back to article Linus Torvalds 'sorry' for swearing, blames popularity of Linux itself

Linux overlord Linus Torvalds has apologised – a bit – for calling some security-centric kernel contributors “f*cking morons”. Torvalds unleashed a profanity-laden rant at Google developer Kees Cook, over the latter's proposal to harden the kernel. Another Google security chap, Matthew Garrett, asked Torvalds: “Can you …

  1. Paper
    Thumb Up

    Good!

    In the related theregister.co.uk article I commented that this kinda of bullying behaviour belonged in the previous century. Pleased to see this apology, makes me think Linus is a good person at heart :)

    1. DasWezel
      Happy

      Re: Good!

      Personal goodliness is not correlative with software development ability. Jus' sayin'.

      1. Brewster's Angle Grinder Silver badge

        Re: Good!

        "Personal goodliness is not correlative with software development ability."

        That's swings both ways. Being an unstoppable wanker doesn't make you a good dev.

        1. Dave 126 Silver badge

          Re: Good!

          > Personal goodliness is not correlative with software development ability.

          ReiserFS?

      2. Cederic

        Re: Good!

        While neither correlated or causative, it's still nice to hear that one of the leading (and most influential) developers in computing history might not be a complete twat.

      3. Paper

        Re: Good!

        "Personal goodliness is not correlative with software development ability. Jus' sayin'."

        I don't recall saying it was ;)

        Dunno why so many peops are opposed to my comment. There's a difference between, "Do not even f!cking dare to commit such untested code again, I know you can do better than this!" and "You're a f!cking moron, you're work is a pile of etc".

        1. Anonymous Coward
          Anonymous Coward

          Re: Good!

          I know of at least one case where the latter would be justified (Poettering)

    2. SolidSquid

      Re: Good!

      Agreed, the follow up suggests he's actually considering the criticisms about his attitude and he provided a much better overview of what his issues were with it. As a result the security guys should be able to work to improve their work for the next release

  2. Lysenko

    What Torvalds (and historically, Microsoft) understands and many tunnel vision security researchers forget is that you don't break userspace. That's the starting point. Implementing a security feature and then retroactively checking whether you've broken existing software is getting the entire process backwards. As with the 18th Amendment[1], it doesn't matter how demonstrable the benefits are - if you're being cavalier with operational realities you're either doomed from the start or you have to proceed very slowly and incrementally, taking the user base with you every step of the way.

    [1] The (failed) American attempt to prohibit recreational consumption of alcohol because of the obvious benefit to overall public health.

    1. Michael Habel Silver badge
      Pint

      The deterioration of my 'Health', and 'Well-being', are both largely do the the appalling lack of Beer-O'clock. As Carlin once remarked HSIOW. And we still have another Two gruling Days till we get there...

    2. Teiwaz Silver badge

      So drink wasn't involved then? - Drink isn't involved now!

      [1] The (failed) American attempt to prohibit recreational consumption of alcohol because of the obvious benefit to overall public health.

      I thought the (failed) American attempt to prohibit recreational consumption of alcohol was the result of a wave of puritan religious evangelical fervour.

      1. Mike 16 Silver badge

        Re: So drink wasn't involved then? - Drink isn't involved now!

        More like anti-immigrant (Irish, Italian, German) fervor. "The right people" could get booze with no problems throughout. They could (and did) even get non-poisonous booze, unlike those who played whack-a-mole with the escalating "denaturant" efforts of the feds.

        All of which strays a bit afield of the Linux developer discussion. Sorry.

    3. Charlie Clark Silver badge

      The comparison with the US constitution is misplaced and not helpful.

      Security should have priority in development. If this leads to things breaking post-merge then there is a problem with the code review process. Something to which Linus is essentially admitting.

      1. Lysenko

        The comparison with the US constitution is misplaced and not helpful.

        The comparison was based on evangelical zealots, so determined to better the lot of their fellow man that they railroad through their bright, shiny, pristine vision of the future with insufficient consideration of whether the great unwashed will actually put up with the consequences of what they're proposing.

      2. paddy carroll 1

        The car would never have been invented if safety was the primary concern

      3. Anonymous Coward
        Anonymous Coward

        "Security should have priority in development."

