Torvalds Wants Attackers To Join Linux Before They Turn To the "Dark Side"

darthcamaro writes: People attack Linux everyday and Linus Torvalds is impressed by many of them. Speaking at the Open Source Summit in LA, Torvalds said he wants to seek out those that would attack Linux and get them to help improve Linux, before they turn to the 'dark side.' "There are smart people doing bad things, I wish they were on our side and they could help us," Torvalds said. "Where I want us to go, is to get as many smart people as we can before they turn to the dark side. We would improve security that way and get those that are interested in security to come to us, before they attack us," he added.

Admirable goal, but...

[thegreatbob]

Unfortunately, it's far easier to destroy and harm than it is to create and improve... I doubt there are many among us who haven't derived some kind of pleasure from breaking something at some point in their lives.

This does not, however, mean we should not try. Also no reason to completely write off the dark-side folks, sometimes they see the light and come around.

Re:Admirable goal, but...

[DontBeAMoran]

Also no reason to completely write off the dark-side folks, sometimes they see the light and come around.

And sometimes they just cut your hand off using a saber made of "light".

Re:Admirable goal, but...

[Jason+Levine]

There are also a lot of "Dark Side" folks who have no real talent of their own. They can run scripts written by talented people and can cause a lot of damage, but if given the chance to break into a system without their pre-written scripts, wouldn't get very far.

Re:Admirable goal, but...

[shanen]

You [thegreatbob] stole my Subject: line! I shall now join the Dark Side and destroy you and all your Linux minions! Little disappointed you didn't do more with the angle, which probably won't prevent you from receiving some so-called insightful mods on today's Slashdot.

Actually, I wanted to approach the topic from the angle of possible solutions. However, if you remember me, you know I already think I have all the solutions, and in this case it's a better financial model for Linux. If you have the money to HIRE these attackers for good purposes, then you don't have to just ask them to be good boys and girls. Asking nicely and offering money just tends to work better than asking nicely alone.

As the ancient joke goes, DAUPR. You don't need to offer me money to motivate my effort. Just convince me you're sincerely interested in making the world better. Even nicer if you can convince me you're capable of doing something constructive along such lines.

We now return you to the regularly scheduled meaningless sniping, bickering, and pointless sarcasm of today's Slashdot. Your only prayer is that someone comes up with an actually funny comment or joke that somehow gets moderated properly. I'd wager that this comment will get troll-modded into invisibility ASAP.

Re: Admirable goal, but...

I stopped respecting Linus when he didn't put up strong and immediate opposition to systemd. Systemd had caused more problems for my workstations and servers than any attackers ever have. It got to the point where systemd became, in my opinion, effectively a form of malware. I then stopped caring about what Linus said and thought once I finished moving all of my Linux systems over to NetBSD. Linux is pretty much dead to me at this time.

Re:Admirable goal, but...

[TemporalBeing]

Unfortunately, it's far easier to destroy and harm than it is to create and improve... I doubt there are many among us who haven't derived some kind of pleasure from breaking something at some point in their lives. This does not, however, mean we should not try. Also no reason to completely write off the dark-side folks, sometimes they see the light and come around.

Lol....there are two very distinct mindsets - those that create, and those that destroy. Programmers/Engineers are good at the creating mindset while black/white hats are good at the destruction mindsets. It's usually hard for someone of one mindset to switch to the other - not impossible, but hard to do. And honestly we need both mindsets - which is really what Torvalds is gunning for; because if you only have people that know how to create something then it will be full of security holes.

Re:Admirable goal, but...

[thegreatbob]

I have failed us for the last time... for some reason, I was not fully in a Star Wars frame of mind when writing it xD

Re:Admirable goal, but...

That goes doubly so for the creative side. Nearly all people that make software for a living, even those with decent CS degrees and experience, make huge salaries gluing other people's code together. If only businesses knew what they were paying for, programming salaries would drop below 50k where they probably belong.

Re:Admirable goal, but...

Yeah, nothing like slave labor.

Re:Admirable goal, but...

[thegreatbob]

Very true, insight much appreciated. Brings to mind a lot of older software, which was programmed under the mindset that people would only use it for its intended purpose, and that malicious actors basically don't exist... I guess it's a matter of achieving a useful balance.

Re: Admirable goal, but...

[F.Ultra]

And yet you post this to every Linux related article.

Re:Admirable goal, but...

what purists should learn is that people get paid not for talent or programming skill but for solving problems. I own a business and it is great to have very talented people working for me but the people who get the highest pay (best reviews) are those who solve problems fast and move on. It is actually not useful to have someone re-invent the wheel just because they are talented or the wheel is close fit but not quite to what is required so start from scratch.
If someone will adapt the requirements or the solution to match the requirements it is quicker and therefore more profitable.
You get rewarded for what you achieve not how you achieve it. Even if an engineer when and found people in India to do his job and paid them part of his salary in my mind he should be promoted as he knows the how to produce outputs rather than worry about tinkering with how things work.
My first test for any code is 1. Does it do the job. 2. robust 3 maintainable. If it cannot pass 1 it does not matter about 2 and 3.

Re:Admirable goal, but...

[epyT-R]

..and what business owners must learn is that the best people who solve their problems are creative problem solvers that cannot be managed and metric'd like factory workers. Good engineers treated this way migrate to competitors who understand this.

