Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security Linux Technology

Torvalds Wants Attackers To Join Linux Before They Turn To the "Dark Side" (eweek.com) 112

darthcamaro writes: People attack Linux everyday and Linus Torvalds is impressed by many of them. Speaking at the Open Source Summit in LA, Torvalds said he wants to seek out those that would attack Linux and get them to help improve Linux, before they turn to the 'dark side.' "There are smart people doing bad things, I wish they were on our side and they could help us," Torvalds said. "Where I want us to go, is to get as many smart people as we can before they turn to the dark side. We would improve security that way and get those that are interested in security to come to us, before they attack us," he added.

Torvalds Wants Attackers To Join Linux Before They Turn To the "Dark Side"

Comments Filter:
  • by thegreatbob ( 693104 ) on Monday September 11, 2017 @04:09PM (#55176555) Journal
    Unfortunately, it's far easier to destroy and harm than it is to create and improve... I doubt there are many among us who haven't derived some kind of pleasure from breaking something at some point in their lives.

    This does not, however, mean we should not try. Also no reason to completely write off the dark-side folks, sometimes they see the light and come around.
    • by DontBeAMoran ( 4843879 ) on Monday September 11, 2017 @04:23PM (#55176665)

      Also no reason to completely write off the dark-side folks, sometimes they see the light and come around.

      And sometimes they just cut your hand off using a saber made of "light".

    • by Jason Levine ( 196982 ) on Monday September 11, 2017 @04:24PM (#55176669) Homepage

      There are also a lot of "Dark Side" folks who have no real talent of their own. They can run scripts written by talented people and can cause a lot of damage, but if given the chance to break into a system without their pre-written scripts, wouldn't get very far.

    • by Anonymous Coward

      The Linux community attacks itself far worse than vague "black-hat hackers", Microsoft, SCO, or any other external force ever could hope to do.

      Just look at the immense community disruption that systemd has caused. It's clearly unwanted by a lot of the community, especially the serious users like the developers and administrators who are responsible for running Linux servers and other critical Linux installations. Forcing systemd into Debian tore apart the decades-old community of what was once the most stab

      • Re: (Score:3, Insightful)

        Agreed. Someone forgot to tell Linus that hacks == cash. Few are going to help out him and Pottering out of goodness of their hearts and devalue their zero-day bug bounties. That's goes 2x now that systemd is a standard. With all the systemd security bugs and crashes, it makes me wonder how much undiscovered zero-day is in the wild already.
      • We need to stop Linux-on-Linux violence!

      • The Linux community attacks itself far worse than vague "black-hat hackers", Microsoft, SCO, or any other external force ever could hope to do.

        I don't think I've ever seen so much FUD in one post

        Just look at the immense community disruption that systemd has caused. It's clearly unwanted by a lot of the community, especially the serious users like the developers and administrators who are responsible for running Linux servers and other critical Linux installations. Forcing systemd into Debian tore apart the decades-old community of what was once the most stable, reliable and trusted Linux distro around.

        There would not have been a problem if someone hadn't stared a misinformation campaign a full year after Debian had already had an internal debate, weighed the pros and cons and went with systemd. Yes, there were growing pains, but theve all been pretty much ironed out by now and most people who do this for a living don't actually care. The distros who switched, haven't seen any loss of users because of it and life moves on.

        Then there's GNOME 3, which has also caused a huge schism within the Linux community. It's pretty widely disliked, yet is forced on users as the default desktop environment by a number of the major Linux distros. While GNOME 2 eventually got to a point where it was mostly usable, we shouldn't forget that the GNOME project itself was initially founded for ideological reasons, rather than practical reasons, again splitting the community.

        Some people disagreed about how things should be done and spent their OWN time on their own project so what's the problem? Some people preferred KDE and some QT.

        It doesn't help that Ubuntu had been dabbling with things like Upstart, Unity and Mir for a long while, again splintering the community.

