS shocker.

    I wonder where we've heard this before, oh yes, it was Linus slagging off the new desktop on Fedora and actually missing the point that 30seconds on google would have resolved most of his issues.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmm... - In case you didn't notice

      It's not that he didn't know how to do it, he was questioning the need of having this security barrier for a regular user.

  5. Silverburn
    Happy

    Don't beat about the bush Linus. Tell us *really* they should do.

    Notes to self: must use "just kill yourself" as a suitable answer to more luser support calls.

    1. frank ly
      Thumb Up

      You're supposed to say ...

      "Have you tried turning it off then on again?"

  6. Anonymous Coward
    Anonymous Coward

    Oh great, must login into Google+ to read his post on my tablet. Guess I won't be doing that then.

    Why does he, of all people, use that shit?

    1. Crazy Operations Guy

      Because he is a narcissistic asshole

      And he just needs to 'shut up and hack'. He is terrible at speaking and should just keep his mouth shut. He is egotistical on a level I never thought possible, I mean what kind of ego would you need to name an OS* after yourself and promote it without shame?

      *or kernel or whatever you want to classify it as.

      1. Graham Dawson Silver badge

        Re: Because he is a narcissistic asshole

        He's Finnish. It goes with the territory.

      2. Vic

        Re: Because he is a narcissistic asshole

        > what kind of ego would you need to name an OS* after yourself

        He didn't. Someone else did that.

        Vic.

      3. easyk

        git

        he named his other project after himself as well : git

      4. Anonymous Coward
        Anonymous Coward

        Re: Because he is a narcissistic asshole

        I think someone else actually came up with the name, as strange as that may seem.

        1. Anonymous Coward
          Anonymous Coward

          Re: Re: Because he is a narcissistic asshole

          >I think someone else actually came up with the name, as strange as that may seem.

          Yeah, blame the friend. That's how I'd do it too.

      5. Anonymous Coward
        Anonymous Coward

        You think Linus is an aRSEhole with a huge ego?

        Are you familiar with OpenBSD?

  7. Anonymous Coward
    Anonymous Coward

    He has a point

    There is some really dumb security points in many software.

  8. Anonymous Coward
    Anonymous Coward

    I guess Linus has a point here

    I had to give my wife the root password in Fedora 16 w Gnome 3 because she couldn't change her regular user account password. The bloody user account settings app requests root password in order to let you in.

    I've also noted that some apps are happy with your sudo password while others require no less than the original root password which makes sharing a computer impossible without sharing the root password. On the command line it's ok to setup and use sudo but not when you use GUI.

    1. markjohnsoncardio
      Facepalm

      Re: I guess Linus has a point here

      "On the command line it's ok to setup and use sudo but not when you use GUI."

      That's why SUSE has YaST - a GUI that assesses your level of administrative privilege before allowing you to make security changes. Kind of like a GUI form of sudo.

      1. Anonymous Coward
        Anonymous Coward

        Re: Re: I guess Linus has a point here - I believe you slapped your head

        after reading that I was talking about Fedora which is not using Yast (this means after posting your reply). I repeat, you should not be asked for root password in order to be able to change your regular user account password, your old password should suffice. Even Microsoft knows that.

      2. ElReg!comments!Pierre
        Paris Hilton

        Re: Re: I guess Linus has a point here

        >YaST [...] Kind of like a GUI form of sudo.

        Only not at all. There are a number of GUI frontends to sudo, YaSt is just not one of them. YaST is a package and config tool. Nothing to do with permission control.

  9. Yet Another Anonymous coward Silver badge

    Suse is supposed to be enterprise

    Any regular user can change HR's printer to be the one in their office?

    Any user can change the date/time

    And this is supposed to be a secure OS?

    Of course Windows is better. On Vista if you skipped to the next month in the date/time control to see what day the 1st was it actually changed the system date and then changed it back! Good job nobody would be running anything important on Vista

    1. Volker Hett

      Re: Suse is supposed to be enterprise

      Changing printers on a print server to redirect output to another location is a bit different to using a networked printer, isn't it?

      With my notebook I use printers at home, in the office and in copy shops. Ok, I have the root password, but my niece hasn't and she has the same problem Linus daughter had.

      With OpenSuses default policy you need the root password, even for sudo!

  10. Anonymous Coward
    Anonymous Coward

    In other words...

    ... Linus is saying that Linux is not ready for the desktop? I thought 2012 would be the year of Linux on the desktop!

Page:

This topic is closed for new posts.

Other stories you might like