'How' it's done is important too because it determines what's possible in the future. Half-assed 'right now' solutions often end up costing more money down the road. Shortsighted management like this has cost companies way more money than the occasionally overengineered solution (which was probably done in an attempt to avoid this 'firehouse' style management). A lot of this fits under #2 on your list, but also one and three as well.

Re:Admirable goal, but...

And if anyone were to ask me (not that I'd need anyone to ask), damn the company, if they're going to work us to death. It's not like we're talking about protecting our country. On the contrary, in some cases we might even be discussing true enemies of the State.

Re: Admirable goal, but...

Hey, knowing is half the battle - Joe

Re:Admirable goal, but...

He could start by not insulting everybody.

Re:Admirable goal, but...

"If only businesses knew what they were paying for, programming salaries would drop below 50k where they probably belong."
If only programmers and their business overlords knew that bankers only know how to calculate percentages, make billions and plow both of their wives at the same time.

Re:Admirable goal, but...

> Unfortunately, it's far easier to destroy and harm than it is to create and improve...

My first thought and what I came here to post. Congrats on remind us of that, but I disagree with your conclusion.

Normal people prefer the easy way, so most might have a greater tendency to destroy than to build. Not so with hackers (the real ones, at least). It's not that they are specially good hearted or something.

They just choose usually the least walked path. If something is difficult, count them in. I'd even say the natural progression for a hacker is to start on the dark-side, then noticing how much harder are the light-side things and, reaching the a certain level, to be attracted to the more gratifying tasks of the light-side.

Many of the famous dudes we know would make great evil hackers but, by choosing to build instead of destroying, they carved their names in IT history.

In a way, they don't hack computers or networks, they hack culture. And _that_ is thinking big.

Re:Admirable goal, but...

[billybiro]

Unfortunately, in today's world, it's far more profitable to destroy and harm than it is to create and improve...

FTFY. And therein lies the rub. So long as it's it's both easier and more profitable to do the wrong thing than the right thing, more people will do the wrong thing.

Re:Admirable goal, but...

[Bengie]

It's more rewarding to produce a system that is difficult to break. Breaking a sandcastle is fun, but building a sand castle that can't be broken is even more fun. When it is eventually broken, you learn from your mistake in lack of creativity.

Re: Admirable goal, but...

[F.Ultra]

If so parent AC lost 100% of the battle.

Re:Admirable goal, but...

[Bengie]

At first I felt the same about what he said about "how it's done" not mattering, but I thought about it and later assumed he meant "an action, in and of itself, does not matter, it's choosing the right action". Kind of a cargo-cult take on what they may have meant.

But..."knows the how to produce outputs rather than worry about tinkering with how things work" is a very dangerous thing indeed. If you don't know how something works, how can you even possibly know you did the correct thing? It's logically impossible. I deal day-in-and-out with people who made solution to mask the problem, not fix the problem, because they didn't take the time to "tinker' and figure out how something works. Rewarding people with getting immediate results over doing something correctly is how technical debt skyrockets. It just externalizes the costs into the future and for other people.

I deal with managers who tell me technical debt can be good if managed correctly because it allows you to do something sooner. My argument is that is correct, if you properly measure the debt, but most of the time they're not taking out mortgages and flipping houses, they're taking out pay-day loans on money-pits. That week they saved on a month long project set us back 2 months and tens of man-years of work in less than a half a year's time.

My personal take on problem solving is if you don't know how something should work and how it does work, then you have no idea what you're doing and you're just throwing crap at the wall and hoping it sticks. Same thing goes for how something doesn't work. How something works is the complement set of how something doesn't work. By definition, if you know one, you must know the other. Most of the time that something fails and I ask why it's failing, the programmer has no idea why it's failing. By my definition, if they don't know why it's failing, they could not have known how it works in the first place. If they don't know how it works, then they have no idea what they wrote in the first place. Just throwing crap at the wall.

When my code fails, I nearly always have an immediate theory as to why it's failing and most of the time my theory is perfectly correct or nearly so. Heck. Even when helping other people with their projects and figuring out why their code is not working correctly, my intuited guesses are better than their educated and informed theories. When I make these kinds of mistakes myself, I will fester on my mistake for weeks. I am my own worst critic and I hold myself to a high standard.

Re:Admirable goal, but...

Good engineers treated this way migrate to competitors who understand this.

Nope... they figured it out already. That's was non-competes are for! Just ask any Jimmy John's Sandwich Engineer...

Re:Admirable goal, but...

[shanen]

My other response to your comment involves the scale of competition getting out of control. I think the underlying motivation to do evil is a failure to do good. I'm coming from the position that people are basically good, but you can motivate them to go in either direction--and public recognition is a powerful motivator. Because the scope of competition is so large now, people can't "succeed" anymore, so they go the other way, seeking to gain recognition for being bad. A hundred years ago, you might be the fastest runner in your village, and all the people who mattered to you might know it, but if not that, you had plenty of other chances to be the best at something if you wanted to. There weren't that many people in your village to compete against, if competition and recognition is what you wanted. Nowadays the scale of competition is the entire world, and you might be a fast runner, but you're no Usain Bolt. Maybe you can get "famous" by hacking and destroying his website?