        When harm comes to the Linux community, it's pretty much never some external force that's responsible. It's the Linux community turning on itself in one way or another. It's one set of Linux users attacking some other set of Linux users. The Linux community is its own worst enemy.

        Most of that is fine.. Forks are actually a strength and not a weakness. People work on what they want work on and in some cases the forks learn from each other or just fade into obscurity and who are we to say what Shuttleworth is to spend his money on? Don't like it, don't use Ubuntu, it's simple.

        • by Kjella ( 173770 ) on Monday September 11, 2017 @08:05PM (#55177889) Homepage

          There would not have been a problem if someone hadn't stared a misinformation campaign a full year after Debian had already had an internal debate, weighed the pros and cons and went with systemd. Yes, there were growing pains, but theve all been pretty much ironed out by now and most people who do this for a living don't actually care. The distros who switched, haven't seen any loss of users because of it and life moves on.

          Pretty sure that's not correct, I remember quite [slashdot.org] a [slashdot.org] few [slashdot.org] negative opinions before the decision was made that resemble the current criticism. In any case, if you're replacing a very old and familiar system that's not obviously broken with something new then you can be assured that most of the debate and the arguments will be made by the people who want change. Because you get like 20 years of "we want to replace X11" discussion they can't be arsed to follow and then finally, when the switch to Wayland is happening then you get the "OMG you're breaking X and I need it, stop that". A year later would perhaps be around when the first systemd-based distro version would be released, actually breaking things for users?

          • by gmack ( 197796 )

            I recall having an absolute panic attack a the thought of Systemd from reading posts here on Slashdot and then going and looking into it myself and discovering it wasn't as bad as it's detractors made it out to be. Also, I think Fedora got to deal with the worst of the teething problems so there was only minor breakage when Systemd hit debian testing. I myself had a 5 minute hang that I eventually tracked down to a configured mount for a drive that I had previously moved. Later versions were more explici

        • There would not have been a problem if someone hadn't stared a misinformation campaign a full year after Debian had already had an internal debate, weighed the pros and cons and went with systemd.

          That decision was made without consulting the userbase, which was overwhelmingly against the change. It was the wrong decision for multiple reasons, both technical and political. If the users are clamoring against it, and you do it anyway, you should expect the userbase to leave in droves. Also, literally half the Debian leadership was against the change, and it came down to a tiebreaker. The intelligent thing to do then would have been to table systemd pending addressing of concerns, but that's not what th

          • by gmack ( 197796 )

            The user base was not "overwhelmingly against the change". Most users don't care one way or the other and again, most of the noise on the forums were people misrepresenting systemd's design and goals(ex saying that it was designed for the desktop when it was actually solving problems on severs), posting fake or already solved. or taking some forum post out of context.

            Proof of all of this is the lack of adoption of Deuvian. If developers were so upset they would contribute to that instead of Debian, but th

            • by gmack ( 197796 )

              No matter how many times I proofread....

              "posting fake or already solved" should be "posting fake or already solved bug reports (even if the problem was solved months or even years ago)"

      • by whh3 ( 450031 )

        This is absolutely, 100% true, but also slightly different than the forms of attacks to which Linus is referring. I think that the attacks you speak of are incredibly destructive and are self-inflicted. External forces (proprietary vendors or otherwise) do cause great harm to the OS community by attacking its reputation for security. They use examples of attacks perpetrated by blackhats to "prove" that OS cannot/does not work. So, your point is valid and so is Linus'. Thank you!

      • by jbn-o ( 555068 ) <mail@digitalcitizen.info> on Monday September 11, 2017 @06:47PM (#55177527) Homepage

        First off, you're using the word "Linux" as though that were an operating system [gnu.org]. Linux is not now and never was an OS, it was and remains an OS kernel. You can't run the software you use as examples if all you have is the Linux kernel. Secondly, democracy is messy. People start projects which other people don't like. But we're all free to start our own projects and include the free software we like. Nobody "forc[ed] systemd into Debian". Debian GNU/Linux decided to include systemd, and for a community that is still going strong you'd never know that Debian had been "tor[n] apart" as you claim.

