Torvalds Wants Attackers To Join Linux Before They Turn To the "Dark Side" (eweek.com) 112
darthcamaro writes: People attack Linux everyday and Linus Torvalds is impressed by many of them. Speaking at the Open Source Summit in LA, Torvalds said he wants to seek out those that would attack Linux and get them to help improve Linux, before they turn to the 'dark side.' "There are smart people doing bad things, I wish they were on our side and they could help us," Torvalds said. "Where I want us to go, is to get as many smart people as we can before they turn to the dark side. We would improve security that way and get those that are interested in security to come to us, before they attack us," he added.
Admirable goal, but... (Score:5, Insightful)
This does not, however, mean we should not try. Also no reason to completely write off the dark-side folks, sometimes they see the light and come around.
Re:Admirable goal, but... (Score:5, Funny)
And sometimes they just cut your hand off using a saber made of "light".
Re:Admirable goal, but... (Score:4)
There are also a lot of "Dark Side" folks who have no real talent of their own. They can run scripts written by talented people and can cause a lot of damage, but if given the chance to break into a system without their pre-written scripts, wouldn't get very far.
Re: (Score:3, Insightful)
what purists should learn is that people get paid not for talent or programming skill but for solving problems. I own a business and it is great to have very talented people working for me but the people who get the highest pay (best reviews) are those who solve problems fast and move on. It is actually not useful to have someone re-invent the wheel just because they are talented or the wheel is close fit but not quite to what is required so start from scratch.
If someone will adapt the requirements or the s
Re:Admirable goal, but... (Score:4, Insightful)
..and what business owners must learn is that the best people who solve their problems are creative problem solvers that cannot be managed and metric'd like factory workers. Good engineers treated this way migrate to competitors who understand this.
'How' it's done is important too because it determines what's possible in the future. Half-assed 'right now' solutions often end up costing more money down the road. Shortsighted management like this has cost companies way more money than the occasionally overengineered solution (which was probably done in an attempt to avoid this 'firehouse' style management). A lot of this fits under #2 on your list, but also one and three as well.
Re: (Score:2)
But..."knows the how to produce outputs rather than worry about tinkering with how things work" is a very dangerous thing indeed. If you don't know how something works, how can you even possibly know you did the correct thing? It's logically imp
The Linux community attacks itself the worst. (Score:3, Insightful)
The Linux community attacks itself far worse than vague "black-hat hackers", Microsoft, SCO, or any other external force ever could hope to do.
Just look at the immense community disruption that systemd has caused. It's clearly unwanted by a lot of the community, especially the serious users like the developers and administrators who are responsible for running Linux servers and other critical Linux installations. Forcing systemd into Debian tore apart the decades-old community of what was once the most stab
Re: (Score:3, Insightful)
Re: The Linux community attacks itself the worst. (Score:1)
We need to stop Linux-on-Linux violence!
Re:The Linux community attacks itself the worst. (Score:4, Insightful)
The Linux community attacks itself far worse than vague "black-hat hackers", Microsoft, SCO, or any other external force ever could hope to do.
I don't think I've ever seen so much FUD in one post
Just look at the immense community disruption that systemd has caused. It's clearly unwanted by a lot of the community, especially the serious users like the developers and administrators who are responsible for running Linux servers and other critical Linux installations. Forcing systemd into Debian tore apart the decades-old community of what was once the most stable, reliable and trusted Linux distro around.
There would not have been a problem if someone hadn't stared a misinformation campaign a full year after Debian had already had an internal debate, weighed the pros and cons and went with systemd. Yes, there were growing pains, but theve all been pretty much ironed out by now and most people who do this for a living don't actually care. The distros who switched, haven't seen any loss of users because of it and life moves on.
Then there's GNOME 3, which has also caused a huge schism within the Linux community. It's pretty widely disliked, yet is forced on users as the default desktop environment by a number of the major Linux distros. While GNOME 2 eventually got to a point where it was mostly usable, we shouldn't forget that the GNOME project itself was initially founded for ideological reasons, rather than practical reasons, again splitting the community.
Some people disagreed about how things should be done and spent their OWN time on their own project so what's the problem? Some people preferred KDE and some QT.
It doesn't help that Ubuntu had been dabbling with things like Upstart, Unity and Mir for a long while, again splintering the community.