I actually see this as tied to the freedom definition in my sig. However, the version that satisfied the Slashdot criteria is not complete. Here's the full version:

#1 Freedom = (Meaningful + Justified - Coerced) Choice{~5} (Beer^4 | Speech | Trade)

The connection involves the magic number 5... There's also a connection to Dunbar's Number, which is usually estimated around 150.

Re:Admirable goal, but...

he should talk to theo, even if he's difficult

Dark Side

[war4peace]

Why do you think the saying goes "join the Dark Side, we have cookies!"?
Do you have cookies? Maybe but not the kind they want.

Re:Dark Side

[techno-vampire]

If you really want to see how much some people want cookies, you need to see Little Ol' Bosko and the Cannibals. Just remember, this was made back in the '30s, when people's attitudes were different, and don't be too quick to take offense.

Re:Dark Side

[wonkey_monkey]

I was told there would be punch and pie.

Re: Dark Side

LOL. Looks like the negro version of little red riding hood.

Re:Dark Side

[war4peace]

Maybe if someone punched you in the pie...

I will just go ahead and say it..

[AnthonywC]

before they start using Windows or Mac.

How about?

[Z00L00K]

Can anyone attacking Linux come up with anything better?

One thing that I think could improve Linux is to utilize more processor privilege levels if the processor supports it to better protect the kernel from crashes due to a bad driver or other code that don't need full privileges.

Re:How about?

[Hognoxious]

They could stop fucking up UIs all the time.

Re:How about?

Linus probably only cares about the command line UI, as all the others are outside his scope.

Re:How about?

Mostly, he just cares about the kernel. Although, there was that incident setting a printer or something.

Re:How about?

CPU privilege levels are stupid. You only need two levels: kernel and "everything else".

There is no reason the network layer has to share memory with the filesystem. There is no reason for a bug in a keyboard driver to be able to pwn the entire system. There is no justification for a segmentation fault in the video driver to be able to bring the entire system down.

But this is exactly what happens in the Linux kernel. Everything in the kernel (and that include modules) shares the same memory space. One bug in a single driver can blow up the entire kernel.

Which is pretty stupid, and no amount of patching and isolation can fix this, because this is a *deliberate* design decision.

The kernel only needs to implement the minimum set of functionality to support the userspace: memory allocation, scheduling and some IPC mechanism.

Everything else - drivers, network layer, filesystems, applications, etc - is implemented as daemons/servers that are effectively isolated from each other and the kernel because they live in separate memory contexts. Their only means of interaction with each other is communication via some IPC mechanism that can have authorization and authentication built right into it. Applications only access what they are allowed to access.

In short, what you want is a micro-kernel.

Re:How about?

[mikael]

The problem in the past was that it required extra context switching between every daemon. Probably programmers would just get around this using shared memory for all the daemons rather than pipes and you are back to square one.

Re: How about?

Microkernels are academic silliness. They only work when you're perched in an ivory tower and can ignore things like performance and energy efficiency without any consequences. Out in the real world it turns out that such things do matter. That's why every microkernel design that's tried in the real world ends up eventually reverting back to a monolithic kernel design over time. A monolithic kernel design is the only one that actually works. If the kernel doesn't become monolithic, then the project dies. See GNU Hurd for an example of this happening.

Re: How about?

The idea was tried plenty of times by very smart people.
You just end up pushing all the hard work into the orchestration of all your "simple" little servers. The performance totally sucks. The price to pay is too high and you just move the complexity into a different place. The best overall solution is a hybrid one with some modularity/protection for the kernel services, but not so far as a complete microkernel.

Re: How about?

[Z00L00K]

The trade-off between security and stability versus performance. The Linux kernel is a performance solution, but considering all the security risks out there these days ranging from script kiddies to obscure hardware with drivers it's probably time to raise the stakes and pay the performance penalty tax.

Re: How about?

Microkernels are an academic solution that never caught on for good reason. If only the food industry was sane and didn't go along with the food guide pyramid, or psychology was sane and didn't go along with transsexualism or whatever the hell academics are calling it. IMO academics should just be killed, letting them get real jobs will just pollute industry with their retard attitudes.

NSA Linux, er, SE-Linux not good enough?

[UnknownSoldier]

/sarcasm I'm shocked, shocked I tell you that SE Linux isn't good enough!

Re:NSA Linux, er, SE-Linux not good enough?

[Z00L00K]

It's good, and may be good enough for many, but the world is changing - and not for the better - when it comes to nasty surprises. Today you need to build multiple shells to protect your information.

Fuck SystemD-ick

And fuck leonart dick fuck what's is name.

Re:Fuck SystemD-ick

CystemDick*

He is sounding more like the US of A

[bogaboga]

Linus, I am afraid, is sounding more like the USA, with its [former] relationship with what became the Taliban, even though the spheres of influence are very far apart. Am I alone?

Re:He is sounding more like the US of A

[CustomBuild]

Linus, I am afraid, is sounding more like the USA, with its [former] relationship with what became the Taliban, even though the spheres of influence are very far apart. Am I alone?

Yes. Yes you are.

The Linux community attacks itself the worst.

The Linux community attacks itself far worse than vague "black-hat hackers", Microsoft, SCO, or any other external force ever could hope to do.

