back to article Some 'security people are f*cking morons' says Linus Torvalds

Linux overlord Linus Torvalds has offered some very choice words about different approaches security, during a discussion about whitelisting features proposed for version 4.15 of the Linux kernel. Torvalds' ire was directed at open software aficionado and member of Google's Pixel security team Kees Cook, who he has previously …

  1. Gene Cash Silver badge

    Google's Pixel security team

    There's a crack bunch of professionals, right there!

    When you have little enough confidence in your code that you introduce a fallback mode in case it takes a shit... then that garbage doesn't belong in an OS kernel.

    Linus should have stabbed him in the eye. And the dick. And set him on fire.

    1. Anonymous Coward
      Anonymous Coward

      Re: Google's Pixel security team

      WHen I rollout a new piece of software or system, or run an IT project I've always got a section called "risks" and that always has a subsection called "mitigation".

      We can test new rollouts for months but I am only happy if we have an easy way to "fallback" if things take an unexpected turn for the worst. You rollback, regroup and reconsider.

      It is not a failing when making major, potentially destructive, changes to have considered a position if it doesn't work out.

      1. teknopaul Bronze badge

        Re: Google's Pixel security team

        It does not work like that in the world of C programming, you cant have bugs and worry about them later. You cant reconfigure crashed systems. You cant say there is a risk this has a race but fuckit, lets ship and seeif it crops up in the wild. many bugs result in security issues. Some new wonky code that kills processes it does not like is presuming that those processes are not part of overall stability and security of the system. Probably an incorrect assumption.

        1. Anonymous Coward
          Anonymous Coward

          Re: Google's Pixel security team

          "It does not work like that in the world of C programming, you cant have bugs and worry about them later"

          C Programmers are magicians. All software has bugs regardless of what language was used. You will have to worry about them later as someone will discover them and let you know, you then need to go back and fix them.

          1. Ian Joyner

            Re: Google's Pixel security team

            "C Programmers are magicians." More like "Systems programmers are the high priests of a low cult." (1967)

            "The Open Channel". Computer. 13 (3): 78–79. Mar 1980. doi:10.1109/MC.1980.1653540.

            https://en.wikipedia.org/wiki/Robert_S._Barton#Quotes

            It is a frequent excuse for C that you will get bugs in whatever language. But other languages will check for common mistakes and build an abstraction that is checkable when the system is built. With C you mainly have to wait until the system is deployed and hope that some nice person reports the bug, rather than sues you, or worse is a malicious hacker that will take advantage.

            "You will have to worry about them later as someone will discover them and let you know, you then need to go back and fix them."

            Bad philosophy - too late, too costly.

          2. Wayland Bronze badge

            Re: Google's Pixel security team

            "All software has bugs", well that's a false statement.

            In a practical sense a large program probably does have bugs but if a problem is logical then perfect code can be written.

            It is absolutely possible to remove all bugs.

            The problem with C is that it tends not to stop you running a pointer off the end of an array or even using a pointer that's not been set. You're driving down a mountain road with no guard rail but then you should not be using the guard rail.

            1. Kiwi Silver badge
              Pint

              Re: Google's Pixel security team

              In a practical sense a large program probably does have bugs but if a problem is logical then perfect code can be written.

              I agree that it is theoretically possible to write bug-free code even for considerably large programs.

              The problem is, that code also has to interact with the rest of the system and the users. One of those two will break it. And if the users don't break it, they'll break something else that then breaks the program.

        2. Jason Bloomberg Silver badge

          Re: Google's Pixel security team

          You cant say there is a risk this has a race but fuckit, lets ship and seeif it crops up in the wild.

          It's a tough one. Live with potential bugs or ship with a fix which may itself cause problems with a fall-back for when it does?

          It's Linus's project so I guess he gets to decide. I am not always convinced he gets it right and I often dislike the way he deals with those who hold a different opinion to his own.

          1. anonymous boring coward Silver badge

            Re: Google's Pixel security team

            "It's a tough one."

            It's not a "tough one". It's the effing kernel! It's an easy one, and if you can't see that you shouldn't be contributing to the kernel at all.

        3. shawnfromnh

          Re: Google's Pixel security team

          That is more like the Windows 10 philosophy at in we'll do the updates because they are due to the schedule and then force them onto the users whether they've been fully tested or not and you can't wait of choose not to do the update because they are mandatory and MS knows what is best for your computer even if it causes and endless boot cycle you will take the update again even if you rollback you system and take the update again with the same results because we know best.

          1. Tomato Krill

            Re: Google's Pixel security team

            Aaaand breathe

      2. Wayland Bronze badge

        Re: Google's Pixel security team

        A Rollback is a sensible emergency contingency when you only have the one system to test with, the live one. However Linux has millions of users who are happy to beta test. You'd find those sorts of bugs in that phase. They can surely manage their own rollbacks and backups if they are willing to beta test.

    2. Sil

      Re: Google's Pixel security team

      A project the size of Linux does need a persistent and strict leader.

      However, lashing out at people with such virulence is not productive, decrease morale of existing contributors and will make would-be contributors, some of whom may even be quality ones, think twice before contributing to Linux.

      Believe it or not, it's possible to stay courteous while refusing a patch or remonstrating.

      What the Linux development process seems to miss are monthly/weekly/ad hoc (forum) discussions of desirable new features/changes - before a single line of code is written, so that at least there's an agreement on what to sink time in, what kind of outcome is targeted, and what will never happen.

      1. BillG Silver badge
        Megaphone

        Lashing Out

        @Sil wrote: A project the size of Linux does need a persistent and strict leader.

        However, lashing out at people with such virulence is not productive,...

        I agree with you in principle. But in practice it can get utterly frustrating just how quietly PERSISTENT stupid can be. For the stupid persistent, they know from experience that if they just keep asking over and over and over and over and over and over and over and over and over and over and over and over and over and over and over and over again sooner or later someone will give in. and they know this because it works.

      2. webeindustry

        Re: Google's Pixel security team

        Grow a pair. If some weak developers can't take the heat they are better suited elsewhere. Linus has every reason to call out idiocy from the securitards.

        Which is more unproductive for a large team being brutally honest or running a fools errand attempting to cater to everyone's feelings?

        I would never work for these libertards who are all about "inclusion" and "politeness" beyond what is reasonable. Get shit done I don't care about remaining politically correct. If you got the skills and will, contribute and take it as it is. Everything else is secondary.

        1. Matt Judge

          Re: Google's Pixel security team

          Here, here. From someone who has told more than a few managers what I think of their liberal attitudes.

          1. Anonymous Coward
            Anonymous Coward

            Re: Google's Pixel security team

            Where, where?

        2. Jonathan 27

          Re: Google's Pixel security team

          I see you've either never been involved in software development or are one of those horrible toxic people who have been fired over and over. Almost no one can get away with being as rude as Torvalds is, the only reason he can is that basically no one can fire him.

          Screaming at team members is never productive. What you do is calmly explain what people have done wrong. Software development is a group activity and you have to work to keep your team dynamic functional. One person publicly calling out others is not something that's productive.

          What does this have to do with "inclusion" and "political correctness". It's not the message that's wrong, it's the delivery method. Someone does something stupid, you tell them, you explain why it's stupid, you don't scream at them from the rooftops (or the internet equivalent).

          1. jake Silver badge

            Re: Google's Pixel security team

            Jonathan 27, Linus only gets bent out of shape after all other methods bounce off cloth ears. Contributors get plenty of warning when they are messing up. Really. I've been contributing to the kernel for a quarter century now, and made a couple very stupid mistakes along the way. Yet I've never even been growled at. Because I figure out where I went wrong, acknowledge the issue, fix it, and move on. Just like Cook has done with this latest issue, even though it took him a while to grok where he was going wrong.

            On the other hand, if the rare bad language offends you so fucking much, fork the fucking kernel already! All you have to do is find a lead dev who is well versed in kernel development, and a bunch of seasoned kernel hackers to follow him/her. That shouldn't take too long, right? Maybe you could use Kickstarter? Then you can show us all how the kinder, gentler method is so much better. Devs could get "time outs" instead of being yelled at. They could have "do overs" when they break something. Every dev would get a trophy. You could call it "Kumbaya". I'm absolutely certain the world will beat a path to your door.

            Oh, wait, I said "beat". My bad. Did that offend your virgin ears^Weyes?

            Honest to fucking gawd/ess, we're turning into a race of whiners ...

      3. anonymous boring coward Silver badge

        Re: Google's Pixel security team

        Can you imagine how many people demand time from Linus?

        And can you imagine the frustration when idiots demand more and more time?

        Linus obviously want these contributors to go away and never be heard again from. Can't say I blame him.

      4. boatsman

        Re: Google's Pixel security team

        political correctnes does not cure irresponsible behaviour,

        which is critical when dealing with a software system that millions of people and businesses are relying on.

        It's not unthinkable that human lives might be at risk when you kill a proces in a system, although you are not quite sure it needs to be killed; quite possibly you actually never heard of the system your code is running in, let alone understand what it is doing....

        Kees Cook is obviously not quite aware of the context in what he is doing. to much Pixel focused, I suppose.

      5. iTheHuman

        Re: Google's Pixel security team

        That's not unintentional. That's what you get when you have a huge software project lead only by programmers. They've no interest in something unless there is code, and code is more important than design.

  2. PushF12

    Build statues in honor of Linus

    Google hires more for politics than ability now, and it is starting to show.

    We should be building statutes in tribute to Linus.

    1. HmmmYes Silver badge

      Re: Build statues in honor of Linus

      Or have a whip-round and pay for Linus' sex change ...

      1. Anonymous Coward
        Anonymous Coward

        Re: Build statues in honor of Linus

        Sorry. I don't get that.

      2. Hollerithevo Silver badge

        Re: Build statues in honor of Linus

        @HmmmYes, what is that supposed to mean? Are we supposed to be amused?

    2. bombastic bob Silver badge

      Re: Build statues in honor of Linus

      Forget just a statue, how about a 'classic Greece' SHRINE?

      /me envisions lots of Corinthian columns and marble

      Seriously, though, Linus is right. If you try and put every "but if" you can into the kernel, you'll end up with MS WINDOWS [or worse] and who in the hell wants THAT???

      I have a better idea: if you want "that behavior", write a kernel module to do it. Otherwise, leave everyone ELSE's Linux alone!!!

