Slashdot Mirror
Linus Responds To RdRand Petition With Scorn
hypnosec writes "Linus Torvalds, in response to a petition on Change.org to remove RdRand from /dev/random, has lambasted the petitioner by called him ignorant for not understanding the code in the Linux Kernel. Kyle Condon from the UK raised a petition on Change.org to get Linus to remove RdRand from /dev/random in a bid 'to improve the overall security of the linux kernel.' In his response, Torvalds asked Condon and the supporters of the petition to gain an understanding of Linux drivers and cryptography, and then 'come back here and admit to the world that you were wrong.' Torvalds stressed that kernel maintainers knew what they were doing and the petitioner didn't. Torvalds, in a similar outburst just yesterday, hoped that 'ARM SoC hardware designers all die in some incredibly painful accident.' This came in response to a message from Kevin Hilman when he noted that there were quite a few conflicts in the ARM SoC pull request for Linux 3.12 which were a result of the platform changes conflicting with driver changes going in to the V4L tree."
You have the source code, remove rdrand from the kernel yourself.
This douche bag just wishes painful death on people who disagree with him. That is so much better. The guy may be brilliant and he may have created a wonderful thing for the world. But he is every bit the douche bag that Jobs and Ballmer have ever been.
The TFA makes it look like Linus went on full rampage mode and tore a insightful request down by being mean.
Actually reading his responses, Linus is pretty level headed and just says no, you can't have this.
Guess submitter got his feelings hurt?
Shouldn't we be welcoming RdRand with open arms? It's a mathematically proven high-quality random number generator that lets chips like Ivy Bridge & Haswell produce large amounts of true random data (not a simple PRNG data) at multi-gigabit speeds.
There are some excellent slides describing RdRand here: http://software.intel.com/en-us/tags/20757
I would strongly recommend using it wherever feasible as it is a great boon to security in Linux.
So is some AMD/ARM fanboy saying that it's not fair that AMD/ARM haven't bothered to implement RdRand yet so therefore nobody should be allowed to use it? How about we extend that logic to other pieces of hardware? Say, when AMD comes out with an improved GPU, let's say that Linux shouldn't support it because Intel doesn't have the same hardware.. fair is fair right?
AntiFA: An abbreviation for Anti First Amendment.
There was an incident a few years ago (that led to at least one subsystem maintainer resigning) where RdRand was used as the EXCLUSIVE entropy source for some items if it were present. http://cryptome.org/2013/07/intel-bed-nsa.htm - Matt Mackall resigned over it.
This is BAD.
If it is now merely feeding the pool as one of multiple sources, then it's OK. If anything is directly exposed to raw rdrand output, something is very wrong.
retrorocket.o not found, launch anyway?
I think it's more likely that the RDRAND thing has been an ongoing argument/flamewar for a long time. See this thread for an example.
BTW Linus is right. According to what we know about randomness, even if RDRAND is hacked then mixing it with other entropy can't hurt - at worst, it merely is a no-op and achieves nothing. However, even if RDRAND is backdoored, the NSA is not the worlds only adversary. Given that when mixed with other randomness it doesn't hurt, it's still better to use it against all the other adversaries out there than not.
Linus' point is, exclusive reliance on RDRAND would be bad, but the kernel doesn't/shouldn't do that.
Its just a shame that morons like you value social graces over the ability to do real work. This is why companies fail, especially as they get better, playing well with morons is valued over the ability to get shit done.
I didn't think God played dice.
Based on what?
He has always spoken this way to those who deserved it. Notice he does not go after noobs or people who do not ask for it. If you put up a petition to get something changed, you should at least know what you are talking about.
Someone who has no social skills but uses his persona to stay at the head of the ship.
Well, either that or his technical understanding, organisational skills and the respect of his peers for many a year.
it is just a shame such a social retard is allow to rant as he is.
Guess humour isn't your thing ?
pjk
ARM SoC hardware designers world wide smile into their hand.
I am very small, utmostly microscopic.
There was no negotiation going on. There was a single obnoxious guy calling Linux "an approved partner of the NSA" and complaining about something he knew nothing about. He deserved what he got. In fact, Linus went pretty easy on him.
I have to admit I didn't know much about the controversy so I went and found some articles.
Here is an article showing some weaknesses in Linux's random generation: Analysis of the Linux Random Number Generator
As reported by Bruce Schneier for this Wired article: http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1115
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
If you believe there's something broken in the kernel (or other open source project), you don't create a petition, you create and submit a patch. If you don't know enough or don't have the skills to create a patch, you're probably not qualified to criticize the implementation.
"Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge." -- Isaac Asimov
Can You Say Linux? I Knew That You Could.
Maintaining your own kernel tree over time is most certainly non-trivial by most peoples standards
Some people just had to complain about every-single-thing, even if it's downright inane.
Open source is just that, you can read the source of the programs, and with the source, you have the options to do the following :
1. Determine if the program has any backdoor / malware embedded
2. Change/alter the source to your own liking
3. Learn from the code and perhaps in a latter day you might be able to apply what you have learned in your own program (and I am not talking about cut and paste)
If all the above are STILL not good enough for you, the offerings from Apple and Microsoft are always available.
Muchas Gracias, Señor Edward Snowden !
There comes a time in every professional's career when he cannot do everything himself, and needs the assistance or support of others. When you reach that point, you will find you'll need those "social graces" you hold in such contempt, or else your career will stall or end abruptly.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
He has always spoken this way to those who deserved it.
From his perspective. I would assert he has as little business talking about ARM SoC hardware designers about their design decisions as they have of telling him how to design an OS.
Anyone who has worked between chip and software teams knows the fights here are epic and unending.
I would first like to point out that if you really read this particular response, he was not as flaming as is being reported. Sounds like someone is exaggerating over a grudge. However...
Of all modern figures, Linus Torvalds is close to the top of my list of people who I respect and admire the most. His work has truly changed the world for the better. Can you imagine what things would be like if Linux had never happened? I shudder at the very notion. Regardless of this, Linus has in fact shown over the years that he can have an unreasonably short fuse. He is not RMS, but he's not far and when he does take a hard-line bad attitude stance, I sometimes fear that it is at the detriment of potential progress. Important, high profile maintainers have quit over the years due to his attitude, and it would be nice if he could be more diplomatic in those situations where he unnecessarily goes off like a stick of dynamite. I think there is a degree where his power has gone to his head. But as long as Linux keeps marching forward, I am happy enough with that.
Brought to you by Carl's Junior.
If you ever have to deal with Linux on ARM without a ready-made distribution for just your system, you will understand the sentiment. Non-discoverable buses are indeed shit. Having to manually tell the OS where everything is was tolerable in the 90s, you know, before something as initially broken as plug-and-play was cause for joy because you no longer had to use dip switches to set conflict-free addresses that you then had to copy into the BIOS setup and every application, and hope that someone hadn't hardcoded the port number for the Soundblaster card.
Which is why Linux is a millionaire and head of the worlds most used operating system?
Social graces are fine for when they are needed. I do not hold them in contempt at all. There is a time and a place for them and everything else, this was not the time to suffer fools.
If you can't communicate without being an abusive asshole, I don't want to work with you, no matter how "real" your work is.
This kind of talk, even if out of context, is infantile and damages the reputation Linux and open source in general.
It's not only an obnoxious guy, but an uneducated one. You can easily disable it with a compile time option already.
Do not look at laser with remaining good eye.
That's some mighty fine editing there, Lou. FWIW, if that was copy/pasted from the original article, they've fixed it over there. Otherwise... wow.
Program Intellivision!
ARM chip designers view hardware as disposable. Why worry about software security updates when you are just going to replace the phone every 18 months?
Cursing about it on LKML is useless though. Linus should start a change.org petition to address this issue.
I'm wondering how clever it is for Linus to make statements like "So if you see any, send them my love, and possibly puncture the brake-lines on their car and put a little surprise in their coffee, ok?"
With stories of kids getting arrested and sent to jail for saying things like "I'm going to kill someone. Nah just kidding." he may be setting himself up for this. I can imagine U.S gov wanting to take that opportunity, with him being so prominent and open source operating systems possibly proving to be the only guaranteed escape from NSA eavesdropping.
Signature intentionally left blank.
I'd read TMZ.
Man, I can't wait until the /. submitters discover Theo de Raadt.
If you were me, you'd be good lookin'. - six string samurai
BTW Linus is right. According to what we know about randomness, even if RDRAND is hacked then mixing it with other entropy can't hurt - at worst, it merely is a no-op and achieves nothing.
That's actually not correct. RDRAND is an instruction in an Intel processor. You know what it is _supposed_ to do according to the documentation, but you don't know what it actually does.
It could install a trap that fires on the next XOR instruction, and if the destination is XOR'd with the result of RDRAND, replay the instruction sequence, but returning a different result for the RDRAND itself, so that the destination is changed to what the NSA wants.
The Truth Will Out!
Oh, come now. It'll only out if you accidentally the whole thing.