Just look at the immense community disruption that systemd has caused. It's clearly unwanted by a lot of the community, especially the serious users like the developers and administrators who are responsible for running Linux servers and other critical Linux installations. Forcing systemd into Debian tore apart the decades-old community of what was once the most stable, reliable and trusted Linux distro around.

Then there's GNOME 3, which has also caused a huge schism within the Linux community. It's pretty widely disliked, yet is forced on users as the default desktop environment by a number of the major Linux distros. While GNOME 2 eventually got to a point where it was mostly usable, we shouldn't forget that the GNOME project itself was initially founded for ideological reasons, rather than practical reasons, again splitting the community.

It doesn't help that Ubuntu had been dabbling with things like Upstart, Unity and Mir for a long while, again splintering the community.

When harm comes to the Linux community, it's pretty much never some external force that's responsible. It's the Linux community turning on itself in one way or another. It's one set of Linux users attacking some other set of Linux users. The Linux community is its own worst enemy.

Re:The Linux community attacks itself the worst.

[Seven+Spirals]

Agreed. Someone forgot to tell Linus that hacks == cash. Few are going to help out him and Pottering out of goodness of their hearts and devalue their zero-day bug bounties. That's goes 2x now that systemd is a standard. With all the systemd security bugs and crashes, it makes me wonder how much undiscovered zero-day is in the wild already.

Re: The Linux community attacks itself the worst.

We need to stop Linux-on-Linux violence!

Re:The Linux community attacks itself the worst.

[gmack]

The Linux community attacks itself far worse than vague "black-hat hackers", Microsoft, SCO, or any other external force ever could hope to do.

I don't think I've ever seen so much FUD in one post

Just look at the immense community disruption that systemd has caused. It's clearly unwanted by a lot of the community, especially the serious users like the developers and administrators who are responsible for running Linux servers and other critical Linux installations. Forcing systemd into Debian tore apart the decades-old community of what was once the most stable, reliable and trusted Linux distro around.

There would not have been a problem if someone hadn't stared a misinformation campaign a full year after Debian had already had an internal debate, weighed the pros and cons and went with systemd. Yes, there were growing pains, but theve all been pretty much ironed out by now and most people who do this for a living don't actually care. The distros who switched, haven't seen any loss of users because of it and life moves on.

Then there's GNOME 3, which has also caused a huge schism within the Linux community. It's pretty widely disliked, yet is forced on users as the default desktop environment by a number of the major Linux distros. While GNOME 2 eventually got to a point where it was mostly usable, we shouldn't forget that the GNOME project itself was initially founded for ideological reasons, rather than practical reasons, again splitting the community.

Some people disagreed about how things should be done and spent their OWN time on their own project so what's the problem? Some people preferred KDE and some QT.

It doesn't help that Ubuntu had been dabbling with things like Upstart, Unity and Mir for a long while, again splintering the community.

When harm comes to the Linux community, it's pretty much never some external force that's responsible. It's the Linux community turning on itself in one way or another. It's one set of Linux users attacking some other set of Linux users. The Linux community is its own worst enemy.

Most of that is fine.. Forks are actually a strength and not a weakness. People work on what they want work on and in some cases the forks learn from each other or just fade into obscurity and who are we to say what Shuttleworth is to spend his money on? Don't like it, don't use Ubuntu, it's simple.

Re:The Linux community attacks itself the worst.

>There would not have been a problem if someone hadn't stared a misinformation campaign a full year after Debian had already had an internal debate, weighed the pros and cons and went with systemd.

For something this important, both should have been supported for 2-4 years, until a consensus emerged. A one-way valve on change of this size was Just. Plain. Stupid.

Re:The Linux community attacks itself the worst.

It's the Linux community turning on itself in one way or another. It's one set of Linux users attacking some other set of Linux users.

While I don't like what's happened with systemd, I don't consider it "an attack". It's someone with ideas I think aren't helpful, and are going in the wrong direction. But it's certainly not "an attack".

I think your core idea is right though. There seems to be a LOT of competing interests here, and they're often at odds with one another. Ubuntu wanted to try to become a tablet OS. That conflicted with Desktop users. It didn't work. SystemD wants to swallow up everything like the Master Control Program in Tron. I and many others think it's a bad idea.

I think the real solution is to allow people to go their own way, and encourage splits rather than unity. Don't like SystemD in Debian? Fork Debian. The (better) solution is likely to survive.

The beauty of OSS is that people can do this, and come back together again when/if once solution proves better. If both solutions prove good, even better.. there obviously was a valid difference of opinion that served two different competing ideas that solved different problems.

Re:The Linux community attacks itself the worst.

[whh3]

This is absolutely, 100% true, but also slightly different than the forms of attacks to which Linus is referring. I think that the attacks you speak of are incredibly destructive and are self-inflicted. External forces (proprietary vendors or otherwise) do cause great harm to the OS community by attacking its reputation for security. They use examples of attacks perpetrated by blackhats to "prove" that OS cannot/does not work. So, your point is valid and so is Linus'. Thank you!

Re:The Linux community attacks itself the worst.

"Then there's GNOME 3, which has also caused a huge schism within the Linux community. It's pretty widely disliked,"

no it's not. greybeards on old thinkpads don't like it. that's fine, but that's not everyone.

"we shouldn't forget that the GNOME project itself was initially founded for ideological reasons"

those bastards!