        I interpreted Linus's commentary as stating not that security has priority, but that it is integral to development. A mechanism that kills stuff indiscriminately is operating in a fog.

  3. John Smith 19 Gold badge
    Unhappy

    Actually I'd have said not breaking kernal space was more important

    However a change that breaks working apps because the devs forgot to put them on a list is a fairly stupid design, especially when those apps are well know.

    1. Richard 12 Silver badge

      Re: Actually I'd have said not breaking kernal space was more important

      Any change that requires such a list is a bad, and usually completely broken feature, as no list of affected applications can ever be complete.

      Don't Break Userspace is a fundamental requirement of any operating system.*

      Don't Break Drivers is a secondary one that isn't quite as critical, but close.**

      *Apple break userspace on a regular basis. Bastards.

      ** Microsoft broke drivers in Vista. Look how that turned out.

      1. HmmmYes Silver badge

        Re: Actually I'd have said not breaking kernal space was more important

        In the last 20 years, MS have broken their DDK space multiple times.

        And the Socket API (WinSock).

        And their signing/cert management.

      2. DougS Silver badge

        Its really pretty simple

        If you are going to change behavior in userspace, especially if by "changing behavior" you mean the kernel will panic in cases it previously didn't or a process will get killed in response to something that may not even be a problem, the correct way to handle it is with warnings to the kernel log.

        Then kernel maintainers can collect reports and see which warnings are real (i.e. actual security issue) and which ones are false alarms, and adjust the code appropriately. Once you have it down to where you are sure the warnings only come for the real thing, then you can change behavior, because you know you are actually fixing something (i.e. closing a security loophole or simply fixing a software bug that was exposed by a process doing something it really shouldn't do but actually didn't want to do)

  4. naive

    Apology was not needed

    If "security experts" lived in de middle ages, they would end up on de same place as witches, since they bother people with harmful things nobody understands.

    So it is good Sir Torvalds stands strong as the sole guardian against the crap storm of feature creep nobody wants, nobody understands except the hackers and the ever present push from the "windows guys" to pollute Linux with bloat like systemd.

  5. Richard 22

    Linus' viewpoint on security

    Linux explained his reasoning a bit more here (in the same thread);

    https://lkml.org/lkml/2017/11/21/356

    1. Doctor Syntax Silver badge

      Re: Linus' viewpoint on security

      Thanks for that link, Richard. I think there are quite a few commentards who really should read and reflect on that.

    2. John Smith 19 Gold badge
      Unhappy

      "Linus explained his reasoning a bit more here "

      Indeed.

      And it's pretty pragmatic.

      TL:DR. Get the monitoring code in live installs. Collect data on rogue accesses and what's making them. Let it run a while. Then consider is it simple incompetence or actual malice.

      Torvalds occasional outbursts make great click bait but IRL I think it's because he doesn't suffer fools gladly and can't understand why this fairly obvious course of action isn't obvious to so many security types, other than not being able to see outside of their personal problem silo.

  6. Tigra 07 Silver badge
    Thumb Up

    You expected it...

    I for one welcome our sweary bathrobe-wearing Linux-loving Linus Overlord!

    1. Wensleydale Cheese Silver badge
      Happy

      Re: You expected it...

      "I for one welcome our sweary bathrobe-wearing Linux-loving Linus Overlord!"

      Haha. At first glance I read that as: "I for one welcome our sweaty bathrobe-wearing Linux-loving Linus Overlord!"

      1. Tigra 07 Silver badge
        Pint

        Re: You expected it...

        A sweaty Linus...Ooh err...

        1. Alistair Silver badge
          Windows

          Re: You expected it...

          ahh -- off to start a new distro called Sauna linux.

          The wayland driver will periodically fog over the display, reminding you to get up and dive in the lake.

  7. Tigra 07 Silver badge
    Pint

    Bathrobe optional

    If all the media can throw at you is that you swear a lot (but get results), wear a bathrobe in your own home, and shower later than some people, i'd say you must be doing something right.

  8. JakeMS

    Well..

    He may be over worked and he may on rare occasion every few years or so use a bad word here and there.