The NSA has apparently compromised random number hardware and software packages throughout the industry.
Could this be fixed by using an entropy server?
Suppose some group hosted a random number server. A verified source of true randomness which can be trusted by the reputation of the people involved, in the same way that we trust the people who make Tor, Mozilla, and linux.
It would be a single point of failure, but also a single point of defense. We could put all the best practices and best ideas of security into one place, by means of technology, software and legalities. It could be hosted in a privacy-friendly country, it could be monitored and defended by the EFF using legal means, it could use the best technology for generating randomness and have open and easily-inspected software and procedures.
To use the system, a client would:
This is slightly weak because the NSA could record the conversation and "simulate" the client computer to recover the generated keys, but doing this is much harder than cracking weak keys. In the server model the weak key is used once, instead of being used all the time. Also, simulating a computer (including nuances of software version and hardware quirks) is much harder than finding weak keys.
(To find weak keys, gather all the keys you can find and calculate GCD on pairs of keys. In practice, about 1 percent of all keys on the net have common factors. Most of these come from systems with low entropy - headless systems (routers, firewalls, servers) with no user interaction for randomness.)
In one action we could fix the security of much of the software used in the internet.
Any volunteers?
(I'd love to, but it has to be outside the US. I'll donate $1000 towards costs if the idea is viable.)
Just the ones who put in non discoverable busses. So he got that one about right,
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Then he wonders why Linux adoption rate on the desktop is nearly zero.
Any soccer mom reading this will think Linux is an OS developed by some 12-year-old dumbass, and will obviously refuse to use it..
Yeah, definitely. I'd be surprised if this doesn't shift at least 30% of soccer moms over to FreeBSD or Haiku. Sure they might keep Linux on some of their servers, but their desktops are almost certainly going to be switched away from Linux. Well done, Linus!
-- Using the preview button since 2005
The SW guys have a job to do in ensuring the the HW guys have proper requirements, it's not all just coding and committing.
I work at one of these ARM SOC companies, and the software guys complain an awful lot after the fact, but take almost no involvement in design reviews and architectural work for the hardware, and treat design reviews as optional. One guy is known for the mantra "We don't have time for reviews, do what you think is right and suffer the consequences". That may serve him well in software, but for hardware, particularly SoC's, it's far too expensive to change once manufactured.
I don't expect Linus, the Linux kernel maintainer, should be expected to worry about ARM issues, but he should make it clear to the SW developers who are, that shit stinks and he will hunt and kill firstborns until the problem is resolved. They at least are listening to his rant. Hardware guys are off trying to squeeze 10% more performance out of a memory bus or something, this is way too far out of their ivory tower to concern themselves with unless someone makes it an issue.
It's not a "cop out" at all. The party that manages the code doesn't want to remove a feature that there's no logical reason to remove. The petition was one sentence, linked to no debate, made no points and didn't even attempt to negotiate. It could have said, "Do it, because we say so." and it would have been just as informative. I think you need to look up the definition of "cop out", because the petition creators could have actually done something useful, and didn't.
Okay then, lets fix this.
The NSA has compromised products and devices in the design phase - both software and hardware. We don't know which products are compromised or how, but we do know that some are.
Random number generators cannot be verified - it's a computationally infeasible problem. If the NSA has subtly tampered with a product, there's no way to tell from the outside looking in. You *might* be able to tell by looking at the generator source. (Note that the linux random number generator has at least one undocumented source of entropy.)
There is no reasonable way to look at the source code/microcode of the rdrand instruction.
Additionally, there is no way to verify the underlying source of randomness of the rdrand instruction. There could be vulnerabilities on the silicon die.
The whole point of open source is that people can peek at the software and see what's going on.
Since there is no way to inspect the random number generator and no way to verify it's operation, it should not be used by default.
It's a security risk, plain and simple, and risk management should be up to the user. However small the risk is, forcing everyone to take it multiplies the chance that someone will get burned by it.
Here's your logical argument. If Linus wants to debate this, let him address these issues. Linus needs to show the premises wrong, or that the conclusion doesn't follow from the premises.
If he can't, then he should abide by the recommendation.
That wouldn't be so bad if there actually were a datasheet, but instead everything's closed and proprietary, leading to pointlessly closed drivers as h4rr4r complained about.
'"ARM SoC hardware designers all die in some incredibly painful accident."
I mean, maybe Linus hasn't had the experience of losing someone in an incredibly painful accident.
Well, how is he supposed to hope people die? Being batted by soft pillows while sitting in the comfy chair?