Re:The Linux community attacks itself the worst.

[Kjella]

There would not have been a problem if someone hadn't stared a misinformation campaign a full year after Debian had already had an internal debate, weighed the pros and cons and went with systemd. Yes, there were growing pains, but theve all been pretty much ironed out by now and most people who do this for a living don't actually care. The distros who switched, haven't seen any loss of users because of it and life moves on.

Pretty sure that's not correct, I remember quite a few negative opinions before the decision was made that resemble the current criticism. In any case, if you're replacing a very old and familiar system that's not obviously broken with something new then you can be assured that most of the debate and the arguments will be made by the people who want change. Because you get like 20 years of "we want to replace X11" discussion they can't be arsed to follow and then finally, when the switch to Wayland is happening then you get the "OMG you're breaking X and I need it, stop that". A year later would perhaps be around when the first systemd-based distro version would be released, actually breaking things for users?

Re:The Linux community attacks itself the worst.

Your comment proves what the GP is saying. Somebody points out some serious problems affecting GNU/Linux, including how some members of the GNU/Linux community virulently attack other members. So what do you, a member of the GNU/Linux community, turn around and do when confronted with this information? You launch an attack on the person who pointed out the facts, thus proving the GP correct! It's not even a good attack, at that. All you're doing is babbling on about "FUD" and "misinformation campaigns" and "growing pains" and "don't like it, don't use it" and other nonsense like that. The GP is right. The GNU/Linux community really is its own worst enemy. Your comment is a perfect example of it!

Re:The Linux community attacks itself the worst.

[LoonyLonesome]

Just look at the immense community disruption that systemd has caused.

I don't like systemd (like some of the ideas but not how they are implemented), but outside of the Debian vote, I don't think there's been any community distruption other than some heated comments on message boards, and even that has died down due to people being dead tired of the same arguments put against eachother over and over again. All major distros are going with systemd, I believe eventually (perhaps soon if the developers keep screwing up) something better will replace it, meanwhile it is the de facto standard on Linux distros, where is this 'immense disruption' exactly ? When the vast majority choose one direction it's hardly a disruption.

It's pretty widely disliked

Anything with which to substantiate this ? As far as DE's go, Gnome seems to be the most widely liked, default in most distros, most themes.

yet is forced on users as the default desktop environment by a number of the major Linux distros.

Ah, this again. If your distro supply a DE right-out-of-the-box, then someting has to be the default, when it's not YOUR personal choice, it's suddenly 'forced on you'. Come on, either use a distro which doesn't ship with a default DE, or better yet, one which ships with your particular favorite, vote with your feet.

Re: The Linux community attacks itself the worst.

"We need to stop Linux-on-Linux violence!"

Linux Lives Matter

Re:The Linux community attacks itself the worst.

[gmack]

I recall having an absolute panic attack a the thought of Systemd from reading posts here on Slashdot and then going and looking into it myself and discovering it wasn't as bad as it's detractors made it out to be. Also, I think Fedora got to deal with the worst of the teething problems so there was only minor breakage when Systemd hit debian testing. I myself had a 5 minute hang that I eventually tracked down to a configured mount for a drive that I had previously moved. Later versions were more explicit as to what was going on, reducing the confusion and by the time it hit debian stable, it was pretty much rock solid.

Since a part of my day job actually involves tweaking init scripts, I can tell you that it actually made my life easier

Really though, I don't get this thing where people need to call themselves graybeards to emphasise their point. When I started using Linux I had to write my modem dialup script by hand and hand build the modelines in the X config, custom compile my kernel etc. I also used to do a ton of hand compiling packages. Now things have changed and life has gotten easier and I find I don't miss having to do everything the hard way (although I still have about 1% of the systems I maintain running custom kernels and only a few hand compiled packages.

Re:The Linux community attacks itself the worst.

You don't understand the Linux community at all. The community is about hacking and changing things. Sometimes things change for the worst and hopefully, those changes are thrown out. Most things change for the better. You don't like change, stick with Microsoft. Linux is continuing to evolve which comes through experimentation. You don't have to use GNOME 3 because there is XFCE, KDE, and a bunch of others to choose from. You don't like systemd, now you can use Devuan. You do have a choice so stop complaining and do something about it.

Re:The Linux community attacks itself the worst.

I don't think I've ever seen so much FUD in one post

>

Idiots and trolls use the term "FUD", just so you know.

Re:The Linux community attacks itself the worst.

This is also what turns many interested people away from Linux. Toxic neckbeards writing multiple buggy versions of everything because they can't agree on the UI, but united in their disdain for noobs.

Re:The Linux community attacks itself the worst.

[drinkypoo]

There would not have been a problem if someone hadn't stared a misinformation campaign a full year after Debian had already had an internal debate, weighed the pros and cons and went with systemd.

That decision was made without consulting the userbase, which was overwhelmingly against the change. It was the wrong decision for multiple reasons, both technical and political. If the users are clamoring against it, and you do it anyway, you should expect the userbase to leave in droves. Also, literally half the Debian leadership was against the change, and it came down to a tiebreaker. The intelligent thing to do then would have been to table systemd pending addressing of concerns, but that's not what they did because half of them are not that smart.

Re:The Linux community attacks itself the worst.

