Linus Responds To RdRand Petition With Scorn 566
hypnosec writes "Linus Torvalds, in response to a petition on Change.org to remove RdRand from /dev/random, has lambasted the petitioner by called him ignorant for not understanding the code in the Linux Kernel. Kyle Condon from the UK raised a petition on Change.org to get Linus to remove RdRand from /dev/random in a bid 'to improve the overall security of the linux kernel.' In his response, Torvalds asked Condon and the supporters of the petition to gain an understanding of Linux drivers and cryptography, and then 'come back here and admit to the world that you were wrong.' Torvalds stressed that kernel maintainers knew what they were doing and the petitioner didn't. Torvalds, in a similar outburst just yesterday, hoped that 'ARM SoC hardware designers all die in some incredibly painful accident.' This came in response to a message from Kevin Hilman when he noted that there were quite a few conflicts in the ARM SoC pull request for Linux 3.12 which were a result of the platform changes conflicting with driver changes going in to the V4L tree."
you have the source (Score:5, Insightful)
You have the source code, remove rdrand from the kernel yourself.
Re:you have the source (Score:1, Insightful)
That's the most obnoxious open source cop out there is.
At Least He Doesn't Throw Chairs (Score:2, Insightful)
This douche bag just wishes painful death on people who disagree with him. That is so much better. The guy may be brilliant and he may have created a wonderful thing for the world. But he is every bit the douche bag that Jobs and Ballmer have ever been.
Got your feelings hurt? (Score:5, Insightful)
The TFA makes it look like Linus went on full rampage mode and tore a insightful request down by being mean.
Actually reading his responses, Linus is pretty level headed and just says no, you can't have this.
Guess submitter got his feelings hurt?
Re:you have the source (Score:2, Insightful)
Note: I'm not saying it should be changed, just that the "change it yourself" line is ridiculously impractical for even people capable of coding the change properly. And worse for those who can't. Maintaining your own kernel tree over time is most certainly non-trivial by most peoples standards.
Re:you have the source (Score:4, Insightful)
Then if you don't understand how to make this sort of change, then you aren't smart enough to understand why you should or should not be using RDRAND it in the first place.
Linus an example of ... (Score:1, Insightful)
Someone who has no social skills but uses his persona to stay at the head of the ship.
In any other company, even if the owner, he would have been taken out to the parking lot and given a good hiding by every other employee.
Linux is a fantastic OS and has spawned a generation of users, programmers and eco system based on open source mentallity, it is just a shame such a social retard is allow to rant as he is.
Re:Got your feelings hurt? (Score:5, Insightful)
that is exactly what i thought. guy creates a lame picture with NSA and LINUX in it, comes up with a fascinating heading and uses yesterday's info from slashdot discussion to create FUD. if i were Linus, i wouldn't have bothered with such a long response.
Re:you have the source (Score:2, Insightful)
Not when it isn't a bug and the functionality desired is for yourself and not the planet. It's precisely the only response. Try getting Microsoft, IBM, Oracle or Apple to change their kernel to your tastes.
Re:At Least He Doesn't Throw Chairs (Score:5, Insightful)
Linus is funny while Ballmer acts funny. Worlds apart if you ask me.
Re:you have the source (Score:5, Insightful)
It's not a "cop out" at all. The party that manages the code doesn't want to remove a feature that there's no logical reason to remove. The petition was one sentence, linked to no debate, made no points and didn't even attempt to negotiate. It could have said, "Do it, because we say so." and it would have been just as informative. I think you need to look up the definition of "cop out", because the petition creators could have actually done something useful, and didn't.
Re:Linus an example of ... (Score:4, Insightful)
Its just a shame that morons like you value social graces over the ability to do real work. This is why companies fail, especially as they get better, playing well with morons is valued over the ability to get shit done.
Re:you have the source (Score:4, Insightful)
Not true... I have no opinion either way, but it's entirely possible to have a very good understanding of how semi-random numbers affect cryptography, and also of how rdrand generates them, without having the programming background to be able to safely remove it from the kernel. Crypto is about math, not programming, and contrary to popular opinion (apparently), the two do not always go hand-in-hand.
It's not as simple as just commenting out a few lines of code. As likely as not, if you were to simply comment out a few lines you'd actually introduce another bug which could be worse for security. The Linux kernel is arcane, and even experienced/good programmers avoid making modifications they don't have to. What you're proposing is he fork it, and make a new release of the kernel *every time Linux releases one*, in order to comment out a feature that may not have enough entropy to be suitable for crypto. (I don't know one way or the other, but I'm guessing you don't either).