        Contrary to your way of putting it, the initial work behind GNOME was quite practical and, coming from the GNU Project, started in making free software more practical. GNOME was started because the K Desktop Environment (KDE) had nonfree dependencies, notably Qt which used a nonfree license until around mid-1999. Thus KDE was unsuitable for the GNU Project which aims to provide an OS which respects a user's software freedom (to run, share, modify, and distribute). A second project aiming to do roughly the same job as Qt was also started by the GNU Project (a Qt API-compatible project called "Harmony [wikipedia.org]"). Qt ended up being relicensed as free software and GNOME ended up being useful. So we have both KDE and GNOME today. Thus a pragmatic pursuit of software freedom, which you apparently eschew, was quite effective at delivering a modern GUI look-and-feel for users who want that (which, I'm guessing, would be most computer users).

        "Splintering the community" is a natural outcome of software freedom just as people use their freedom of speech to express different and sometimes conflicting views. People try to work together to meet their needs but sometimes that just isn't possible. This kind of thing happens in science all the time; people with different ideas on how something works set out to investigate their hypotheses in parallel and sometimes we end up with multiple divergent theories and, over time, some convergence. When it comes to software development we should celebrate, not minimize or disdain the software freedom to express ourselves in such a way.

        • we end up with multiple divergent theories and, over time, some convergence. When it comes to software development we should celebrate, not minimize or disdain the software freedom to express ourselves in such a way.

          Yes, this is why systemd is shit. You have to take it as a lump, it's not modular in practice like Unix software is supposed to be, nor is it interoperable like Unix software is supposed to be.

      • Just look at the immense community disruption that systemd has caused.

        I don't like systemd (like some of the ideas but not how they are implemented), but outside of the Debian vote, I don't think there's been any community distruption other than some heated comments on message boards, and even that has died down due to people being dead tired of the same arguments put against eachother over and over again. All major distros are going with systemd, I believe eventually (perhaps soon if the developers keep

    • by shanen ( 462549 )

      You [thegreatbob] stole my Subject: line! I shall now join the Dark Side and destroy you and all your Linux minions! Little disappointed you didn't do more with the angle, which probably won't prevent you from receiving some so-called insightful mods on today's Slashdot.

      Actually, I wanted to approach the topic from the angle of possible solutions. However, if you remember me, you know I already think I have all the solutions, and in this case it's a better financial model for Linux. If you have the money to

      • I have failed us for the last time... for some reason, I was not fully in a Star Wars frame of mind when writing it xD
        • by shanen ( 462549 )

          My other response to your comment involves the scale of competition getting out of control. I think the underlying motivation to do evil is a failure to do good. I'm coming from the position that people are basically good, but you can motivate them to go in either direction--and public recognition is a powerful motivator. Because the scope of competition is so large now, people can't "succeed" anymore, so they go the other way, seeking to gain recognition for being bad. A hundred years ago, you might be the

    • Unfortunately, it's far easier to destroy and harm than it is to create and improve... I doubt there are many among us who haven't derived some kind of pleasure from breaking something at some point in their lives. This does not, however, mean we should not try. Also no reason to completely write off the dark-side folks, sometimes they see the light and come around.

      Lol....there are two very distinct mindsets - those that create, and those that destroy. Programmers/Engineers are good at the creating mindset while black/white hats are good at the destruction mindsets. It's usually hard for someone of one mindset to switch to the other - not impossible, but hard to do. And honestly we need both mindsets - which is really what Torvalds is gunning for; because if you only have people that know how to create something then it will be full of security holes.

      • Very true, insight much appreciated. Brings to mind a lot of older software, which was programmed under the mindset that people would only use it for its intended purpose, and that malicious actors basically don't exist... I guess it's a matter of achieving a useful balance.
    • Unfortunately, in today's world, it's far more profitable to destroy and harm than it is to create and improve...

      FTFY. And therein lies the rub. So long as it's it's both easier and more profitable to do the wrong thing than the right thing, more people will do the wrong thing.