[gmack]

The user base was not "overwhelmingly against the change". Most users don't care one way or the other and again, most of the noise on the forums were people misrepresenting systemd's design and goals(ex saying that it was designed for the desktop when it was actually solving problems on severs), posting fake or already solved. or taking some forum post out of context.

Proof of all of this is the lack of adoption of Deuvian. If developers were so upset they would contribute to that instead of Debian, but they haven't. Take a look at these stats. What do the top four distros hae in common?. They all run systemd. If users were actually upset, they would switch, but most haven't. Instead we have people trying to hijack every single post about Linux by whining about how their feelings are hurt about systemd being adopted no matter how off topic.

Want to know how the Linux community handles bad ideas? Years ago we had Devfs, people hated it because it wasn't traditional and complained it was badly implemented but in the end, it was adopted with far less discussion than systemd. What did the devs do? They looked, realized that even though the implementation left a lot to be desired it solved some very real wold problems, sat down and created a competing implementation that solved all of the same problems with fewer downsides. Remember bitkeeper? It solved many problems but in the end turned out to be unworkable, did they go back to CVS? NO. Linus himself sat down and started GIT because he couldn't stand the thought of going back to the old way. In the same way, systemd solves very real problems, especially on servers but not just on servers. I'm convinced that if systemd were to be replaced, it would not be a rollback but a redesign of the core systemd functionality, done better.

Re:The Linux community attacks itself the worst.

[gmack]

No matter how many times I proofread....

"posting fake or already solved" should be "posting fake or already solved bug reports (even if the problem was solved months or even years ago)"

Bah.

[gurps_npc]

Poor argument.

Listen to the other side: { joke }

https://www.youtube.com/watch?...

Well let's see. Darkside $$$ Lightside FREE BEER!

It's a tough one, but not even John Cafferty & The Beaver Brown Band would be tempted by free beer! DARK SIDE IT IS!

If only...

There were a group of people dedicated to providing real security to Linux... something more than SELINUX. Maybe something more than a mandatory access control, something that addresses kernel security bugs/weaknesses by making things harder to exploit when... gasp a vulnerability is found. Perhaps a group that did not put out "bullshit... pure garbage." And by pure garbage we mean adhere to OUR Holier than Thall guidelines so that we can completely control everything.

Now I love Linus and what he has done. The man is almost a god in my eyes. However, we all have our faults. If only he could understand that his master trade is not security and that maybe there are some people out there smarter than him in this realm more distros would be hardened. That is not to say they would be completely secure, but hacking linux would be a lot harder.

Honestly, I see this more a long the lines of a PR stunt similar to Microsoft "inviting" Valve to have "conversation" about cross platform support for console and PC. If Linus really felt security in Linux could be better, then he would have a serious conversation with the people already doing the leg work.

Not a chance.

Linux vulnerabilities are gold. More importantly, Linux vulnerabilities are **power**. If you know where to look on the dark net there are multinationals, spy agencies and even entire political dynasties that are willing and able to pay millions for them.

"The concept of absolute security doesn't exist," Torvalds said. "Even if we do a perfect job—and we try to do that—let's be honest, there will always have bugs."

Cha-ching!

Re:Close the holes

yeah..some nice to haves might be:

- better ASLR
- baked in RBAC
- memory clear after free and stack-smashing protections ...for a start anyways.

Join me, and together we can rule the galaxy...

[fustakrakich]

But dad...

SHHH!

But...

SHHH!

...

SHHH! That was a preemptive SHHH...

Linus check yourself before you wreck Linux

[Seven+Spirals]

Pottering is the #1 reason why smart people leave Linux for the "dark side". If Linus wasn't keeping company with GNOME zealots and Windows-coders his argument might make sense. Best I can tell, BSD is a bigger brain drain on Linux than Windows or OSX. Witness the ZFS-on-FreeBSD beating seven shades of snot out of BTRFS as an example.

Sorry Linus but in the face of all the hard feelings over systemd and other Pottering-style stunts the "attacks" are simply a sign that Linux is no longer the cool OS for 37337 H0x0x0rs, white security researchers, or folks with good intentions wanting to help you hack together your franken-OS. They moved to BSD a long long time ago.

Re:Linus check yourself before you wreck Linux

Pottering is the #1 reason why smart people leave Linux for the "dark side"

He's talking about actual criminals, not people who write for a competing operating system. Linus doesn't care if smart people go and write for a different OSS project/OS. It's all fine, and within the OSS eco-system.

Linus is talking about smart people that are real criminals trying to break into Linux systems. The people who find Zero-day exploits and sell them to the NSA, Russia, or Crypt-worm makers. That's "the dark side". It's certainly not FreeBSD.

Re:Linus check yourself before you wreck Linux

[Penguinisto]

They moved to BSD a long long time ago.

According to Mindcraft BSD is supposed to be dead, you prole.

Re: Linus check yourself before you wreck Linux

So name a single kernel developer who moved from Linux to work on BSD due to systemd, just one will do.

Re: Linus check yourself before you wreck Linux

You do realize systemd has nothing to do with the kernel.

Re:Linus check yourself before you wreck Linux

[Z00L00K]

I think it's pretty insightful - systemd is counteracting a lot of the security, stability and determinism that the kernel offers even without SELinux.

With systemd it's next to impossible to figure out what the problem really is and how to get around it.