Re:Linus an example of ... (Score:4, Insightful)
Someone who has no social skills but uses his persona to stay at the head of the ship.
Well, either that or his technical understanding, organisational skills and the respect of his peers for many a year.
it is just a shame such a social retard is allow to rant as he is.
Guess humour isn't your thing ?
Re:At Least He Doesn't Throw Chairs (Score:5, Insightful)
No, the guy who made the petition was way out of line for calling Linux "an approved partner of the NSA", and way out of his depth because he had no idea what the hell he was talking about.
Linus was just responding to an asshat, and went pretty easy on him.
Randomness not so random (Score:5, Insightful)
I have to admit I didn't know much about the controversy so I went and found some articles.
Here is an article showing some weaknesses in Linux's random generation: Analysis of the Linux Random Number Generator [iacr.org]
As reported by Bruce Schneier for this Wired article: http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115 [wired.com]
A petition? (Score:5, Insightful)
If you believe there's something broken in the kernel (or other open source project), you don't create a petition, you create and submit a patch. If you don't know enough or don't have the skills to create a patch, you're probably not qualified to criticize the implementation.
"Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge." -- Isaac Asimov
Re:you have the source (Score:5, Insightful)
No, it is not. Being unwilling to do something for yourself, and then demanding that others do it for you, to the point of trying to pressure them with a mass petition, is the most obnoxious cop out.
Excuses, excuses, excuses ! (Score:5, Insightful)
Maintaining your own kernel tree over time is most certainly non-trivial by most peoples standards
Some people just had to complain about every-single-thing, even if it's downright inane.
Open source is just that, you can read the source of the programs, and with the source, you have the options to do the following :
1. Determine if the program has any backdoor / malware embedded
2. Change/alter the source to your own liking
3. Learn from the code and perhaps in a latter day you might be able to apply what you have learned in your own program (and I am not talking about cut and paste)
If all the above are STILL not good enough for you, the offerings from Apple and Microsoft are always available.
Re:Why all the whining in the first place? (Score:5, Insightful)
It's getting increasingly difficult to label people tinfoil hatters given the way the NSA leaks are making even the most ardent paranoid conspiracy theorists look like they've vastly underestimated the problem.
Re:At Least He Doesn't Throw Chairs (Score:5, Insightful)
I'm with you on that. It seems like his sense of humour and his calling "a spade a spade" philosophy earns him a lot of criticism. I always argue that Linus is your typical purest. He's not there to please or appease. He's there to focus on getting things done right, in his own way, but as correct as he sees it.
I argue that because he's giving Linux freely to the world and with limited monetary gain that we can't chastise him too much about it either. What he's missing is something which I've learned through my own errors when dealing with people in the past. And that is, to deal with "the public" one must always do so with the softest possible touch. That's only if you're wanting to earn the minds of the masses mind you.
So I say. People who bag him with the whole "his attitude is appalling" type statements. Well, it sucks to be you because I think that you're just too much of a sook and you need to harden/lighten up a little. The people who condone the attitude I say "meh, you're probably a purest as well" because they wish to understand truth and wish to see what goes on in the Linus' mind just as I do.
As me for me. Truth be told. The day Linus actually starts acting like the rest of the PR sheep out there is the day I'd start to worry about crypto that NSA may of sneaked in to the Linux kernel. Until then. It's good to see him throwing out comments like "Deep throat Microsoft" and "You're ignorant". This kind of talk is indicative of when the internet wasn't populated by commercially driven cock suckers like Mark Zuckerberg abusing the word "hacker" and trying to pass himself off as "one of us".
So at the end of the day, who's really lost touch here?
Re:you have the source (Score:5, Insightful)
Re:Excuses, excuses, excuses ! (Score:0, Insightful)
Yep, screw the mainstream. We don't need 'em right? Keep them out of how cool geek club!
We should have a NO NON-CODERS sign like the NO GIRLS sign on your childhood clubhouse?
Re:Why all the whining in the first place? (Score:3, Insightful)
It's pretty easy to go look at randomness and test it you know.... and Intel's RNG has stood up to testing and scrutiny by a whole bunch of real security researchers, not just paranoid basement dwellers who see the NSA around every corner.
I don't think you quite get what the issue is, so I'll give you a little thing to try on your own time that might enlighten you a bit.
Write a small program that increments a counter from 0, in steps of 1, so 0, 1, 2, 3, 4, and so on. Trivial.
Then include a strong symmetric cipher, like AES.
Devise your own, very secret, key.
Apply AES with said key on your counter.