When harm comes to the Linux community, it's pretty much never some external force that's responsible. It's the Linux community turning on itself in one way or another. It's one set of Linux users attacking some other set of Linux users. The Linux community is its own worst enemy.
Most of that is fine.. Forks are actually a strength and not a weakness. People work on what they want work on and in some cases the forks learn from each other or just fade into obscurity and who are we to say what Shuttleworth is to spend his money on? Don't like it, don't use Ubuntu, it's simple.
Re:The Linux community attacks itself the worst. (Score:4, Interesting)
There would not have been a problem if someone hadn't stared a misinformation campaign a full year after Debian had already had an internal debate, weighed the pros and cons and went with systemd. Yes, there were growing pains, but theve all been pretty much ironed out by now and most people who do this for a living don't actually care. The distros who switched, haven't seen any loss of users because of it and life moves on.
Pretty sure that's not correct, I remember quite [slashdot.org] a [slashdot.org] few [slashdot.org] negative opinions before the decision was made that resemble the current criticism. In any case, if you're replacing a very old and familiar system that's not obviously broken with something new then you can be assured that most of the debate and the arguments will be made by the people who want change. Because you get like 20 years of "we want to replace X11" discussion they can't be arsed to follow and then finally, when the switch to Wayland is happening then you get the "OMG you're breaking X and I need it, stop that". A year later would perhaps be around when the first systemd-based distro version would be released, actually breaking things for users?
Re: (Score:3)
I recall having an absolute panic attack a the thought of Systemd from reading posts here on Slashdot and then going and looking into it myself and discovering it wasn't as bad as it's detractors made it out to be. Also, I think Fedora got to deal with the worst of the teething problems so there was only minor breakage when Systemd hit debian testing. I myself had a 5 minute hang that I eventually tracked down to a configured mount for a drive that I had previously moved. Later versions were more explici
Re: (Score:2)
There would not have been a problem if someone hadn't stared a misinformation campaign a full year after Debian had already had an internal debate, weighed the pros and cons and went with systemd.
That decision was made without consulting the userbase, which was overwhelmingly against the change. It was the wrong decision for multiple reasons, both technical and political. If the users are clamoring against it, and you do it anyway, you should expect the userbase to leave in droves. Also, literally half the Debian leadership was against the change, and it came down to a tiebreaker. The intelligent thing to do then would have been to table systemd pending addressing of concerns, but that's not what th
Re: (Score:2)
The user base was not "overwhelmingly against the change". Most users don't care one way or the other and again, most of the noise on the forums were people misrepresenting systemd's design and goals(ex saying that it was designed for the desktop when it was actually solving problems on severs), posting fake or already solved. or taking some forum post out of context.
Proof of all of this is the lack of adoption of Deuvian. If developers were so upset they would contribute to that instead of Debian, but th
Re: (Score:2)
No matter how many times I proofread....
"posting fake or already solved" should be "posting fake or already solved bug reports (even if the problem was solved months or even years ago)"
Re: (Score:2)
This is absolutely, 100% true, but also slightly different than the forms of attacks to which Linus is referring. I think that the attacks you speak of are incredibly destructive and are self-inflicted. External forces (proprietary vendors or otherwise) do cause great harm to the OS community by attacking its reputation for security. They use examples of attacks perpetrated by blackhats to "prove" that OS cannot/does not work. So, your point is valid and so is Linus'. Thank you!
Democracy is messy. Relish software freedom. (Score:5, Informative)
First off, you're using the word "Linux" as though that were an operating system [gnu.org]. Linux is not now and never was an OS, it was and remains an OS kernel. You can't run the software you use as examples if all you have is the Linux kernel. Secondly, democracy is messy. People start projects which other people don't like. But we're all free to start our own projects and include the free software we like. Nobody "forc[ed] systemd into Debian". Debian GNU/Linux decided to include systemd, and for a community that is still going strong you'd never know that Debian had been "tor[n] apart" as you claim.