      Cisco apparently wrote their own "hardened" Linux for their own stuff. Maybe Google needs to take a page out of THEIR handbook, and NOT sit there whining and trying to make EVERYBODY ELSE on the planet "do it THEIR way".

      no icon this time, as I can't think of one that's even remotely relevant to this...

      1. Mark 65 Silver badge

        Re: Build statues in honor of Linus

        Maybe Google needs to take a page out of THEIR handbook, and NOT sit there whining and trying to make EVERYBODY ELSE on the planet "do it THEIR way".

        Sounds like another large company trying to muscle in and do a RedHat. Is this dude the security world’s Poettering?

        1. Kiwi Silver badge

          Re: Build statues in honor of Linus

          Is this dude the security world’s Poettering?

          I don't think so. This guy did a "I can see there's a problem so I'll pull back and look further" and also a "I learned something today" [who's Kyle Brovlowski again?]

          Pottything would have been unlikely to respond at all, but if so it would've been a "this is not a bug" or "this is a bug but it won't be fixed" - at best.

          Quite a bit of difference. One is willing to admit he could be wrong, the other would if you told him his house was on fire would ignore you or tell you it's only because of the brightness of sunlight shining out of his own backside.

      2. PaulFrederick

        Re: Build statues in honor of Linus

        What we all need to remember is that Linux made Google. Google did not make Linux. Google's billions don't change the facts either. They can stuff that into their Pixel pipe and smoke it too!

    3. wallaby

      Re: Build statues in honor of Linus

      "We should be building statutes in tribute to Linus."

      It would give me something other than my PC screen to throw things at I guess - I'm in, saves me buying a dartboard

    4. patrickstar

      Re: Build statues in honor of Linus

      Kees Cook is not some diversity hire.

      He's a long-time Linux kernel developer and head of the Kernel Self-Protection Project.

      Not that he has been doing a particularly good job at that, or shown much security clue, but certainly more clue than Linus.

      1. Kiwi Silver badge
        Boffin

        Re: Build statues in honor of Linus

        Not that he has been doing a particularly good job at that, or shown much security clue, but certainly more clue than Linus.

        I've spent a little while over the last couple of days remotely monitoring some suspicious traffic on a machine I part-time administer for someone else.

        My philosophy is "watch, learn, act" - I watched, I spent some time learning about a few processes and tools I'd not yet had to learn about, and I acted - in this case to decide "almost certainly nothing to worry about" but make a few system changes to lessen any potential attack surface (as far as I can tell it was "none" but a little bit extra security should be fine). Oh, and to run a few other basic security checks.

        Now, I could've run "sudo shutdown -h now" which is pretty much the equivalent to what Kees Cook would've done, but that a) would've not solved the problem and b) led to other problems, like the server not being able to perform it's other duties.

        If I'd "paniced the kernel" (ie shut down) everything stops - monitoring, logging, ability to watch what's going on, and the ability for some of the staff to do their jobs. "Suspicious behaviour" that turned out to be a non-issue could've had his staff sitting around twiddling their thumbs while I travelled to location, isolated the machine from the network (the arduous task of unplugging the patch cable), and proceeded to spend hours upon hours scanning for the "cause" while also trying to check and if necessary secure the router and so on, or it could be left up, checked in-situ for the nature of the suspicious behaviour, with a phone call from me to do an urgent power down (pull the mains plug) should it look like more of a risk.

        [BTW, the action? He'd thought it'd be great to chuck a torrent client on his always-on server, and later denied knowledge - the persistent Ukraine addresses probably weren't hackers trying to come in, they were most likely other clients wanting the series he'd been downloading - so the action was 2 fold 1) to have a discussion with him, his wife, and a couple of the other staff about system security and 2) to lock him out of the server admin (ie change the password). I do have to figure out a secure way to make it available (in case I'm not available) but so that he cannot get it without bloody good reason

        Oh, and for some reason Nethogs wasn't showing transmission in the list, or any programs, just IP's (hence why I didn't detect it much sooner) - I see on some machines it does and some it doesn't ^O^ .

        At least I have my Christmas travel costs sorted after this ;) ]

  3. Long John Brass Silver badge

    Userland

    Userland should never ever ever cause the kernel to panic.

    Sure kill a badly behaved process. But the rest of the system should keep trucking on.

    There was an interesting discussion years ago as to the correct failure mode of web-browsers.

    The argument went it's better to render something broken than nothing at all or worse, kill the browser. OS kernel failure modes need to be thought of in the same manner; Unless something is really broken, clean up & carry on.

    1. Ptol

      Re: Userland

      If I believed that someone had hacked into my server, would I try to patch and repair and keep the server going? or would I format the box, and rebuild it?

      So, consider a server that is part of a highly available cluster farm, that is designed for surviving server failures - A kernel detecting an illegal permission escalation attempt deciding to kernel panic? Well, the system is designed to cope with that. Much safer than having a hacker roaming around your server farm for 3 months before you spot them. How do you unpick that mess? The last 2 weeks backups to the disk backup system wont help, that's for sure.

      1. Dazed and Confused Silver badge

        Re: Userland

        > A kernel detecting an illegal permission escalation attempt deciding to kernel panic?

        No, the correct behaviour is not to allow the permission escalation, if it is via a system call then the call should fail and return -1 and set the ERRNO. If the issue was via an attempted memory access the caller should be killed via the appropriate signal.

        The kernel should only panic when the kernel has a problem, normally when it detects some sort of internal inconsistency.

        The only userland event that should cause a panic is PID 1 existing.

        1. Bronek Kozicki Silver badge
          Mushroom

          Re: Userland

          I am surprised anyone could downvote you. I guess there are morons who do not see the difference between system user-mode hack and kernel level hack.

        2. Ben Tasker Silver badge
          Joke

          Re: Userland

          > The only userland event that should cause a panic is PID 1 existing.

          But only if it's SystemD. SysVInit should be allowed to continue as normal

          1. Dazed and Confused Silver badge

            Re: Userland

            I know you marked this as a joke, but

            > The only userland event that should cause a panic is PID 1 existing.

            But only if it's SystemD. SysVInit should be allowed to continue as normal

            This is one of the issues with systemd, the traditional init was a very simple thing and as such incredibly unlikely to die. Once it had launched the system it became the catcher of orphans, it issues the wait(2) calls to allow them to be reaped. The kernel needs to have somewhere to pass orphan processes, this is why it panics if PID 1 dies.

            IMHO systemd does too much, it has too many interaction points and therefore is much more likely to have defects and therefore at risk of dying. Unlike other userland processes, the death of PID 1 is fatal. So things which are perfectly acceptable in other process are not in tolerable in PID 1.

            1. Ben Tasker Silver badge

              Re: Userland

              > Unlike other userland processes, the death of PID 1 is fatal. So things which are perfectly acceptable in other process are not in tolerable in PID 1.

              Oh, agreed, but the joke was based on your typo ;)

      2. Paul Crawford Silver badge

        Re: Userland

        "A kernel detecting an illegal permission escalation attempt deciding to kernel panic?"

        For those sort of "user process playing silly buggers" problems we have apparmour, don't we?

        Edited to add: root is also a user, and one with a greater need for care in terms of daemon processes.

      3. teknopaul Bronze badge

        Re: Userland

        Its not a hacker, its a process doing something that was a permitted operation before the patch got applied.

        Security folk generally dont grok this. New rules that lock out legal proccesses that are not run by hackers have not "made the system more secure". Lockouts are a security fail. Bugs. They need fixing.

        IMHO Too often those working in security take the approach of break first ask questions later. And then expect everyone else to change.

      4. Kiwi Silver badge
        Pirate

        Re: Userland

        If I believed that someone had hacked into my server, would I try to patch and repair and keep the server going? or would I format the box, and rebuild it?

        Funny, I had just this issue. The option taken was to watch and learn, then act.

        Could've gone your way, taken the server down, spent a few days rebuilding (restoring from backups wouldn't have been an option for me, I can't say if there was an earlier intrusion that'd let the miscreants back in), restored the data and databases, and (at a huge cost to the company) had a nice clean server back up.

        Instead the issue turned out to be the password-equipped boss having installed a torrent client, and we resolved the issue without downtime (traffic spike, connected IP's from Ukraine (and other places but they stood out to me for some reason). I could've done the oft-suggested "nuke from orbit and rebuild", but there's a lot of costs involved in that. When it means people can't do their jobs while waiting....

        Not every business that has a few servers has large fault-tolerant server farms, not all can even afford the power to run such things let alone hardware, IT staff etc etc

        And yes, had I seen any signs of actual intrusion we would've been looking to rebuild ASAP (still got monitoring windows open here as I'm happy all is well, but I'm going to keep a weather-eye on it for a while longer yet)

        [Icon coz I suspect that when he and the wife discuss things at home tonight, well....]

  4. jake Silver badge

    Linus showed extreme tolerance, as usual.

    I'd have really lit into the fucking idiots.

    1. wallaby

      Re: Linus showed extreme tolerance, as usual.

      Linus eclipses all the worlds f*cking morons

      nobody could ever hope to rise to such levels of advanced muppetry

      1. Uffish

        Re: "rise to such levels of advanced muppetry".

        You are right I suppose, I couldn’t hope to rise to such levels as L.T. inhabits - but I can dream can't I?

      2. Kiwi Silver badge
        WTF?

        Re: Linus showed extreme tolerance, as usual.

        nobody could ever hope to rise to such levels of advanced muppetry

        Linus's OS1 Usage : Most devices globally.

        Yours? In fact, how many people around the world even know your name including all your pseudonyms?

        1 yes yes I know he didn't write the whole thing from scratch himself, but he did get it started, and was a good enough marketeer that others joined him in his Noble CauseTM

  5. Mark 85 Silver badge
    Thumb Up

    If only all project management types were like Linus but then they would have to be technically competent. Technical competence always trumps politically correct/corporate ladder climbing. \

    *Or it should anyway.

    1. HmmmYes Silver badge

      'Technical competence always trumps politically correct/corporate ladder climbing.'

      I see you're new to the world or work +business....

      1. Anonymous Coward
        Anonymous Coward

        I once had a director like Linus - business head, not very technical person. It turns out that business people have their share of knowledge, too. It took a little while to get used to him, especially after I found myself on the receiving end more than once. Eventually, I started to learn from him. And learn. And then learn some more. Now I miss him a lot, after I moved elsewhere - and the only fault I can put on him is that he did not enforce the discipline among the developers enough.