Collect enough AES-encrypted output to perform statistical analysis.
Note how it appears to be entirely random. Nice distribution of values. Compare the characteristics of your analysis to any strong PRNG. Observe the uncanny similarities.
Apply these findings to the *fact* that you cannot dissect the hardware PRNG in rdrand, and others.
Ponder the consequences.
Become slightly more enlightened.
You're welcome.
Re:Excuses, excuses, excuses ! (Score:5, Insightful)
Careless statements (Score:4, Insightful)
With stories of kids getting arrested and sent to jail for saying things like "I'm going to kill someone. Nah just kidding." he may be setting himself up for this. I can imagine U.S gov wanting to take that opportunity, with him being so prominent and open source operating systems possibly proving to be the only guaranteed escape from NSA eavesdropping.
Re:you have the source (Score:2, Insightful)
...let Linus do what he does best.
Act like a raving lunatic? He's doing quite well enough, no one's getting in his way.
Re:you have the source (Score:4, Insightful)
RDRAND is an instruction, just like "add these two registers" or "jump to this address". Of course it's still available to user space applications. The point is that you can specify that the OS itself should not use it for things like /dev/random. If a user space application wants to use it, there's not much the kernel can/should do about that. Apps can use pretty much any insecure random algorithm anyway.
Re:you have the source (Score:5, Insightful)
There is a huge difference between the skill set to maintain your own version of Linux, the skill set to program efficient code that does not break anything, and the skillset to understand encryption.
Re:you have the source (Score:2, Insightful)
If you'd bothered to read the comment thread in its entirety, you'd see that I posted, in quite plain English, that I have no opinion one way or the other about whether the instruction in question represents good crypto, because I don't know enough about the quality of numbers being generated.
The comment you're replying to was in response to somebody claiming that in order to disable the instruction entirely, you only have to pass an argument to the kernel. Clearly, that doesn't disable it entirely, as stated in the comment that he pasted into his own reply.
Of course, this being Slashdot, people don't give a shit about context, and reading is for the weak.
right, "cut their car brake lines" = level-headed (Score:1, Insightful)
The first bit regarding RdRand was inappropriate/rude, but the second half regarding ARM SoC developers most was beyond inappropriate without a doubt. He suggests twice that they're worthy of death, suggests specific methods of murdering them. Here's the bit the submitter didn't include:
"So if you see any, send them my love, and possibly puncture the brake-lines on their car and put a little surprise in their coffee, ok?"
Linus went out of his way to be nasty and insulting; it is not necessary nor acceptable to treat others in such a way. This kind of behavior has come up before here on Slashdot, and it is still immature, abusive, and mean-spirited.
Linus is exploiting his social status to bully others and I'm tired of people making excuses for it, particularly because he's in a leadership position and serves as a role model to many. The Linux dev community needs to stand up to language and behavior like this, or otherwise the message to young/new programmers they can/should act this way if they're successful enough, and if they're the target of such nastiness, the community will accept and condone it.
In general, I'm tired of excuses being made for bullies simply because they're valuable. Linus is no different from the varsity football star who goes around slamming people into lockers; a gorilla beating his chest. Were you ever bullied as a kid in school? Do you have a child in school being bullied? Remember how it made you feel? Yeah.
Re:Wow, he's so mature. (Score:4, Insightful)
Then he wonders why Linux adoption rate on the desktop is nearly zero.
Any soccer mom reading this will think Linux is an OS developed by some 12-year-old dumbass, and will obviously refuse to use it..
Yeah, definitely. I'd be surprised if this doesn't shift at least 30% of soccer moms over to FreeBSD or Haiku. Sure they might keep Linux on some of their servers, but their desktops are almost certainly going to be switched away from Linux. Well done, Linus!
Here's your debate (Score:5, Insightful)
It's not a "cop out" at all. The party that manages the code doesn't want to remove a feature that there's no logical reason to remove. The petition was one sentence, linked to no debate, made no points and didn't even attempt to negotiate. It could have said, "Do it, because we say so." and it would have been just as informative. I think you need to look up the definition of "cop out", because the petition creators could have actually done something useful, and didn't.
Okay then, lets fix this.
The NSA has compromised products and devices in the design phase - both software and hardware. We don't know which products are compromised or how, but we do know that some are.
Random number generators cannot be verified - it's a computationally infeasible problem. If the NSA has subtly tampered with a product, there's no way to tell from the outside looking in. You *might* be able to tell by looking at the generator source. (Note that the linux random number generator has at least one undocumented [factorable.net] source of entropy.)