Re: Linus check yourself before you wreck Linux

And do you realize that BSD isn't just kernel?

Arrogance

Torvalds is an idiot for believing that his way is the only reasonable direction for _anything_ in tech. There is a tremendous amount of software being built outside of the Linux space, perhaps he should try not alienating these people.

Re:Arrogance

fuck those whores!

Re:Arrogance

[Z00L00K]

Torvalds is not being stupid, his goal is to make something that works in a predictable manner supporting as many platforms as possible while maintaining the APIs that are generally known since a long time. This means that a lot of software written as far back as the 70's and 80's works on the Linux platform.

As for new software built outside the *NIX realm - that's a completely different issue and it's not easy to just change the OS to support them while still maintaining the historical compatibility. What you essentially look for is a different OS capable of offering the "tremendous amount" of software that's not *NIX compatible. At this stage then it's also the question of if that software is running under Windows, MVS, OS400 or VMS. It's possible to run some of those through emulators. But do that have a value? For Windows you may want to look at React OS as an alternative.

The 1990s called...

They want their dark side hackers back.

thought control

This makes no sense. Paraphrased, "Smart people don't like what I have, but they would if they thought like me. Poor them. They should change."

It's entirely possible intelligent people have come to their own, independent conclusion in spite of your objections. Describing that as the "dark side" is just ignorant.

People disagree with you ... that's just life.

But Loonix!

My dear Loonix Toreballs, teh loonix is Open Sores and perfect!

Re: Well let's see. Darkside $$$ Lightside FREE B

Right. Bounties for bugs or GTFO.

It's not hard to understand

[boudie2]

A reasonable person could see that what Torvalds is saying is that instead of doing something illegal which could land a person in jail and ruin their life, that using their skills to contribute to the Linux kernel is a preferred option. Looks good on a resume and could result in a well paying job. What could be more sensible or easy to understand?

no thanks

won't be a cheeser

have a nice day signed
  fuck off all operating systems

Hello MR. Pot...

[bobbied]

This is Mr. Kettle...

As bright and capable as you are, you do realize that *some* of this is because of your propensity to throw little fits of temper towards your developers, and your "I am Linux, What I say goes" control of the project. Right? I understand that it is sometimes better to just make a choice and go with it, but any time you act like a dictator, expect folks to get a bit miffed with you. Now when you vent on your volunteers, you are just asking to be seen as a capricious despot who is too full of himself.

I'll be the fist to admit that not all of the naysaying is justified, but you have to admit that at least part of this is a reflection of how you deal with people around you... In short, (and I will paraphrase) "You need to treat others better than you expect them to treat you."

Re: Hello MR. Pot...

You sound like a fucking snowflake. Grow a pair of balls and man the fuck up.

Re:Hello MR. Pot...

Do you have man boobs?

Quit being an asshole

[Khyber]

"Torvalds said he wants to seek out those that would attack Linux and get them to help improve Linux, before they turn to the 'dark side.'"

If you and the majority of your Linux - using brethren weren't such sanctimonious assholes, you might not have so many people that hate Linux and want it to die.

Democracy is messy. Relish software freedom.

[jbn-o]

First off, you're using the word "Linux" as though that were an operating system. Linux is not now and never was an OS, it was and remains an OS kernel. You can't run the software you use as examples if all you have is the Linux kernel. Secondly, democracy is messy. People start projects which other people don't like. But we're all free to start our own projects and include the free software we like. Nobody "forc[ed] systemd into Debian". Debian GNU/Linux decided to include systemd, and for a community that is still going strong you'd never know that Debian had been "tor[n] apart" as you claim.

Contrary to your way of putting it, the initial work behind GNOME was quite practical and, coming from the GNU Project, started in making free software more practical. GNOME was started because the K Desktop Environment (KDE) had nonfree dependencies, notably Qt which used a nonfree license until around mid-1999. Thus KDE was unsuitable for the GNU Project which aims to provide an OS which respects a user's software freedom (to run, share, modify, and distribute). A second project aiming to do roughly the same job as Qt was also started by the GNU Project (a Qt API-compatible project called "Harmony"). Qt ended up being relicensed as free software and GNOME ended up being useful. So we have both KDE and GNOME today. Thus a pragmatic pursuit of software freedom, which you apparently eschew, was quite effective at delivering a modern GUI look-and-feel for users who want that (which, I'm guessing, would be most computer users).

"Splintering the community" is a natural outcome of software freedom just as people use their freedom of speech to express different and sometimes conflicting views. People try to work together to meet their needs but sometimes that just isn't possible. This kind of thing happens in science all the time; people with different ideas on how something works set out to investigate their hypotheses in parallel and sometimes we end up with multiple divergent theories and, over time, some convergence. When it comes to software development we should celebrate, not minimize or disdain the software freedom to express ourselves in such a way.

Re:Democracy is messy. Relish software freedom.

[drinkypoo]

we end up with multiple divergent theories and, over time, some convergence. When it comes to software development we should celebrate, not minimize or disdain the software freedom to express ourselves in such a way.

Yes, this is why systemd is shit. You have to take it as a lump, it's not modular in practice like Unix software is supposed to be, nor is it interoperable like Unix software is supposed to be.