      2. shawnfromnh

        that's whats wrong today with work and business. PC should only be used for politics and fuck being in work because work is a place to make money for the company not push elitist agenda's of only hiring the people that are following some worldview narrative that is basically not allowing people to be chastised for being moron because of their race, gender, sexual preference, or political views. Morons are morons and lazy is lazy and they should not be given security blankets or safe spaces at work. https://www.youtube.com/watch?v=aXrwjLahUdw

        1. Anonymous Coward
          Anonymous Coward

          Yeah, good thing nobody in a position of power ever attacks those who are perfectly competent, but the manager personally hates because of the their race/gender/sexuality, etc. It would really blow a hole in your idiotic rant if such people were routinely treated as inferiors due to something they cannot change despite excelling in their work otherwise. Obviously, only those people who deserve the personal attacks would ever be subjected to them if they were no longer protected.

          /s

        2. Hollerithevo Silver badge

          I keep explaining this

          Political correctness (the phrase was, in the beginning, a bit of conscious humour) is not calling people words they don't like, but using the terms they prefer. So I wouldn't call a chap 'fattie' if he preferred 'Mr Smith'. It extended to assuming that it was better to approach all people with a minimum of respect ad courtesy and to check whether you were acting rationally in your choices (e.g. Mr Smith is not as good as Mr Jones) when in fact you were thinking 'all fatties have no discipline, so I don't want him on my team'. Now substitute 'Asian' or 'Black' or 'female' for 'fattie' and some other stereotypical attitude for 'no discipline' and you have what political correctness was developed to combat.

          Also, the workplace is part of the world. Ignorance, rudeness, cruelty, bullying, bigotry, do not stop at its doors. They come right on in and make the workplace a misery for far too many.

          1. Anonymous Coward
            Anonymous Coward

            Re: I keep explaining this

            and yet with all the PC enforcement going on, many people I see are more ignorant,offensive and selfish than they were before PC was a thing.

            What really curtails offensive behavior is ostrasization i.e. the group that the offensive person is a member of excludes them until their behaviour conforms to the group's standards. That PC has been destroying the traditional identity groups and replaced them with nothing is the reason it is just another example of woolly thinking. People like to be with groups they identify with and pretending everyone is the same means that everyone is alone amongst strangers and there is no standard of behaviour to conform to. This leaves only the non-PC groups and they are the ones that needed the change in behaviour in the first place.

            Now we have buy you way out of living with people you don't like, they are all PC on the surface but silently disappear if their ghetto is invaded along with behaving as badly as they like like when their group is not watching. PC has created more intolerance that ever but it is hidden behind affluence.

  6. Kevin McMurtrie Silver badge

    Exercise stack to avoid everything living in registers

    https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/diff/?h=usercopy-v4.15-rc1

    https://github.com/torvalds/linux/blob/master/drivers/misc/lkdtm_usercopy.c

    I had forgotten how much I really hate other people's C code. I'd be screaming and cursing too if I was a Linux kernel developer.

    1. ThomH Silver badge

      Re: Exercise stack to avoid everything living in registers

      But what are the good kernel-language alternatives? I love C++, I'm just not sure about the other twenty or thirty languages I see people using that apparently also are C++.

      1. detuur

        Re: Exercise stack to avoid everything living in registers

        Have you heard of our Lord and saviour Rust

        1. diodesign (Written by Reg staff) Silver badge

          Re: Re: Exercise stack to avoid everything living in registers

          IN RUST WE TRUST

          sorry, I mean...

          match lang

          {

          Rust => Some(Trust),

          _ => None

          }

        2. Anonymous Coward
          Anonymous Coward

          Re: Exercise stack to avoid everything living in registers

          Judging by the rate of progress made by Redox (https://www.redox-os.org/), I'd say that Rust has got to be a really good candidate. I'm not suggesting that Redox is finished / superior / etc, but their rate of progress is pretty good I think.

          My hypothesis is that with the Rust compiler making sure that one hasn't committed any memory sins, one does not spend endless hours looking for memory related bugs. It's quicker to fix compiler errors than track down bugs at runtime. Consequently there's more time for programmers to worry about things like data validation, functionality, etc.

  7. Brian Scott

    Linus Torvalds is a f*cking moron?

    Security works by having multiple layers. It protects you against accidents and malicious attacks.

    Subroutines should check their arguments. You can call this a security thing or you could call it just being careful of other code having bugs. Personally I don't care which but it's good coding practice. Now it is possible to just say fix all the buggy software and then you'll never need to validate arguments but I've never heard a competent programmer advocate that. Call it security in depth.

    Now I will admit that you have a problem when it's the kernel checking it's own behaviour because things can get ugly when it shoots itself. These things need to be well thought out and tested. That doesn't mean it shouldn't be there.

    It's lucky most projects don't have project managers like Linus Torvalds. This sort of behaviour is not how you get the best out of people. It is bullying behaviour that shouldn't be tolerated anywhere in this day and age.

    1. Dazed and Confused Silver badge

      Re: Linus Torvalds is a f*cking moron?

      > This sort of behaviour is not how you get the best out of people.

      It can work well with teams of good people who respect your ability.

    2. macjules Silver badge

      Re: Linus Torvalds is a f*cking moron?

      +1 as I agree with your sentiment. There are ways to get your point across but using profanity usually results in people not taking you seriously.

      1. Paul Crawford Silver badge

        Re: Linus Torvalds is a f*cking moron?

        In the ideal world you would be nice and polite to everyone, all of the time.

        In reality, you get some people who just keep coming back with bad ideas again and again and it sometimes takes a loud outburst of rudeness to make them actually listen (but systemd seems to be an exception...).

        In this case it seems Linus' point is the kernel should not kill itself on events that could well be simple user bugs, and that seems reasonable - kill the buggy requesting process instead.

    3. hammarbtyp Silver badge

      Re: Linus Torvalds is a f*cking moron?

      Now it is possible to just say fix all the buggy software and then you'll never need to validate arguments but I've never heard a competent programmer advocate that.

      Ever heard of design by contract?

      1. Anonymous Coward
        Anonymous Coward

        Re: Linus Torvalds is a f*cking moron?

        "Ever heard of design by contract?"

        I did. The contract that says "Get this done by monday or you won't get paid."

    4. wallaby
      Meh

      Re: Linus Torvalds is a f*cking moron?

      I see 16 upvotes and 43 down to this so far

      now I see why when questions are asked in Linux forums they are answered with abuse by the penguinistas

      And people wonder why its never the year of Linux on the desktop

      1. CrazyOldCatMan Silver badge

        Re: Linus Torvalds is a f*cking moron?

        now I see why when questions are asked in Linux forums

        1. You didn't ask a question.

        2. This isn't a linux forum. It is, however, full of people who know a lot about computers. And development. And how not to do things.

        3. The majority of whom disagree with you.

        Maybe you might like to take some time to understand why.

        (And the majority of people who get flak in linux forums tend to ask questions that a 30-second web search would find the answer for. As in "ask a forum in lieu of thinking for themselves". Which gets annoying really, really fast)

        1. wallaby

          Re: Linus Torvalds is a f*cking moron?

          1. You didn't ask a question.

          Well spotted I didn't - and nor did I say I did.

          2. This isn't a linux forum. It is, however, full of people who know a lot about computers. And development. And how not to do things.

          I know it isn't, my grasp of English is capable of understanding such things. With regards how not to do things it would seem though that some do not seem to understand how to relate to other people in a civilised manner.

          3. The majority of whom disagree with you.

          And they are welcome to do so - I have no issues with being disagreed with at all, I do have issues at times with the answers and attitudes to questions I have asked in the aforementioned forums.

          What does get annoying really really fast is unwarranted abuse, I totally agree with the asking questions that can be googled in 30 seconds - pisses me off also, my posts in the forums have been far from easy - the first being about virtualising a Win95 installation (linked to a GC) that I was having issues with onto a Linux box - all I was greeted with (as is common when Microsoft is mentioned on here as well as the Linux sites) copious amounts of diarrhoea as to why I would dare to do such a thing..... its easy when to tell when its about to start - the M$s start appearing.

          Funny thing is, you never get the same crap in Microsoft forums, plenty of idiots saying it must be a virus, or other inane comments, but on the whole no abuse - not even when its a question that can be answered by a quick search in 30 secs. Seems to be something about the mentality of some of the penguin community (the chief wrangler being one of them) that being an arse seems to be tolerated and occasionally lorded.

          I use Linux, I like Linux, Id never install it at work purely because of the attitude of some on the forums.

          Note - I said SOME users. If you find offence at that ask which camp you fall in.

      2. HieronymusBloggs Silver badge

        Re: Linus Torvalds is a f*cking moron?

        "And people wonder why its never the year of Linux on the desktop"

        Do they? The thing that's wrong with modern Linux is all the shiny new "year of the desktop" stuff creeping in and wrecking what was once a good server and workstation system.

        1. shawnfromnh
          Linux

          Re: Linus Torvalds is a f*cking moron?

          The reason they want to do this is because they want the world to use Linux and say screw Microsoft and Apple and their crappy user environments. Hell I'm getting a girl at work to allow me to install Mint Cinnamon on her computer because her kids keep giving it viruses by installing crap they never should but linux would be much safer for her and with a 30 minutes reinstall vs 3 hrs with windows it a win/win situation and Linux is so much faster and more stable and she won't have her computer just die with an update since mint only allows safer updates to new users. Hell we should applaud the new users and realize that when businesses start using it more there will be more contributions for development and projects. Hell if they are even small contributions they add up quickly if there are millions of them coming in. We should all be happy that the world can now easily use Linux and maybe out of them millions of new users many might actually start to become programmers and developers after they start using Arch and Fedora and maybe even Gentoo and become the new people making Linux better and more secure and overall more accepted.

      3. Kiwi Silver badge
        FAIL

        Re: Linus Torvalds is a f*cking moron?

        now I see why when questions are asked in Linux forums they are answered with abuse by the penguinistas,

        You'd prefer the "Help, my computer isn't powering on! No lights, no noise, nothing!"...."Oh just do a system restore from the control panel" of the windows forums?

    5. Lotaresco Silver badge

      Re: Linus Torvalds is a f*cking moron?