There is no reasonable way to look at the source code/microcode of the rdrand instruction.
Additionally, there is no way to verify the underlying source of randomness of the rdrand instruction. There could be vulnerabilities on the silicon die.
The whole point of open source is that people can peek at the software and see what's going on.
Since there is no way to inspect the random number generator and no way to verify it's operation, it should not be used by default.
It's a security risk, plain and simple, and risk management should be up to the user. However small the risk is, forcing everyone to take it multiplies the chance that someone will get burned by it.
Here's your logical argument. If Linus wants to debate this, let him address these issues. Linus needs to show the premises wrong, or that the conclusion doesn't follow from the premises.
If he can't, then he should abide by the recommendation.
Re:Here's your debate (Score:4, Insightful)
Linus needs to show the premises wrong
Says who? You? Linux is Linus's ball. The global consensus is that Linus is doing a good job slamming the people with self entitlement issues that want him to do stuff for irrational reasons. If you want you can fork & make your own distrib. Submit a story to /. in 6 months telling us how that went, we could all use a laugh.
Re:right, "cut their car brake lines" = level-head (Score:2, Insightful)
Let me spell this out for you. I'll use small words.
There is a style of humor where one says ridiculous things, with the understanding that these things are so patently ridiculous that the audience can understand that the things are not meant literally. Often, practitioners of this style of humor will go really over-the-top, mostly because this makes the joke funnier but also to make it crystal-clear that it's a joke.
This is one such example. If I genuinely thought Linus was setting up a murder on the ARM SOC designers, I would be concerned and upset. If I even thought there was a culture of fear and bullying, causing the ARM SOC designers to be unhappy, I'd be concerned. As it is, I was amused.
I suppose you were also upset over his trash-talking of CVS and Subversion in his Git lecture? "The problem with 'CVS done right' is that it leaves you nowhere to go... it's impossible to do CVS right." I think I laughed out loud at that one, but Nervous Nellies on /. were wringing their hands over this horrible hatefulness.
Let me predict your response. "Oh sure, the brake-cutting thing is a joke, but it's a mean, hurtful, hateful joke that will make people feel bad." I have to disagree. It's so wildly disproportionate that it's impossible for anyone to take it seriously, and I can't believe the ARM SOC designers are going to really worry about it.
Also, even with over-the-top dark humor, there are lines one doesn't cross; and Linus hasn't crossed those. It is not funny to joke about murdering or raping someone's family, for example; it's not funny to make jokes that remind people of horrible real-world atrocities; it's not funny to use offensive epithets related to race, etc. Linus didn't go there.
Also, if one or more of the ARM SOC designers were to trash-talk Linus back, he wouldn't get all bent out of shape about it; he'd be amused. (The Linux kernel is nontrivial, therefore it has some dark corners that are ugly. Someone could poke fun at Linus over those.)
Now if you will pardon me, I need to get back to work. Some of these bugs are so bad I'm going to hunt down the coders and remove their livers with a rusty spoon.
Were you ever bullied as a kid in school? Do you have a child in school being bullied? Remember how it made you feel? Yeah.
I was bullied sometimes. Mostly it was words but it got physical at times. Not a fond memory.
This is not remotely similar.
Re:you have the source (Score:5, Insightful)
The random driver has changed significantly since July 2012, which is we were given a heads up about the paper described at http://factorable.net/ [factorable.net] which is also when I took back maintainership of the /dev/random driver. We gather entropy at every single interrupt, and mix it into the entropy pool. This is done unconditionally, you can't disable it, like what happened with the SA_SAMPLE_RANDOM flag.
The thing about entropy pools is that when you combine entropy sources, the result gets better, not worse. So the best thing would be if we had hardware random number generators sourced from China, Russia, and the USA. Since presumably the MSS, KGB, and the NSA mutually distrust each other, if we combine the entropy from those three soruces, the result will be stronger than any one alone.
This is why I don't recommend using RDRAND directly. Sure, an honest (emphasis on honest) hardware random number geneterator will always be able to source higher quality entropy than anything we can do by sampling OS events, such as interrupts. But the problem is it's hard to guarantee that a HWRNG is really honest. Especially given the Snowden revelations which seem to indicate the NSA has successfully leaned on at least one chip manufacturer. If you must use RDRAND, I'd recommend generating a random key via some other means, and then encrypting the output of RDRAND by that random key before use the resulting randomness for session keys, etc. Or better yet, do what we do in /dev/random, which is to mix RDRAND with other sources of entropy.
Re:you have the source (Score:4, Insightful)