Contrary to your way of putting it, the initial work behind GNOME was quite practical and, coming from the GNU Project, started in making free software more practical. GNOME was started because the K Desktop Environment (KDE) had nonfree dependencies, notably Qt which used a nonfree license until around mid-1999. Thus KDE was unsuitable for the GNU Project which aims to provide an OS which respects a user's software freedom (to run, share, modify, and distribute). A second project aiming to do roughly the same job as Qt was also started by the GNU Project (a Qt API-compatible project called "Harmony [wikipedia.org]"). Qt ended up being relicensed as free software and GNOME ended up being useful. So we have both KDE and GNOME today. Thus a pragmatic pursuit of software freedom, which you apparently eschew, was quite effective at delivering a modern GUI look-and-feel for users who want that (which, I'm guessing, would be most computer users).
"Splintering the community" is a natural outcome of software freedom just as people use their freedom of speech to express different and sometimes conflicting views. People try to work together to meet their needs but sometimes that just isn't possible. This kind of thing happens in science all the time; people with different ideas on how something works set out to investigate their hypotheses in parallel and sometimes we end up with multiple divergent theories and, over time, some convergence. When it comes to software development we should celebrate, not minimize or disdain the software freedom to express ourselves in such a way.
Re: (Score:2)
we end up with multiple divergent theories and, over time, some convergence. When it comes to software development we should celebrate, not minimize or disdain the software freedom to express ourselves in such a way.
Yes, this is why systemd is shit. You have to take it as a lump, it's not modular in practice like Unix software is supposed to be, nor is it interoperable like Unix software is supposed to be.
Re: (Score:1)
I don't like systemd (like some of the ideas but not how they are implemented), but outside of the Debian vote, I don't think there's been any community distruption other than some heated comments on message boards, and even that has died down due to people being dead tired of the same arguments put against eachother over and over again. All major distros are going with systemd, I believe eventually (perhaps soon if the developers keep
Re: (Score:2)
You [thegreatbob] stole my Subject: line! I shall now join the Dark Side and destroy you and all your Linux minions! Little disappointed you didn't do more with the angle, which probably won't prevent you from receiving some so-called insightful mods on today's Slashdot.
Actually, I wanted to approach the topic from the angle of possible solutions. However, if you remember me, you know I already think I have all the solutions, and in this case it's a better financial model for Linux. If you have the money to
Re: (Score:2)
Re: (Score:2)
My other response to your comment involves the scale of competition getting out of control. I think the underlying motivation to do evil is a failure to do good. I'm coming from the position that people are basically good, but you can motivate them to go in either direction--and public recognition is a powerful motivator. Because the scope of competition is so large now, people can't "succeed" anymore, so they go the other way, seeking to gain recognition for being bad. A hundred years ago, you might be the
Re: Admirable goal, but... (Score:2)
Re: (Score:2)
Re: (Score:2)
Unfortunately, it's far easier to destroy and harm than it is to create and improve... I doubt there are many among us who haven't derived some kind of pleasure from breaking something at some point in their lives. This does not, however, mean we should not try. Also no reason to completely write off the dark-side folks, sometimes they see the light and come around.
Lol....there are two very distinct mindsets - those that create, and those that destroy. Programmers/Engineers are good at the creating mindset while black/white hats are good at the destruction mindsets. It's usually hard for someone of one mindset to switch to the other - not impossible, but hard to do. And honestly we need both mindsets - which is really what Torvalds is gunning for; because if you only have people that know how to create something then it will be full of security holes.
Re: (Score:2)
Re: (Score:1)
Unfortunately, in today's world, it's far more profitable to destroy and harm than it is to create and improve...
FTFY. And therein lies the rub. So long as it's it's both easier and more profitable to do the wrong thing than the right thing, more people will do the wrong thing.
Re: (Score:2)
Dark Side (Score:2)
Why do you think the saying goes "join the Dark Side, we have cookies!"?
Do you have cookies? Maybe but not the kind they want.
Re: (Score:2)
Re: (Score:2)
I was told there would be punch and pie.
Re: (Score:2)
Maybe if someone punched you in the pie...
I will just go ahead and say it.. (Score:1)
How about? (Score:2)
Can anyone attacking Linux come up with anything better?
One thing that I think could improve Linux is to utilize more processor privilege levels if the processor supports it to better protect the kernel from crashes due to a bad driver or other code that don't need full privileges.
Re: (Score:1)
They could stop fucking up UIs all the time.