    But he always does one thing with regards to code: Uses His Common Sense.

    Which is surprisingly rare for people these days.

    Plus he is right in regards a security issue is still a bug. It's a bad bug, but a bug none the less. Fixing said bugs or coding in such a way that minimizes the likely hood of them occuring is better than coding around the bugs to allow them to exist.

    Plus kernel panic or shutdown on security bug being detected? That's a Denial of Service attack waiting to happen.

    Think about it, if you find one that can trigger it, and also if find another bug that gives you enough access to do it on remote servers? You could take servers down instantly for fun with minimal access.

    1. Sir Runcible Spoon Silver badge

      Re: Well..

      Fixing said bugs or coding in such a way that minimizes the likely hood of them occuring is better than coding around the bugs to allow them to exist.

      Whilst adopting a better mental approach is definitely desirable, I believe Linus was suggesting that it is the overall layered approach to the kernel design that would limit the damage that a single bug could do.

  9. Anonymous Coward
    Anonymous Coward

    A solution for Linus...

    What Linus needs is a good scrum master -- that will fix it. You can organize the open source community to do virtual stand-ups at 9am [you may need to shower before noon]. Hire 3 project managers for each contributor. Have "one on one" meetings with each every other day. Have each contributor add their progress to jira. Then Linus will be able to tell by the burn down chart when the next release will be. The open source community will probably need to hire an army of consultants to do scrum training and give out certificates at least once a year.

    --

    scrum must die.

    1. no-one in particular

      Re: A solution for Linus...

      > What Linus needs is a good scrum master

      Ye Gods, what an image! I thought the nightmares I had last night were bad, you've put that thought in my head...

  10. davcefai

    All is well, really.

    Linus pioneered not only a new OS but also new ways of developing and distributing it.

    "release early and often" was the mantra in the good old days. Users found the bugs and they were fixed - very quickly. If someone cannot cope with this they should wait to upgrade until other hardier souls, or people not running mission critical systems, found the bugs.

    Linux has been a dynamic and vigorous ecosystem. Linus found exactly the right formula to manage it. If the genes that made this possible are linked to others like sweariness then "ce la vie". Deal with it. Don't try to put ridiculous code into the system, and just grin and say sorry if you inadvertently do so.

    Which makes one wonder how in hell we got stuck with pulseaudio and systemd! :-)

  11. Anonymous Coward
    Anonymous Coward

    wait, what?

    Yeah, it's me. again. I hope the mods let this through, because I wrote this after-the-fact after I monologued it in the IT office, to much laughter and knee-slapping of my cow-orkers. Co-workers? Cowork-ers? What the hell is a cowork? And who the hell would ers it? Sounds suspect to me. The sort of suspect that requires darkness, a deserted alley, a $50 bill, and a confused hooker. *note to self*

    Anyway, I hope the censors give this a pass, because it's Thanksgiving, it's about Linus, and at least 2 other people at my job thought it was funny. Unfortunately, it's a tad strong-worded, obscene, and derogatory. Pretty much like any Linus outburst that makes the news. Forgive me, for I have sinned. I'll say my ten Hail Marys and slam my hand in the vestibule door five times. Amen. And I tried really hard not to type the F-bomb, but we all know Linus uses it a ton.

    *my personal idea of what goes through Linus's head. Alcohol may or may not have been involved in thinking this up*

    <Linus's Mind on the latest kernel-panic mess>

    ARE YOU FSCKING KIDDING ME?

    WHERE ARE MY SWIM TRUNKS?

    ARE YOU FSCKING MORONS? SURE, LET'S KILL *EVERYTHING* OFF IF SOMETHING MISBEHAVES! *THAT* MAKES THE USERS HAPPY! IT'S NOT LIKE THEY ARE *USING* THAT SERVER OR ANYTHING!

    WHERE ARE MY GODDAMN SWIM TRUNKS? FSCKING HELL!

    WHAT THE SHIT! YOUR CHANGE WRECKS SO MUCH SHIT YOU HAVE TO HAVE 'PLAN B' ON-HAND FOR IT!??!?! YOU WANT TO PEDDLE THE 'MORNING AFTER PILL' TO USERS WHO UPGRADE? DID YOU FSCK THEM THAT BADLY?