    • by Bengie ( 1121981 )
      It's more rewarding to produce a system that is difficult to break. Breaking a sandcastle is fun, but building a sand castle that can't be broken is even more fun. When it is eventually broken, you learn from your mistake in lack of creativity.
  • Why do you think the saying goes "join the Dark Side, we have cookies!"?
    Do you have cookies? Maybe but not the kind they want.

  • before they start using Windows or Mac.
  • Can anyone attacking Linux come up with anything better?

    One thing that I think could improve Linux is to utilize more processor privilege levels if the processor supports it to better protect the kernel from crashes due to a bad driver or other code that don't need full privileges.

    • They could stop fucking up UIs all the time.

  • /sarcasm I'm shocked, shocked I tell you that SE Linux [nsa.gov] isn't good enough! [wikipedia.org]

    • by Z00L00K ( 682162 )

      It's good, and may be good enough for many, but the world is changing - and not for the better - when it comes to nasty surprises. Today you need to build multiple shells to protect your information.

  • Linus, I am afraid, is sounding more like the USA, with its [former] relationship with what became the Taliban, even though the spheres of influence are very far apart. Am I alone?

    • Linus, I am afraid, is sounding more like the USA, with its [former] relationship with what became the Taliban, even though the spheres of influence are very far apart. Am I alone?

      Yes. Yes you are.

  • Poor argument.

    Listen to the other side: { joke }

    https://www.youtube.com/watch?... [youtube.com]

  • But dad...

    SHHH!

    But...

    SHHH!

    ...

    SHHH! That was a preemptive SHHH...

  • A reasonable person could see that what Torvalds is saying is that instead of doing something illegal which could land a person in jail and ruin their life, that using their skills to contribute to the Linux kernel is a preferred option. Looks good on a resume and could result in a well paying job. What could be more sensible or easy to understand?
  • This is Mr. Kettle...

    As bright and capable as you are, you do realize that *some* of this is because of your propensity to throw little fits of temper towards your developers, and your "I am Linux, What I say goes" control of the project. Right? I understand that it is sometimes better to just make a choice and go with it, but any time you act like a dictator, expect folks to get a bit miffed with you. Now when you vent on your volunteers, you are just asking to be seen as a capricious despot who is too

  • "Torvalds said he wants to seek out those that would attack Linux and get them to help improve Linux, before they turn to the 'dark side.'"

    If you and the majority of your Linux - using brethren weren't such sanctimonious assholes, you might not have so many people that hate Linux and want it to die.

  • As a long-standing member of the computer security industry, having done vulnerability research my entire career [0], there's exactly two sentiments in the industry:

    1.) This is cool! I'll do this in my free time, it's fun!
    2.) Fuck you, pay me.

    The problem with #1 is that as soon as you hit any real resistance, it stops being fun. Have you tried landing a patch at GNU.org or in the upstream kernel? Biggest pain in the rear, ever.

    The current state of affairs is that you can remain a White Hat and report vul

    • by Z00L00K ( 682162 )

      Ever considered that Torvalds has had a share of less favorable interactions with "security researchers" that has ended really sour?

      If he really had problems with all security researchers then we wouldn't have had SE-Linux. So I have a hard time finding your opinion entirely serious.

    • All of this whining is coming from the same open-source community leader (Torvalds) that has publicly shunned GRSecurity

      Do you mean this [twitter.com] grsecurity [twitter.com]? Anyway, your characterization is total bullshit [lwn.net]. Torvalds is willing to accept grsecurity features piecemeal, but not willing to accept grsecurity as a monolithic patch. The grsecurity team cries about how that's not feasible because they've been developing grsecurity in their free time, but the real problem is that they were developing it in a vacuum. They failed to take the linux kernel project seriously, and now they want people to take grsecurity seriously. They're arrogant,

  • ... Google has a patent on The Dark Side.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (9) Dammit, little-endian systems *are* more consistent!

Working...