Re: (Score:2)
The problem in the past was that it required extra context switching between every daemon. Probably programmers would just get around this using shared memory for all the daemons rather than pipes and you are back to square one.
Re: (Score:2)
The trade-off between security and stability versus performance. The Linux kernel is a performance solution, but considering all the security risks out there these days ranging from script kiddies to obscure hardware with drivers it's probably time to raise the stakes and pay the performance penalty tax.
NSA Linux, er, SE-Linux not good enough? (Score:2)
/sarcasm I'm shocked, shocked I tell you that SE Linux [nsa.gov] isn't good enough! [wikipedia.org]
Re: (Score:2)
It's good, and may be good enough for many, but the world is changing - and not for the better - when it comes to nasty surprises. Today you need to build multiple shells to protect your information.
He is sounding more like the US of A (Score:1)
Linus, I am afraid, is sounding more like the USA, with its [former] relationship with what became the Taliban, even though the spheres of influence are very far apart. Am I alone?
Re: (Score:1)
Linus, I am afraid, is sounding more like the USA, with its [former] relationship with what became the Taliban, even though the spheres of influence are very far apart. Am I alone?
Yes. Yes you are.
Bah. (Score:2)
Poor argument.
Listen to the other side: { joke }
https://www.youtube.com/watch?... [youtube.com]
Join me, and together we can rule the galaxy... (Score:1)
But dad...
SHHH!
But...
SHHH!
SHHH! That was a preemptive SHHH...
Re: (Score:2)
They moved to BSD a long long time ago.
According to Mindcraft BSD is supposed to be dead, you prole.
Re: (Score:2)
I think it's pretty insightful - systemd is counteracting a lot of the security, stability and determinism that the kernel offers even without SELinux.
With systemd it's next to impossible to figure out what the problem really is and how to get around it.
Re: (Score:2)
Torvalds is not being stupid, his goal is to make something that works in a predictable manner supporting as many platforms as possible while maintaining the APIs that are generally known since a long time. This means that a lot of software written as far back as the 70's and 80's works on the Linux platform.
As for new software built outside the *NIX realm - that's a completely different issue and it's not easy to just change the OS to support them while still maintaining the historical compatibility. What
It's not hard to understand (Score:1)
Hello MR. Pot... (Score:1, Troll)
This is Mr. Kettle...
As bright and capable as you are, you do realize that *some* of this is because of your propensity to throw little fits of temper towards your developers, and your "I am Linux, What I say goes" control of the project. Right? I understand that it is sometimes better to just make a choice and go with it, but any time you act like a dictator, expect folks to get a bit miffed with you. Now when you vent on your volunteers, you are just asking to be seen as a capricious despot who is too
Quit being an asshole (Score:1)
"Torvalds said he wants to seek out those that would attack Linux and get them to help improve Linux, before they turn to the 'dark side.'"
If you and the majority of your Linux - using brethren weren't such sanctimonious assholes, you might not have so many people that hate Linux and want it to die.
FUCK YOU, PAY ME (Score:1)
As a long-standing member of the computer security industry, having done vulnerability research my entire career [0], there's exactly two sentiments in the industry:
1.) This is cool! I'll do this in my free time, it's fun!
2.) Fuck you, pay me.
The problem with #1 is that as soon as you hit any real resistance, it stops being fun. Have you tried landing a patch at GNU.org or in the upstream kernel? Biggest pain in the rear, ever.
The current state of affairs is that you can remain a White Hat and report vul
Re: (Score:2)
Ever considered that Torvalds has had a share of less favorable interactions with "security researchers" that has ended really sour?
If he really had problems with all security researchers then we wouldn't have had SE-Linux. So I have a hard time finding your opinion entirely serious.
Re: (Score:2)
All of this whining is coming from the same open-source community leader (Torvalds) that has publicly shunned GRSecurity
Do you mean this [twitter.com] grsecurity [twitter.com]? Anyway, your characterization is total bullshit [lwn.net]. Torvalds is willing to accept grsecurity features piecemeal, but not willing to accept grsecurity as a monolithic patch. The grsecurity team cries about how that's not feasible because they've been developing grsecurity in their free time, but the real problem is that they were developing it in a vacuum. They failed to take the linux kernel project seriously, and now they want people to take grsecurity seriously. They're arrogant,
I think ... (Score:2)