      "It is bullying behaviour that shouldn't be tolerated anywhere in this day and age."

      And that is just one of many things that is wrong with this day and age.

      1. shawnfromnh

        Re: Linus Torvalds is a f*cking moron?

        Exactly, unless you like producing crap and having people not realize how crappy they are at work you need to be able to communicate that in whatever language is necessary and it's not bullying if its words because words are just words and unless the person is a total snowflake "not a real adult mentally and emotionally but still a child" then the comments will be realized as constructive criticism and the next step is canning their ass and there are many in the work force that are just shit at their jobs and I used to be one till I decided to buckle down and be more proactive with myself and make sure I earned my pay and took responsibility for my screwups and learned from them instead of blaming the person for telling me I'm a fuckup and then I started being a great employee instead of someone taking money for doing crap work or screwing up all the time and wasting time on the company dime, basically at 40 I grew up.

        1. This post has been deleted by its author

    6. CrazyOldCatMan Silver badge

      Re: Linus Torvalds is a f*cking moron?

      Security works by having multiple layers.

      And I'm sure he agrees with you. What he was getting annoyed about was 'security' types deciding for themselves how kernel interactions should happen and then expecting everyone else to fall in with it.

      Very much like DedRat does with systemd.

    7. a pressbutton

      ... most projects don't have project managers like Linus Torvalds.

      ... most projects are not Limux

      Projects (should be)

      -carefully scoped - Linux over it's life has not been - no 'write an OS' is not a scope

      -timebound - and a release cycle isn't due out on a date that is known at the beginning of the cycle - there is no early/late

      -has a budget - linux does not pay its developers.

      Arguably this is not a project at all in the sense many of us think.

      The prime resource constraint is Linus' time and so it is not surprising if he seeks to maximise the value of his time by not communicating with morons.

      - or in other words increasing the cost of stupidity, after all he cannot remove Kees Cook from the project, or cut his pay.

      and it helps that Linus is right.

      1. patrickstar

        Re: ... most projects don't have project managers like Linus Torvalds.

        Most Linux kernel developers are in fact paid to do so*. Just that it's typically not Linus who pays them.

        Many work at RedHat, IBM, Intel, etc - or Google like Kees Cook. This is literally his dayjob, not something he is fiddling with as a hobby.

        * Well, probably not most in terms of total number of contributors. But definitely in terms of total lines of code.

        1. a pressbutton

          Re: ... most projects don't have project managers like Linus Torvalds.

          they may be paid by work on the kernel

          but they are very definitely not doing what linus would want them to do

          if you were buliding a house and someone rocks up and tells you the doors(*) should be somewhere else and then moves some of them as an example for free to a place you don't want them, and the act of moving fscks up the plumbing - and it is clear you know that and do it anyway - would you say

          a) how interesting, but not for me

          b) GTFO

          _even if it was free_

          you are not just wasting Linus' time, you are wasting all the other kernel developers time and brain capacity as well.

          (*) resisted chance to say windows

    8. Kiwi Silver badge
      Alien

      Re: Linus Torvalds is a f*cking moron?

      It's lucky most projects don't have project managers like Linus Torvalds. This sort of behaviour is not how you get the best out of people.

      And yet it seems that devices using software he developed outnumber devices using the same class of software developed by everyone else. Guess he got something right in his people skills if he was able to get enough buy-in from the world to make that happen.

      It is bullying behaviour that shouldn't be tolerated anywhere in this day and age.

      Pot to kettle : You're black. Over.

      (IOW, check your own post for "bullying behaviour that shouldn't be tolerated anywhere")

    9. PaulFrederick

      Re: Linus Torvalds is a f*cking moron?

      fuck off

  8. Wilhelm Lindt

    Design

    The "security problems are just bugs" attitude is a tacit admission that they'll never be treated as [products of] design defects, and that the security posture of the kernel will be crap as long as there are humans creating new bugs anywhere in the codebase.

    1. Dazed and Confused Silver badge

      Re: Design

      > design defects

      are a class of bug

      1. Wilhelm Lindt

        Re: Design

        >> design defects

        > are a class of bug

        This attitude is why software never stops getting worse.

        1. Paper

          Re: Design

          By all means, get on a plane that doesn't have systems in place to cope with design defects...

    2. patrickstar

      Re: Design

      This is Linus displaying exactly the attitude that many people (me included) have been complaining about for well over a decade.

      He is stuck in a 90's mindset when it comes to security.

      Back then it was a common delusion that we could somehow just fix/avoid all memory corruption bugs and introducing mitigations (even from the start with the very first implementations of noexec stack, what later expanded to DEP) was seen as somehow being "impure". Most people have advanced since then, but apparently not Linus.

      He has grudgingly accepted SOME mitigations due to outside pressure, but clearly he hasn't understood why they are actually needed or why lots of work remains to be done.

      What others have realized is that there are always going to be bugs in this kind of software. Some of them will turn out to be exploitable security issues. Even if you somehow magically fix all of them at

      some point in time, new ones are going to be introduced.

      And the proper mitigations can be very, very effective at preventing exploitation. Sometimes you can kill entire bug classes. Other times it makes exploitation less reliable ( == more likely to draw attention due to stuff crashing), more complex ( == raising market prices for exploits thus reducing the amount of attackers having access to them, and making the rest less likely to risk them against all potential targets) and/or require chaining bugs and thus requiring new exploits as soon as one of them is killed.

      There aren't less security issues in the Linux kernel now than say 10 years ago. This in itself should be all the evidence needed to conclude that exploit mitigations are needed.

      And yes, security issues are fundamentally different than other bugs. Not only because of their potentially severe (unlimited) damage, but also because how they should be dealt with. You shouldn't just fix them and move on. You need to actually learn from the past bugs to prevent introducing similar ones in the future and find those that slip by earlier.

      Now that we are living in a world where your adversary might very well be an intelligence agency with unlimited funding, and not just some random kid or criminal gang, proper software security - where exploit mitigations have an important role to play - is more important than ever.

      Though, Kees Cook doesn't exactly have a stellar record when it comes to kernel security work, so I'm sure this patch is crap for other reasons...

      1. Anonymous Coward
        Anonymous Coward

        Re: Design

        If that was really Linus's philosophy, he would never have allowed that horrible hackfest called SElunix to pollute the ecosystem.

        1. patrickstar

          Re: Design

          SELinux has little to nothing to do with exploit mitigation. It's an access control system. In the normal case, it doesn't stop someone from pwning the kernel and disabling SELinux - in fact, kernel exploits regularly do this.

          To be fair, there are some scenarios where a proper SELinux ruleset can prevent you from getting to the point where a kernel exploit can actually be executed, but it's not the main purpose.

      2. maffski

        Re: Design

        'Though, Kees Cook doesn't exactly have a stellar record when it comes to kernel security work, so I'm sure this patch is crap for other reasons...'

        '...explicit whitelisting...'

        Yay, now we have a new attack vector. If I can make you think I'm someone trustworthy then you'll unlock your doors.

  9. Marketing Hack Silver badge
    Linux

    Thank you Google Pixel Security Team, but...

    I'm pretty skeptical about the idea that something should be incorporated into the Linux kernel if it requires a fallback "break glass in case our whitelisting and rules bork your applications and processes".

    (Tux--because he's already flightless, so he resents being loaded up with unfinished crap.)

    1. Warm Braw Silver badge

      Re: Thank you Google Pixel Security Team, but...

      break glass in case

      Unfortunately, in most widely-used software projects there comes a point in which an unintended "feature" becomes a dependency for another piece of software. Further, you may not know what those other pieces of software are - and they may not know that they're relying on accidental rather than intended behaviour.

      If that unintended dependency is the result of code that exposes a security flaw, then what do you do? Perhaps you could redesign the code in such a way that it's both secure and bug-compatible, but that's likely to be a major change that requires more significant testing and may break something else.

      While in principle I'd be on the side of maintaining security even at the cost of breaking things, it does seem this particular instance is not necessarily the right approach: it's essentially trying to spot kernel bugs and assumes that the user process that encounters them is operating maliciously, termininating it. This doesn't seem like a great way of actually finding bugs in the kernel and risks breaking applications that are encountering them accidentally.

      The bad news is that the correct way to address the problems identified is probably a much more thorough review of memory management - and who knows what that might break...

  10. Anonymous Coward
    Anonymous Coward

    Did Google implemented it on its servers to test it fully and at scale?

    Anyway, looking at Linux fanboys and Google ones yelling at each other is fun....

    1. Anonymous Coward
      Anonymous Coward

      Re: Did Google implemented it on its servers to test it fully and at scale?

      woosh...

    2. teknopaul Bronze badge

      Re: Did Google implemented it on its servers to test it fully and at scale?

      I'm sure they earned their "works on my machine badge of honour".

    3. patrickstar

      Re: Did Google implemented it on its servers to test it fully and at scale?

      Does Google actually have fanboys? I thought it only had victims, i.e. those who have given up and surrendered to the almighty Google overlords.

      1. wallaby

        Re: Did Google implemented it on its servers to test it fully and at scale?

        "I thought it only had victims"

        same can be said of Linux - anyone who asks a question the penguin brigade think of as beneath them soon becomes one themselves. Looks like the wranglers attitude comes free with a Linux install.

        1. HieronymusBloggs Silver badge

          Re: Did Google implemented it on its servers to test it fully and at scale?

          "same can be said of Linux"

          If you don't like it, don't use it. Going on and on about it isn't necessary.

          1. wallaby

            Re: Did Google implemented it on its servers to test it fully and at scale?

            "If you don't like it, don't use it"

            I like Linux

            I dislike some of the penguinistas, and until they start acting like decent human beings and not a bunch of petulant children I will continue

            and it says SOME (which side do you fall)

      2. Tim Seventh
        Joke

        Re: Did Google implemented it on its servers to test it fully and at scale?

        "Does Google actually have fanboys? I thought it only had victims products, i.e. those who have given up and surrendered to the almighty Google overlords."

        FTFY.

        Are you one of Google's product yet?

  11. Jack of Shadows Silver badge

    Bugs

    Linux is correct, all security problems are the result of bugs. When the system under examination, i.e. combination of hardware and software, behaves in a manner which is undefined, or out of specification to be exact, you have a bug in either your software, hardware, or God forbid the combination of the two. My job as a software and systems engineer was to make sure that I constrained the Hell out of the system so that misbehavior couldn't occur undetected.