    WHERE THE FSCK ARE MY SWIM TRUNKS!??!?!?!??!?!?!

    JESUS-FSUCKIN-CHRIST-ON-A-POGO-STICK-FSCKING-MOTHER-MARY, WHAT PART OF 'THOU SHALT NOT BREAK SHIT' IS UNCLEAR, YOU FSCKING HEATHANS?

    maybe I already packed them.....let me check......

    CAN I NOT ENJOY A FSCKING VACATION AWAY FROM YOU INBRED, MOUTH-BREATHING, GLUE-EATING, SISTER-FSCKING, IGNORANT, GOAT-HUMPING, BANJO-PLAYING R&TARDS FOR EVEN *ONE* FSCKING DAY?

    GODDAMNIT I SWEAR I WILL STOP THE EARTH'S ROTATION UNTIL MY SWIM TRUNKS ARE FOUND! damn... do i even own swim trunks?

    *YES* *I* *AM* *A* *GOD*. Consider the fact that you're ranting about me on your android phone, or iPhone, they both run Linux. Being that it's thanksgiving and all, and your lazy ass isn't at work, working. Like you should be. Meanwhile, this God wants a private beach and a dozen Singapore Slings so I can forget about the dumbass shit the devs just did. Consider this a brief respite from my usual acrid retorts, because I'm relaxing in a chair, and lazily thinking up new retorts for you ret@rds that piss me off. Because you all are feeble minded and can't think things through. And you insist on pushing broken shit forward into new releases. Fix. Your. Broken. Shit. While I sit here drinking my drink. In my swim trunks.

    *HOLY CHRIST* *NO* DON'T COMMIT THE CHANGE YET. IT AFFECTS THE KERNEL, AND COULD CAUSE A SHIT-TON OF MACHINES TO KERNEL PANIC, YOU FSCKTARD! I'D KICK THE SHIT OUT OF YOU, BUT THERE WOULD BE NOTHING LEFT! OPEN SOURCE MEANS VOLUNTEER WORK, BUT YOU ACT LIKE YOU WANT TO GIVE EVERYBODY ROOT ACCESS BECAUSE YOU FEEL SORRY THEIR DOG DIED FROM HERPES THAT YOUR FRIEND'S SISTER'S COUSIN'S BROTHER'S FRIEND'S TWICE REMOVED (AND ONCE ADDED) COUSIN'S NEPHEW'S UNCLE'S ACQUAINTANCE'S HALF-STEP-INBRED-HILLBILLY-FSCKTARD'S, NEIGHBOR'S, BOSS', COW-ORKER'S, STRANGER-ON-THE-SUBWAY,LOCAL-NEWS-REPORTER'S,[IMAGINE FSCKTARD BLOGGER DOUCEBAG HERE] BLOGGER'S GAVE IT!

    I'M STILL WAITING ON MY SWIM TRUNKS DAMNIT!!! WHY DO I HAVE TO DO *EVERYTHING* AROUND HERE?

    [fin]

    Happy Thanksgiving to all, and I hope you got at least a chuckle out of this. I can just imagine Linus going the hell off due to missing swim trunks. And I'm glad my servers won't be kernel panic-ing over the Thanksgiving holiday. I hope.

    Wishing great holidays, non-stressful family visits, clean patches, and no insistent SMS from the server rooms to all!

    1. MartinBZM
      Pint

      Re: wait, what?

      Amen!

      Have a good one, everyone.

  12. Missing Semicolon Silver badge
    Happy

    Just read the wole thread

    .. I think I would have been a bit intemperate at that patch, as well.... :-)

  13. Sanctimonious Prick
    Alert

    My Thoughts...

    Linus is a Head short of a Phallus.

  14. shawnfromnh

    Fuck apologizing, if he finds a fucked up way someone approaches their job then they should get used to profanity till they start thinking on how an end user is affected by their bullshit. He was so right in the way he put them in their place that they will rethink what they are doing next time. Sure if you are fixing a big security hole you might go a little over board if that is being actively exploited but if they are just changing something because and overdo it then they need to see it from a user perspective like Linus is doing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019