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
And by disabling RdRand, you can only decrease security, so it would be pretty stupid to do so. But that requires actually understanding how an entropy pool works, something the petitioner does not. Basically, the only sane reason to disable it is for tests.
In fact of the sheer stupidity of the request, Linus was pretty friendly in its answer. He is also 100% right.
If you look at what Intel apparently wanted, namely drop the entropy pool and only use RdRandom (https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J), _that_ would have been highly problematic. But Theodore Ts'o actually understands how these things work and refused. I thought it was a pretty good call back then (and I seem to remember that Linus called this one wrong but learned better), and now it looks like it prevented a world of trouble. On the other hand, we now have strong indication that some Intel engineers have been compromised by the NSA.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
There are parts of the kernel that were written by Google, IBM, Oracle, etc. Guess Linus is in a conspiracy with everyone! Here's the point you missed: All the NSA parts are open source and were reviewed before acceptance. It's not like they snuck in code when no one was looking. Many people have reviewed the code and found that it improved security. If you have evidence otherwise, submit. Otherwise, it is just paranoia on your part.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Yes, RDRAND could do evil things. It could go play Towers of Hanoi when you execute it. It could Halt and Catch Fire. It could email your MAC address to the KGB. So could any other instruction, if Intel wanted to be malicious, just when you thought it was safe to go back in the register pool.
If the NSA has convinced Intel to do evil things with RDRAND, the most likely one would be to hand out low-quality entropy when claiming that it's high-quality. It's still useful, and like any entropy source, it shouldn't be the only entropy source you use, and you shouldn't use it without hashing it together with a bunch of other hopefully-not-broken entropy. But it's still useful, and as somebody said, the NSA isn't your only enemy.
Especially when you're starting up a machine (physical or virtual), you really need good entropy and you don't have a lot of sources available yet. If you don't trust RDRAND, or even if you do, hash it together with some secret password and the clock and whatever else you've got.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Let me spell this out for you. I'll use small words.
There is a style of humor where one says ridiculous things, with the understanding that these things are so patently ridiculous that the audience can understand that the things are not meant literally. Often, practitioners of this style of humor will go really over-the-top, mostly because this makes the joke funnier but also to make it crystal-clear that it's a joke.
This is one such example. If I genuinely thought Linus was setting up a murder on the ARM SOC designers, I would be concerned and upset. If I even thought there was a culture of fear and bullying, causing the ARM SOC designers to be unhappy, I'd be concerned. As it is, I was amused.
I suppose you were also upset over his trash-talking of CVS and Subversion in his Git lecture? "The problem with 'CVS done right' is that it leaves you nowhere to go... it's impossible to do CVS right." I think I laughed out loud at that one, but Nervous Nellies on /. were wringing their hands over this horrible hatefulness.
Let me predict your response. "Oh sure, the brake-cutting thing is a joke, but it's a mean, hurtful, hateful joke that will make people feel bad." I have to disagree. It's so wildly disproportionate that it's impossible for anyone to take it seriously, and I can't believe the ARM SOC designers are going to really worry about it.
Also, even with over-the-top dark humor, there are lines one doesn't cross; and Linus hasn't crossed those. It is not funny to joke about murdering or raping someone's family, for example; it's not funny to make jokes that remind people of horrible real-world atrocities; it's not funny to use offensive epithets related to race, etc. Linus didn't go there.
Also, if one or more of the ARM SOC designers were to trash-talk Linus back, he wouldn't get all bent out of shape about it; he'd be amused. (The Linux kernel is nontrivial, therefore it has some dark corners that are ugly. Someone could poke fun at Linus over those.)
Now if you will pardon me, I need to get back to work. Some of these bugs are so bad I'm going to hunt down the coders and remove their livers with a rusty spoon.
Were you ever bullied as a kid in school? Do you have a child in school being bullied? Remember how it made you feel? Yeah.
I was bullied sometimes. Mostly it was words but it got physical at times. Not a fond memory.
This is not remotely similar.
Well, in that case these Intel people would be completely incompetent with regard to security. You are right, possible they had that thought and are completely unaware of the consequences or they are so in love with their product they have gone blind to the real world. That would be even more dangerous.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Troll or astroturfer?
The first couple of times this post appeared, I was willing to give the poster the benefit of the doubt. (Disagreeing with me isn't proof of anything, except, occasionally, common sense.) But essentially the same post has now repeated several times.
I'm beginning to tilt towards astroturfer.
I think we've pushed this "anyone can grow up to be president" thing too far.
But this means it needs a custom kernel so adds complexity to an open source kernel like Linux when it has to work on a million different ARM based chips with undiscoverable busses.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.