    Way back when I started as the librarian for the CompuServe Amiga Forums software libraries I was responsible for two things. One, let no virus through. Steve Tibbett's VirusX was usually good enough for that. The other was running the software on my systems with my development tools monitoring things as well. That would catch the cases where the programmer commited some sin of practice, or ommision for that matter. And, of course, I did the same for my work on either the Amiga or PC's at the shop. Didn't really need it but, just to be sure, I liked that kind of scrutiny of my work, too.

    Thankfully, Linus is doing his job too.

    1. ShelLuser

      @Jack

      "Linux is correct, all security problems are the result of bugs."

      The question though remains where the bug is located.

      If I write a malicious kernel module to exploit the system the physical, real, bug is located in my kernel module. But if this manages to exploit code which under normal circumstances works flawlessly.... then is the bug really just in my module or are there more?

  12. This post has been deleted by its author

  13. Anonymous Coward
    Anonymous Coward

    The fix - time to change the approach

    Assume all code is a black box and insecure.

    That is not an unreasonable starting position - since o/s patches come out regularly to close holes in the o/s code that have been there for years, each product gets update with bug fixes to close holes, and 0-day exploits are regularly found by fuzzers and other discovery tools.

    So if we start from that principle - All code that takes input is exploitable - we can look at treating this as a quarantine and control issue, rather than forever searching for a cure.

    So - logically - the solution is to observer BEHAVIOUR of the code during it's operation at all times. What does it normally interact with (processes & threads, other code, registry values, open application ports) and then BASELINE this as acceptable. Then if the code DEVIATE from this - by calling code it does not normally use, or making calls that are outside of the baseline, then QUARANTINE it.

    Holistically, this approach seems to make more sense than the endless whack-a-mole of fixing security holes in code, and placing the onus on the developers and sysops to chase round their estate endlessly trying to keep up with these, only to know for certain more bugs are still in that new release.

    1. BinkyTheMagicPaperclip Silver badge

      Re: The fix - time to change the approach

      Absolute bullcrap. The only way to do this would be to profile every code path, which isn't possible.

      The proper way is to design the program properly so it requests only the privileges it requires, and has a multi process design if distinct part of the program need different privilege. See OpenBSD's pledge().

  14. Mark 75

    Torvalds - yup not a nice man

    1. bombastic bob Silver badge
      Thumb Up

      "Torvalds - yup not a nice man"

      being "nice" is HIGHLY overrated. It usually gets you abuse from underlings, and disrespect from bosses.

      Being an ASSHOLE at the right times, and in the right context. usually works best. Smile MOST of the time, but it's always *HAMMER* *TIME* when the proverbial crap hits the proverbial fan.

      I think Linus masters this pretty well. Programmers who can't handle the "you F'd up" hammer need to get out of the business. Otherwise, where's the motivation to create a quality operating system without a bunch of UNNECESSARY CRAP in it?

      If Linus' motivation were narcissistic and/or exploitative, I'd be angry at him. But it's not. So he gets my BIG thumbs up!

      icon, for Linus being "not a nice man".

    2. Uffish

      Re: "yup"

      Based on the amount of very good software that Torvalds has freely given to the world he seems to be a sort of Santa Clause. Perhaps you don't like Santa Clause either.

      1. FrankAlphaXII Silver badge
        Joke

        Re: "yup"

        I dunno about you there guy, but I'm not a fan of Santa Clause.

        He gives all the deserving vampires and lawyers in the world blood, fat patent lawsuits, endless C&D letters, as well as bankruptcies and mergers and acquistions that unemploy thousands if they get together and sacrifice a virgin to him every year, which has become increasingly difficult as time has gone by but still happens often enough that neither the work, nor the blood has dried up.

        Santa Claus, the communist looking dude exploiting an elven horde and some flying reindeer in the Arctic, is okay. I mean who doesn't like free shit built on the backs of elven slaves?

        Santa Clause, however, is a injunction spewing bastard that only grants miracles to vampires and attorneys. He's also boning Santa Muerte on the side too.

    3. PaulFrederick

      Linus might not be a nice man, but we'll take him for what he is, a man.

  15. John Smith 19 Gold badge
    WTF?

    Google bod "It's brilliant, you have to include this, including the fall back mode"

    No he doesn't

    "Fall back mode" is a tacit admission you not done a good enough job in the first place.

    I wonder if people realize the "The kernel keeps running" is exactly the approach of IBM mainframes?

    User processes die. So what?

    An interesting side view was the Bell systems approach to the first digital PBX, ESS1. They wrote scavenger programs that patrolled the kernel data structures and redundancy into the data structures so that errors would be purged out and memory leaks would not occur.

    They indicated it found maybe 100 incidents a day but triggered a full blown reboot once every 4 years.

    Something to keep in mind?

  16. Pete 2 Silver badge

    inter-intelligence sex.

    > Some 'security people are f*cking morons' says Linus Torvalds

    Shouldn't they be stopped?

    1. wallaby

      Re: inter-intelligence sex.

      Maybe he means his partner is

      1. Kiwi Silver badge
        Linux

        Re: inter-intelligence sex.

        Re: inter-intelligence sex.

        Maybe he means his partner is

        Wow. For someone crying about the amount of alleged "hate" in Linux forums, you're sure pouring plenty of it into this thread!

        1. wallaby

          Re: inter-intelligence sex.

          Nah,

          just against c***ks like the chief penguin wrangler and those who follow his style of speaking to others - fair game in my books

          1. James Hughes 1

            Re: inter-intelligence sex.

            Which is classic bullying behaviour....

          2. HieronymusBloggs Silver badge

            Re: inter-intelligence sex.

            "just against c***ks like the chief penguin wrangler and those who follow his style of speaking to others - fair game in my books"

            Do as I say, not as I do, in other words. You make a valid point about some forum users, but then destroy it by using exactly the same type of terminology that you criticise others for.

  17. BinkyTheMagicPaperclip Silver badge

    Yep, Cook is an idiot.

    Enhanced security is a laudable aim, but breaking *anything* that's following the rules (and even some stuff that isn't) whilst doing so is not on.

    Certainly doesn't sound well tested to me, the most I'd want to include is some logging. If the number of whitelisted items is contentious (clearly it is, as they've missed some), run with logging for months to detect affected products, and definitely also include the ability to turn the protection off. There's far too much Linux software out there to be certain all cases have been caught.

    I appreciate the Linux Way is to throw New Shiny functionality in now, and worry about it being completely solid later, but avoiding kernel panics is quite important.

    1. TrumpSlurp the Troll Silver badge
      Alert

      Re: Yep, Cook is an idiot.

      Came along to post something similar.

      The sequence (from reading the article) seems to be roughly:

      You can do bad things with memory.

      I know, let's whitelist all the good things. Kill all the bad things. Safe now.

      Oops! Missed some of the good things. Never mind, here's a fall back mode. Fixed.

      {Whimper, grumble, not fair...}

      Linus - you fuckwit. If you are going to kill things using a whitelist then run it in debug only mode for a year to confirm your whitelist is rock solid. Don't kill first and apologise later.

      On balance I'm with Linus on this one.

  18. Anonymous Coward
    Thumb Up

    My thoughts on security...

    I don't see security leaks as bugs - they're more like an additional layer of positive open flexibility in an otherwise over protective API. They're a bit like trusting your kids to be out after midnight when they're 15. Sometimes the mollycoddling's got to stop. And trust and with transparency is always good: remember - a transparent cloud lets the sun shine through, and you can trust yourself not to need an umbrella.

    I really feel there's a consultancy job waiting for me somewhere.

    1. CrazyOldCatMan Silver badge

      Re: My thoughts on security...

      I really feel there's a consultancy job waiting for me somewhere.

      Hopefully - in sheep counting in the Outer Hebridies.. (sorry - evaluating population density on ungulate species in edge-case northwestern Scottish Island groupings)..

      Especially as you can trust that you most certainly will need an umbrella.

      1. eldakka Silver badge

        Re: My thoughts on security...

        @CrazyOldCatMan

        Hopefully - in sheep counting in the Outer Hebridies.. (sorry - evaluating population density on ungulate species in edge-case northwestern Scottish Island groupings)..

        That sounds like an extremely un-stressful job.

        I often dream of being a burger-flipper or production-line factory worker. As soon as you leave for the day, you switch off. Now I go home and have work shit runinating in the back of my mind, sometimes dreaming about it. Sometimes coming up with solutions while I'm at home out of the blue. Or worrying over the weekend if the work-arounds we put in Friday afternoon to get us through the weekend are doing that.

        I'd love a simple job, turn up for work, do my thing, day over go home. Nothing to worry about or stress about.

        As long as there is a decent remote locality allowance, I'd be up for it.

        1. Kiwi Silver badge
          Angel

          Re: My thoughts on security...

          I often dream of being a burger-flipper or production-line factory worker. As soon as you leave for the day, you switch off.

          I've done the production line stuff. For the most part, as soon as you arrive for the day you can switch off.

          But I found I spent a lot of time thinking how stuff can be improved, little tweaks to the machines I worked with to make them run smoother, use less energy etc, faster.. Which also pissed off some of the engineers because they didn't like some shitty little upstart coming along and pointing out that a thrust washer between parts "A" and "C" will remove the noise and 90% of the energy needed to turn part "B" when they'd been milking the company for overtime by having to constantly replace worn parts of the machine every few months.

          I also found plenty of time to worry about home life, family life, the future, the past, what my great-great-grandfather will think of his legacy when we meet in Paradise etc etc etc etc.

          On the whole, I think I'd prefer more technical stuff so long as I can leave it largely at work, or when I bring it home it's still interesting and not depressing. Which is a very rare job to find indeed.

  19. jms222 Bronze badge

    and you ?

    Some people that rip off UNIX kernels are morons too.

    1. Anonymous Coward
      Anonymous Coward

      Re: and you ?

      "Some people that rip off UNIX kernels are morons too"

      What are your own kernel designs based on?

  20. Anonymous Coward
    Anonymous Coward

    I looked up information regarding Kees Cook

    Can't say I'm surprised regarding Linus' ire at him.

  21. herman Silver badge
    Linux

    Aircraft Engine Example

    I explain these issues with a simple aircraft engine example:

    If the engine controller of single engine plane encounters an anomaly, it cannot simply throw an exception and shut down.