Im not racist butt ..... Black Indian Liars

Its the black indian liars that try to destroy anything, not just linux and his penis. We know its only 3 inches but does he? Anyway Black Indian Liars are Liars anyway and they just lie like Black Indian Liars.

Many reasons

... they turn to the 'dark side'.

There's a number of reasons for that:
- They want to watch the world, or one computer system, "burn"
- They think it's cheaper/easier than honest work
- They didn't get the rewards they deserved, or think they deserved
- They de-valued the status and normality provided by honest work

Too late ...

OpenBSD got them

FUCK YOU, PAY ME

[zachriggle]

As a long-standing member of the computer security industry, having done vulnerability research my entire career [0], there's exactly two sentiments in the industry:

1.) This is cool! I'll do this in my free time, it's fun!
2.) Fuck you, pay me.

The problem with #1 is that as soon as you hit any real resistance, it stops being fun. Have you tried landing a patch at GNU.org or in the upstream kernel? Biggest pain in the rear, ever.

The current state of affairs is that you can remain a White Hat and report vulnerabilities to Google in any open source software [1] or even Android specifically [2] and earn TENS OF THOUSANDS OF DOLLARS PER BUG. You can find even more companies / projects to assist through BugCrowd or HackerOne.

Alternately, if you don't mind your bugs being sold to any number of nation states, just take your research to Apple iOS, and either Exodus [3] or VUPEN-nee-Zerodium will pay you A MOTHER FUCKING MILLION DOLLARS [4] for the right bugs.

All of this whining is coming from the same open-source community leader (Torvalds) that has publicly shunned GRSecurity [5] one of the groups that has been trying to help for 20 years, and has stated that infosec industry members should "Please just kill yourself now. The world would be a better place." [6]

So to you, Mr. Torvalds, I say:

FUCK YOU, PAY ME.

[0]: https://www.linkedin.com/in/za...
[1]: https://www.google.com/about/a...
[2]: https://www.google.com/about/a...
[3]: https://rsp.exodusintel.com/
[4]: https://zerodium.com/program.h...
[5]: https://lkml.org/lkml/2017/6/2...
[6]: https://web.archive.org/web/20...

Re:FUCK YOU, PAY ME

Pretty please?

Re:FUCK YOU, PAY ME

[Z00L00K]

Ever considered that Torvalds has had a share of less favorable interactions with "security researchers" that has ended really sour?

If he really had problems with all security researchers then we wouldn't have had SE-Linux. So I have a hard time finding your opinion entirely serious.

Re:FUCK YOU, PAY ME

SE-Linux exists in spite of Torvalds being a world class asshole and dipshit.

Re:FUCK YOU, PAY ME

[drinkypoo]

All of this whining is coming from the same open-source community leader (Torvalds) that has publicly shunned GRSecurity

Do you mean this grsecurity? Anyway, your characterization is total bullshit. Torvalds is willing to accept grsecurity features piecemeal, but not willing to accept grsecurity as a monolithic patch. The grsecurity team cries about how that's not feasible because they've been developing grsecurity in their free time, but the real problem is that they were developing it in a vacuum. They failed to take the linux kernel project seriously, and now they want people to take grsecurity seriously. They're arrogant, hypocritical fucks who, by the way, are also shit at documentation. If they wanted to enhance Linux security, what they should have done was write decent tools for selinux. That's what it's missing.

Re: FUCK YOU, PAY ME

He asked those who think you need the root password to add a printer to kill themselves, it's harsh but it's a criticism of that way of thinking, what you say is absolutely out of context.

I think ...

[PPH]

... Google has a patent on The Dark Side.

Linux is the dark side

Linux owns the server space, and phones. It's one of the big three operating systems. Real die hard geeks use something else like *BSD, haiku, react os, etc. A real hobbyist system. Linux is not that and hasn't been for over a decade.

Linux can't get better until Linus stands up to Redhat and Pottering.

seriously

This. So much this.

"All of this whining is coming from the same open-source community leader (Torvalds) that has publicly shunned GRSecurity [5] one of the groups that has been trying to help for 20 years, and has stated that infosec industry members should "Please just kill yourself now. The world would be a better place." [6]"

I came here to point this out, but you did it so succinctly. I want to thank you. It is less about the money really in my opinion and more about Torvalds shunning security researchers in the strongest possible terms. There are plenty of researchers willing to help, if he didn't reach down grab and throw shit from his own ass in their face like a filthy animal.

Wishful thinking

As if the security crowd was sociable and likely to follow.

Maybe Linus should stop being a dick?

Just saying, when you treat people like crap, they might form a grudge.

Linux ecosystem is becoming *a* darkside...

Most of the complaints that got many of us to migrate to Linux back in the 90s are happening with the linux distros of today.

Whether unwanted features, intentional dropping of backwards compatibility (even as newer more half baked features with both more known bugs as well as more attack surface are being added in with a 'will fix in the future' comment liberally applied), and major fundamental filesystem changes (whether forcing /usr to be on the root drive, changes moving configuration files from /etc to /var/lib or /usr/share), etc.

The modern linux ecosystem, even as it becomes more compatible with mainstream software, is not somewhere I want others, especially those naive users of windows, becoming entrenched, leading to even further lowest common denominator catering, as well as more corporate lockin, whether tied by distro, or by 'must have' software project, leading to software that can only be installed on blessed distros/desktops, as is already happening today.