    Linux is used in embedded systems and there are numerous examples like the above. The OS has to be resilient and carry on working regardless of most/all errors.

    1. patrickstar

      Re: Aircraft Engine Example

      Actually, pilots do reset (read: power cycle by pulling circuit breakers) the computers in planes to resolve various issues as part of the standard checklists.

      But nitpicks aside - critical embedded systems (and not-so-critical as well) use hardware watchdog timers for exactly the reason that you can't trust the software to never, ever crash. Even if you had guaranteed 100% absolutely perfect software/firmware, there are still scenarios like voltage spikes, cosmic rays, slightly off-spec-components, etc that can cause random glitches.

      You'd never get something like an engine controller approved if it didn't have a proper hardware watchdog. And probably not if it was running a standard Linux, BSD, Windows, etc. kernel either. To start with, none of them are hard realtime systems.

      Arguing about the optimal behavior in a safety critical system isn't even a slightly bit relevant for a general purpose OS kernel.

      1. herman Silver badge

        Re: Aircraft Engine Example

        I got news for you: Linux is used in many airplanes, satellites, UAVs and missiles.

        1. patrickstar

          Re: Aircraft Engine Example

          Yes - but not for any of the hard realtime stuff. Linux is not a hard realtime kernel any more than say FreeBSD or Windows is.

          Typically for the smallest systems you don't reall have an OS, just a scheduler and some libs. Or something like VXworks which is just one step above that.

          For the larger ones you normally use a microkernel like QNX or Integrity RTOS. There's also RTLinux which is a (commercial) microkernel that can run Linux as a preemptible process. Integrity has some virtualization stuff as well that lets you run hard realtime stuff in one VM and Linux in another.

          There's the PREEMPT_RT patch for Linux of course which does improve the timing characteristics of standard Linux and is usable in some scenarios, but it's a far cry from a full RTOS. And you would definitely use a very custom kernel for that kind of task, so whether or not stock Linux is too kernel panic happy on certain errors isn't exactly relevant.

          1. PaulFrederick

            Re: Aircraft Engine Example

            Be more wrong. Linux is a hard real time OS. My fucking CNC machine runs Linux!

            1. patrickstar

              Re: Aircraft Engine Example

              If you think a CNC machine counts as "hard realtime", or that Linux is a "hard realtime OS", you obviously have no idea what the term means.

              You can even do things that are 'harder' than controlling a typical CNC machine (the specifics differ depending on the exact hardware in the CNC of course), like bitbanging various serial protocols, from a Linux driver/kernel module or even userland (see iopl(2) and the CLI/STI x86 instructions). This is not what constitutes a hard realtime OS:

  22. R3sistance

    Linus Torvalds is not a Security Expert

    Like him or hate him, I think it is plain to see that Linus actually doesn't get security. If you have a compromised Kernel, it needs to die, the moment you allow potentially suspicious code to run at the kernel level it is already game over.

    yes security should not allow suspicious code to get to the kernel in the first place but saying you shouldn't have security at every level because of that is brain dead scape goating. The fact is that software is very complex, and there is always multiple different processes running from different applications and the vast majority of servers have more than one way to access them. relying on userspace to protect the entire system is never going to be a workable solution.

    Don't get me wrong, it should be tested but in this case Linus set himself up. He said it should not always be do or die and that the fallback was stupid and showed weakness when instead the fallback is the very feature of not having "do or die"...

    1. hammarbtyp Silver badge

      Re: Linus Torvalds is not a Security Expert

      If you have a compromised Kernel, it needs to die, the moment you allow potentially suspicious code to run at the kernel level it is already game over.

      If you look at most security specifications, for example IEC62243, the statement is that security of the system overrides everything, EXCEPT when security affects or overrides the safety of the system.

      So there are some situations when killing the kernel is a no no. for example if the linux kernel was controlling a turbine.

      In fact by allowing detection of malicious code to kill the kernel you are introducing another security flaw where someone could potentially bring down your system just by attempting to inject code into the kernel, even if y=the code did nothing

      1. patrickstar

        Re: Linus Torvalds is not a Security Expert

        If you run hard safety-critical systems on a stock Linux kernel, you are in for a world of hurt anyways.

        As for false positives - with this kind of mitigation there are no false positives. If it's properly implemented, triggering it means there's a kernel bug and not someone joking around in userland. If the system continued to run without the mitigation, it was sheer luck, and you don't know for how long. Atleast in the case of copying TO the kernel. In the case of copying FROM, it's the userland process triggering it that's gonna malfunction instead.

        1. herman Silver badge

          Re: Linus Torvalds is not a Security Expert

          There are lots of critical systems using various embedded Linux kernels. Linux is very popular in military, medical and industrial systems. Anyone who is interested in military aerospace embedded work, have to learn Linux. I can tell you, but then I'll have to shoot you...

          1. patrickstar

            Re: Linus Torvalds is not a Security Expert

            Note: 'stock' Linux kernel.

            As in straight from a vanilla distro or whatever, with standard config and no customization.

        2. razorfishsl

          Re: Linus Torvalds is not a Security Expert

          Clearly you do not understand a thing about writing software.

          There will ALWAYS be false positives, because your system of checking is rule based.

          1. patrickstar

            Re: Linus Torvalds is not a Security Expert

            No. Have you even read the patch?

            This is not some signature-based engine to detect kernel exploits or whatever you seem to believe it is.

            What the patch intends to do is basically restrict copies to/from userland to the memory regions where it's valid to do so. (You do know what that sentence means, right? *)

            This is not something which is going to have "false positives" which randomly and unexpectedly shows up sometime in the future. If it's properly implemented ( == all relevant areas whitelisted) then if it ever triggers it's because of an actual kernel bug (== trying to copy outside that area, either intentionally or unintentionally). If you introduce a new potential area as part of adding some code and forget to add it, it's not going to randomly cause the computer to turn into a bomb later. It's going to crash the very first time, 100% of the time, that you try to run your shiny new code.

            It's not some fuzzy guess or Bayesian logic. Either an address is within those areas or it's not.

            The only scenario where you'd have actual "false positives" would be if the CPU ended up doing something other than what the code actually says due to some hardware issue, and that's obviously not related to the code itself.

            * Well, either you don't or you have a much wider definition of "false positives" than I do. Mine should have been perfectly clear from the mentioning of 'properly implemented'.

    2. Bronek Kozicki Silver badge

      Re: Linus Torvalds is not a Security Expert

      "If you have a compromised Kernel" ... then you have lost the game already and nothing is going to change that. For one thing, you cannot rely on kernel being able to detect the compromise (it is compromised, hence untrusted already).

      The only thing you can do is to make the post-mortem easier, and killing the kernel will likely have the opposite effect.

    3. Tim Seventh
      Devil

      Re: Linus Torvalds is not a Security Expert

      "If you have a compromised Kernel, it needs to die, the moment you allow potentially suspicious code to run at the kernel level it is already game over."

      Introducing the Windows 10 auto-updates! Where it just updates anytime anywhere as long as MS says so. Using your Windows for analysis? Windows Update! Using your Windows for overnight work? Windows Update! Using your Windows for online game? Windows Update!

      you can almost not feel the heat from the users' complaints. /s

    4. PaulFrederick

      Re: Linus Torvalds is not a Security Expert

      It is plain to see that you don't get computers. Machines need to run. They can't stop for anything. Maybe they're getting exploited, maybe you'll figure it out someday. But as long as they're still doing the tasks they've been assigned that's going in the right direction. Now put on your big boy pants.

      1. patrickstar

        Re: Linus Torvalds is not a Security Expert

        So, let me get this straight - you seriously think you are better off getting compromised than the system crashing? What if the attacker grabs all your data, wipes the disks, and then crashes the system anyways? The potential damage from an intrusion is unlimited - the potential damage from a crash is limited and manageable.

        And why do you think there even is a concept of 'kernel panic', the BUG() call in the Linux kernel, etc? Sometimes the system simply can't continue.

        What if a something has corrupted random memory, for example? This could include disk buffers so it ends up writing garbage to the disk.

        Or what if it just enters one of the many possible weird twilight states where things just fail at random? Try troubleshooting that at 3 AM - I have, far too many times, and would certainly prefer a kernel panic any day.

        Still think it's preferable to keep running? If so, are you by any chance utterly insane?

        And I take it you haven't read the patch and understood what it does? The kernel would be very likely to crash shortly afterwards anyways if the type of bug it's meant to detect is triggered. If anything having a deterministic crash with a known cause would make post-mortem debugging a lot easier and thus help avoid crashes in the future...

        And Mom says I can't have big boy pants yet :-(

    5. R3sistance

      Re: Linus Torvalds is not a Security Expert

      Great.. apparently people really don't read full posts, I mean like the last line I wrote noting that indeed it should not always be do or die and that the FALLBACK was the feature to removed do or die, something Torvalds himself then criticized.

      Also one has to also worry about what effect compromised code would have on a Turbine or Military hardware to begin with. Lest not fear the potential of a nuclear launch device being compromised?

  23. Unicornpiss Silver badge
    Alert

    Can't disagree..

    Anything whipped up on short notice that can potentially destabilize the OS kernel needs some thorough vetting before being released, "fallback mode" or not.

    Otherwise, frankly, the Linux community will start experiencing the joys that Windows customers have lived with for years, basically the user and business community being their beta testers and the "out the door now, we'll fix it later" mentality.

    All that said, and while I think Linus is a very bright guy, I don't think I'd want to work for or with him--I work in a toxic enough workplace already. Truly though, if Linus ever decides he's done with the project, passes on prematurely, etc., I'd expect the whole project to founder a bit, similar to the drop in quality at Apple when Steve Jobs passed away. He does keep things on track, whether you agree with his methods or not.

    1. Donkey Molestor X

      Re: Can't disagree..

      > Otherwise, frankly, the Linux community will start experiencing the joys that Windows customers have lived with for years, basically the user and business community being their beta testers and the "out the door now, we'll fix it later" mentality.

      Hahahaha! You think Linux users aren't already involuntarily deputized testers? Try installing a new kernel update the day it comes out on a (hopefully not production) server. Watch all kinds of shit that you never thought could break suddenly break.

      Screaming swears at your scurrying minions like Linus is NOT a software development lifecycle.

    2. Kiwi Silver badge
      Boffin

      Re: Can't disagree..

      All that said, and while I think Linus is a very bright guy, I don't think I'd want to work for or with him--I work in a toxic enough workplace already.

      Every few months we see a story where someone has royally screwed up with security (most commonly Pottything and his ilk I believe, ICBW) or something else that "breaks userland" and/or causes significant kernel issues, and Mr Torvalds lets loose at them.

      What we never see is how often he praises good work, or even if he praises good work. I guess "Linus says 'Well done'" isn't as entertaining as "Linus says 'F*cking morons'" in a headline.

      [caution : wild tangent follows]

      I've let off at underlings at times, and I've been the underling the boss has been unloading on me (deserved over a mistake that cost the company at least a full days productivity and several $thousands - c/w with another time as a junior I followed instructions as best as I knew and it took 3 of us 5 days to clean up the mess - no telling off because I did what I was told but was not warned of a "gotcha" that got me).

      People who do consistently good work don't get told off often. Maybe they get praise, maybe not (after all a good quiet worker sadly gets less notice than a not-so-good worker). Sometimes they make a mistake and get a mild chastising, sometimes we make a costly mistake and the boss, being human, is so hurt and/or angry that they cannot help but let go.

      And sometimes they get so sick of seeing the same stupid mistakes...

      I've worked in toxic places, and I've worked in places where the boss gets shouty and sweary when you make a significant mistake or repeat a certain level of mistake. The two are not the same, and toxic places don't tend to last long whereas "shouty+sweary when deserved" places can last quite a while. The boss of the last one I was at is still a good friend, even though I was one who got shouted at the most (but then I also spent the most hours on site and had the most technical jobs ie most chance for mistakes)

    3. anonymous boring coward Silver badge

      Re: Can't disagree..

      I'd love to work with him. I'd tell him to shove it up, if we disagree!

      People are so thin skinned.

  24. teknopaul Bronze badge

    s/security/health & safety/

    Security researchers are like free-lance health and safety officers, loitering outside the office in hi-viz jackets and helmets wondering why their meeting with the boss was cancelled.

    Occasionally reminding staff around the ashtry that smoking is dangerous.

  25. Wolfclaw Silver badge

    Wonder if Linus can spare a few hours going of Windows code, should be good for a laugh how much he would strip out.

    1. Kiwi Silver badge
      Trollface

      Wonder if Linus can spare a few hours going of Windows code, should be good for a laugh how much he would strip out.

      I'd suspect "deltree" would make a significant portion of his work in that case...

      1. anonymous boring coward Silver badge

        sudo rm -rvaf /mnt/redmond_mscdev/windowssource

        1. Kiwi Silver badge
          Trollface

          sudo rm -rvaf /mnt/redmond_mscdev/windowssource

          I was expecting he'd be expected to use Windows tools to do the job.

          But now I write that I see the huge flaw in my thinking.. You cannot 'use windows tools to do the job'..... [now where's a bridge for me to hide under?]

          1. anonymous boring coward Silver badge

            You got my comment perfectly without me having to resort to human language!

            1. Kiwi Silver badge

              You got my comment perfectly without me having to resort to human language!

              Some of us sad bastards understand computers far better than we understand these weird "human" things.

              I keep filing bug reports with the Writer but He insists on showing me the tools to fix my own code so that the rest isn't an issue (especially as many of the issues are where my own very buggy code interacts with others and causes them to misbehave :) )

    2. patrickstar

      The Windows kernel is already very modular. Much more so than Linux in fact. It's basically designed as a microkernel (though everything runs in ring 0 for performance reasons).

      Plus, the code of the kernel itself is a LOT cleaner than anything in the Linux kernel. (Note that this does not apply to things like Win32k and some of the drivers - they are pretty hairy.)

      Maybe you should read both kernel sources and compare them before trying to be funny? Or at the very least Read The Fine Wikipedia Entry: https://en.wikipedia.org/wiki/Architecture_of_Windows_NT

  26. John Smith 19 Gold badge
    Unhappy

    For some reason Torvalds always reminds me of Gene Hackman in "Crimson Tide."

    "We are here to defend democracy, not to practice it."

    You may not like him but I get the sense you get a very clear of what direction he's going in, and what his priorities for Linux are.

    Having observed Microsoft at work when it comes to competition I could see it in some peoples interests if the open source Linux kernel was degraded, so people were discouraged from it and encouraged to move to peoples more proprietary versions.

  27. Anonymous Coward
    Trollface

    poke!

    I think I might submit a PR that puts a font rendering in the kernel, just to get a response.

    1. GrumpenKraut Silver badge
      Devil

      Re: poke!

      Too late, sytemd-fontrenderd already does that.

      1. CrazyOldCatMan Silver badge

        Re: poke!

        Too late, sytemd-fontrenderd already does that.

        And that, ladies, gentlemen, beings of fluid or no gender, small furry animals and picts grooving in a cave, summarises everything wrong with systemsd.

        1. GrumpenKraut Silver badge
          Coat

          Re: poke!

          Oops, please note that I made that up! Not that I'd be surprised if such functionality entered systemd.

          The one with all eight volumes of "The basics of systemd" in the pockets.

  28. Anonymous Coward
    Anonymous Coward

    If he doesn't like it why doesn't he write it himself?

    1. tim292stro

      He probably wants to have Thanksgiving with his family this week. Not everyone lives in a dark hole in some Google incubator... There's this thing called "outside" and "living" that doesn't require a computer ;-)

    2. eldakka Silver badge

      If he doesn't like it why doesn't he write it himself?

      That sentiment only works when what you have does/does not do something you want it to do.

      This is something that someone else has written themselves, and they are quite free to put it in their own fork of the kernel. However, they are trying to foist it onto the mainline Linux kernel, and Linus has told em to eff-off with that. It isn't something in the existing kernel he wants changed therefore it's not a case of "should write it himself".

  29. Aodhhan Bronze badge

    Security has become a buzzword for non security groups.

    Linus.. first off, stop acting like you ran out of valium. Though I do get the emotion pointed towards certain developer factories.

    Security people don't care if you call it a bug, *uck up, mistake, etc. No matter what, it's a vulnerability which must be weighed and mitigated. Getting hung up on nomenclature is parochial and should be beyond any developer or engineer's list of important things to consider.

    Just because someone who has a long developer background or a degree in computer science and becomes a member of a security team, doesn't make them a true security person. He's still a developer or theorist who looks at things entirely different than an engineer who specializes in security.

    A true security engineer doesn't give a rats @** how you fix the bug, mistake, *uck up, etc. as long as the resulting vulnerability is fixed and can no longer be exploited.

    One last thing... when it comes to 'how it should be handled'. Don't forget... users (this includes some admins) are the true idiots. No matter how you develop something to become idiot proof... somebody somewhere will create a better idiot. So allowing 'buggy' processes to run, with the design of having the 'user' make the decision/choice of how to handle things, is actually worse than being an idiot.

    1. Uffish

      Re: " allowing 'buggy' processes to run"

      Allowing buggy processes to run could be called "graceful degradation". A lot of people really, really want that feature. They usually also want something that is so extremely well designed that it almost never becomes buggy in the first place. My money would be on Linus Torvalds' approach being the right way to (try to) achieve those goals.

      1. patrickstar

        Re: " allowing 'buggy' processes to run"

        The kernel would be pretty darn likely to crash if a bug like what this patch is targeted at would be triggered. This just crashes it in a way that doesn't turn it into a security vulnerability (plus simplifies debugging since it immediately tells a developer what's wrong and where the problem is, as opposed to crashing some random time later).

        1. This post has been deleted by its author

    2. Kiwi Silver badge

      Re: Security has become a buzzword for non security groups.

      So allowing 'buggy' processes to run, with the design of having the 'user' make the decision/choice of how to handle things, is actually worse than being an idiot.

      And when your car's computer goes into a kernel panic on the motorway due to a glitch in your entertainment system mishandling a corrupt MP3?

      1. patrickstar

        Re: Security has become a buzzword for non security groups.

        Those computers are totally separate, although there have been some interesting attacks where you can travel from the media center to more interesting stuff over the CAN bus.

        And with the possible exception of Tesla, no car runs Linux on the actual ECU. The ECU typically runs some custom OS - I think Bosch is the most common vendor.

  30. Lars Silver badge
    Coat

    Too many cooks

    The definition for "too many cook" according to "The free Dictionary" is:

    "Too many people trying to control, influence, or work on something, with the quality of the final product suffering as a result."

    Linus is well aware of that.

  31. Anonymous Coward
    Anonymous Coward

    Person V Person.

    Person 1 gets paid to do A, person 2 gets paid (or has a hobby/main career providing free software) to do B.

    A and B are not inclusive in all areas of importance.

    So, why not just call it out as "thanks for all the pull requests, but we have different priorities?" instead of calling people names?

    Though the "but don't' call me names" defence is often used when people are in massive companies they KNOW are being extremely cruel or exploitative of their customers, but the employee "needs the pay", presumably more than the customers do... (see EA etc).

    1. tim292stro

      Re: Person V Person.

      At the risk of responding to too many comments - when you are constructing a wooden building and you know you don't have the fire sprinklers installed, and you see one of the workers pouring gasoline on the wooden structure to burn out a hole from one floor to another to correct for a mistake in the floor - about the only rational response to that for everyone's safety is to dog pile that idiot before they light a match. Sure they'll feel ganged up on and made to look a fool, but they WERE being stupid, and the building will stay standing as a result of the intervention. Some people simply take the most expedient path to a "solution" for their myopic problem, without considering the collateral damage they can cause to the overall project. Confucius Says: Never use a cannon to swat a fly!

      1. m0rt Silver badge

        Re: Person V Person.

        "Confucius Says: Never use a cannon to swat a fly!"

        Confucius hasn't watched those Japanese monster documentaries then...

  32. EnviableOne Bronze badge

    Linus is protecting the kernel, and in Kees response you can see he accepts that.

    He as much says, i know its not ready, i'll go back to drawing board and bring it back when it is.

    If coders werent f*ing morons, XSS CSRF and SQLi would have been out of the OWASP top 10 by now. if

    your code makes the kernel panic its Sh*t code, so it aint going in Linus's kernel

    Admitedly he gets colourful, but he's been dealing with this for the last 15 years, and at some point, you have to start shouting or people dont learn.

    It might be just me, but most of the Finns I've met are a bit direct anyway.

    1. boatsman

      one thing.

      it not 15 years.

      I first got to know Linus in 1991. that is 27 years ago, my first kernel was 0.83

      by the time i finished downloading (z protocol, modem, fidonet :-) )

      they were on 0.84

  33. JeffyPoooh Silver badge
    Pint

    Has Torvalds read Gödel yet?

    I can't quite put my finger on it, but it seems like his unspoken (<- LOL) assumptions about correctness (nearly equivalent to 'completeness') haven't yet hoisted aboard the concepts embedded in Gödel's Incompleteness Theorem.

    A million years from now, I suspect that software will still have bugs and security holes. Inherently.

    That's my suspicion.

    1. Uffish

      Re: Has Torvalds read Gödel yet?

      I am wondering to myself what would happen if I had some reflex that shut down my brain every time my train of thought becme a bit corrup ¤¤##¤¤¤***¤¤¤

      .

      .

      .

      .

  34. jonfr

    Google has given up on Linux

    In the long run even Google has given up on Linux and they are now preparing on moving to their own micro-kernel operating system. I don't know when it is going to be ready, few years at least.

    I'll just install FreeBSD and use binary packages for KDE and such installs (easier) as it is for desktop. The attitude of Linus is a security risk on it's own.

    1. Anthropornis
      Linux

      Re: Google has given up on Linux

      Your system, your choice. But for kde you will apparently need unofficial ports to get kde5. Do you trust those porters ? I'm sure that kde4 has had security vulnerabilities, but less sure whether anyone has logged them and fixed them.

      Personally I loathe the overhead of kde, and all those static qt and kde libraries it pulls in (yes, I do build from source).

      But FreeBSD users usually insist their system is secure (like us linux users used to), so I'm sure everything will be fine for you.

  35. Paper
    Thumb Down

    Bad behaviour

    Hmm, doesn't bullying people kinda belong to the past century? If it were anyone but Linus, we wouldn't be excusing it.

    1. Kiwi Silver badge
      Trollface

      Re: Bad behaviour

      Hmm, doesn't bullying people kinda belong to the past century? If it were anyone but Linus, we wouldn't be excusing it.

      For some of the "precious little snowflakes" out there, even your post would count as bullying! (both the "belong to that past" snub and the implications behind "anyone but..."). Yep, probably not what you meant but it can be really hard NOT to trip over the lines that the PLS's and SJW's (are they actually different?) call "bullying".

      (And I suspect that, aside from the use of PLS and SJW, just calling your post "potentially bullying" falls over one of those lines as well!)

  36. ecofeco Silver badge

    Yet somehow...

    ...Linux is faster and more stable that the other two popular OS's.

    Maybe telling the idiots to shut up and shit down is the key? (of course it is. One does not suffer fools when it's one's own project)

    1. Kiwi Silver badge

      Re: Yet somehow...

      Maybe telling the idiots to shut up and shit down is the key?

      Probably better than telling them to shit up and shut down.... ;)

      1. PaulFrederick

        Re: Yet somehow...

        Anyone can take a piss on the floor. Be a hero and shit on the ceiling!

    2. PlinkerTind

      Re: Yet somehow...

      "..Linux is faster and more stable that the other two popular OS's..."

      What have you been smoking? Have you read what Linus Torvalds says about Linux?

      https://en.wikipedia.org/wiki/Criticism_of_Linux#Kernel_performance

      1. HieronymusBloggs Silver badge

        Re: Yet somehow...

        "What have you been smoking? Have you read what Linus Torvalds says about Linux?"

        He doesn't compare the Linux kernel with the "other two popular OS's" there. I suspect those suffer from the same problem.

      2. Kiwi Silver badge

        Re: Yet somehow...

        "..Linux is faster and more stable that the other two popular OS's..."

        What have you been smoking? Have you read what Linus Torvalds says about Linux?

        Yes, I see he is reported as being unhappy with the footprint of the Linux kernel.

        But where in that article does it say he believes it is slower or less stable than the other more popular OS's?

  37. tim292stro

    Personally, I understand and agree with Linus 100%. Adapting his comment to those users with a life full of experience in Windows, what he's complaining about is rather than an error log entry being generated for a problem, the outcome proposed is an intentional Blue Screen of Death (Windows equivalent of a kernel panic). So, YES, I would be absolutely LIVID if a developer came and told me that my machine should BSoD on me because they didn't test their code. There is value in putting out warnings first and collecting data to see if you've correctly constrained your new patches, rather than borking a bunch of systems you didn't consider, and having to "apologize" (emergency patch) later. Be unhappy with Linus if you want, but I think he's doing them (the Google team) a favor by aggressively ridiculing them now, rather than having their brand damaged as a result of their naivete in coding going public and becoming the target of everyone's ire as their formerly working products brick. Software should (as a first principal) be designed to survive coding mistakes, especially down at the base OS kernel level, since programmers are famous for making coding mistakes. You can't approach software security assuming everyone "got it right" at the outset, that is utterly stupid to assume, we know it is NOT the case.

  38. arctic_haze Silver badge

    I'm really shocked

    What kind of "security persons" creates a new non-patchable [1] DDoS vector?

    [1] Well there would be one way to patch it: pull the idiotic code.

  39. razorfishsl

    The guy is talking about changes that will kill the OS if something is not right,

    Then retroactively imposing it based on some arbitrary set of rules.

    Which then means if you have software that cannot be upgraded, you have to stick with the kernel before the changes, which is even more of a security risk, since exploits are already exposed.

    Linus may be wrong with his attitude, but I have seen this shit in nearly all big companies

    you get a stupid idea trying to be introduced, it gets stomped on softly, then the protagonist starts dragging in other cool aid drinkers and the stupid idea gets in via the back door to the overall determent of the business.

    The real problem is too many pussies and left wing metro-sexual thought processes, this is the development of a free world beating OS, collaborated on my millions, if the left wing pussies get a hold, we will be into naming code "mandella-way" , "black_subrotines_matter", or have 35 different way to name binary handling subroutines.

    1. Anonymous Coward
      Anonymous Coward

      I was with you until, sadly:

      The real problem is too many pussies and left wing metro-sexual thought processes, this is the development of a free world beating OS, collaborated on my millions, if the left wing pussies get a hold, we will be into naming code "mandella-way" , "black_subrotines_matter", or have 35 different way to name binary handling subroutines.

      Do you like to settling office arguments with a gun too? Pathetic..

    2. patrickstar

      This doesn't apply to userland. Obviously, userland stuff should never be able to kill the kernel.

      The only changes required are within the kernel itself - so unless you are a kernel developer you don't have to care one iota. And if you are a kernel developer, there are regularly breaking changes made between versions, so it's not like you could sit around twiddling your thumbs if it wasn't for this.

      If your code is in the mainline kernel, Kees Cook has already made any required changes for you.

      Userland code won't be affected in any way. It won't have to know anything about this and no observable behavior will change in any way (well, the kernel will panic in case it triggers certain kernel bugs, but it probably would have paniced regardless).

      1. Kiwi Silver badge

        If your code is in the mainline kernel, Kees Cook has in fact already made any required changes for you.

        And yet, Kees Cook wrote code that not only got him sworn at, but got him sworn at in a manner that made international headlines.

        I note Mr Torvalds isn't alone in his criticism. Even Kees Cook admitted it's probably not up to par and needs at least some re-thinking. Perhaps part of the issue is that it's forseen that there are circumstances where the "required changes" aren't made?

        1. patrickstar

          Probably. Cook is for all practical purposes an idiot when it comes to anything security related. I'd guess he just took the entire idea from Grsecurity and re-implemented it poorly without understanding the full implications... That's what he usually does when it comes to kernel hardening, atleast.

    3. boatsman

      what a shame.

      your post is accurate, apart from the left wing bullshit.

      this is from a left winger:

      you are right.

      This Linus thing has nothing to do with left wing. there is responsible folks, and there are irresponsible folks. you will find them in every camp / religion / sectarian outfit.

      Linus happens to be responsible.

  40. Anonymous Coward
    Anonymous Coward

    OOM-Killer anyone? I guess Torvalds regrets it?

    1. m0rt Silver badge

      OOM killer keeps the system going... The alternative should be what?

      1. patrickstar

        Most OSes don't even have an OOM killer, and yet they run just fine. It's an example of one of the many trade-offs that might very well be valid for some scenarios but reduce reliability in others.

  41. anonymous boring coward Silver badge

    It's no wonder Linus gets angry for real with morons like that trying to feck up the kernel.

    Wish someone at MS would shout and rant when they feck up things (rather than shrug their collective shoulders). At least Apple had Jobs to keep things on track.

    1. EnviableOne Bronze badge

      Jobs was the visonary it was Woz,Federighi,Forstall et all that made stuff work

  42. PaulFrederick

    Linus is right

    The bottom line is a kernel has to do one thing, that's run. Stopping for no good reason is unacceptable. If I wanted an OS that fell over so easily I'd run Windows. Believe me it'd be easier for me in so many other ways. After 25 years of doing what he's been doing Linus might just know a bit more about Linux than anyone else does too. Like why Linux has become as popular as it has. Because Linux runs! Let's keep it that way.

  43. kendoka53

    More BS from Linus

    You wanna know what really pisses off users? When they find out you've been intentionally sabotaging their systems for the benefit of State Actors.These kind of outbursts to reasonable requests strongly suggests to me that Torvalds and his team are compromised. And so is the Kernel. Methinks Linus doth protest too much, which is a predictable response when someone like Cook calls you out on your BS and whose criticism is on target.

    1. jake Silver badge

      Re: More BS from Linus

      So, kendoka53, out of curiosity who was it that told you to sign up to ElReg, just to post that obviously nonsensical comment?

    2. anonymous boring coward Silver badge

      Re: More BS from Linus

      "These kind of outbursts to reasonable requests strongly suggests to me that Torvalds and his team are compromised"

      Hilarious!

  44. boatsman

    what matters most: a working, stable kernel for the masses or softly massaged developer ego's ?

    to me it is Obvious that people like this mr Cook do not understand that they are toying with something that needs to work, no matter what.

    Linux is running our society. your elevator, your car, your aeroplane. your power grid, your gaspipes,

    whatever you can think of: some critical part is controlled by the Linux kernel.

    mr Torvalds is not insulting people, but he is very explicit about their actions when they are being irresponsible about the physical safety of millions / billions of people on this planet.

    that's all there is to it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019