Re:Fixing fundamental design mistakes?
on
Linus Interviewed
·
· Score: 4, Insightful
Maybe Linus is saying that as viruses start attacking Linux, he's willing to radically rethink
Correct at that point. It's not just permissions or any other one thing. When you have to react you try to get at the root of the problem as much as possible.
One advantage of Unix is that it is inherently multi-user. If it's just me on the computer, why should I be limited to just one identity? Seems I should be able to run a browser under its own identity and if it catches viruses and whatever, all it can mess up is itself. Adds a wee bit of a hassle in that I have an extra step anytime I want to lift something out of the browser, but has the distinct advantage that I'm in control, not the browser.
When Linux gets attacked, you get responses from several levels. You do not have to wait for official patches. If the official sources are still asleep you'll find something at least marginally effective on Slashdot. Some of the early stuff may do more damage than good, but in the heat of battle you are considerably better off if you can choose your own optimum in the space between "must do something now" and "best to wait for the official patch". The situation may resemble the Keystone Kops, but it is effective and there is a high probability that at the end something does actually get fixed instead of some kinda-sorta workaround.
Some folks still think that *nix is inherently virus proof Technically, *nix is vulnerable, but there will be enough response and effective enough response that the malware won't get much of anywhere. A simple count of vulnerabilities is a poor indicator of the success of exploiting those vulnerabilities.
It's not the DEFAULT, it's the fall-through. This is one case where the lack of goto's is harmful.
The body is
yada_yada += 1;
nader += 1;
kerry += 1;
bush += 1;
The cases just determing where the stream is joined. Anytime nader gets a vote, kerry and bush also get a vote. Anytime kerry gets a vote, bush gets a vote.
None of the above will fail to register, with or without a DEFAULT.
Well, since it's a SERVER, it is likely running as a service with all the rights of the admin who installed it...which means it can do whatever it wants.
Maybe that's why apache started running as nobody. But seriously, the scope of what a server should be accessing and doing tends to be pretty limited. There should be tendency to for a service to artificially limit what it can do, to limit the effects of any bugs if nothing else. A server really should have much more restricted rights than an ordinary user.
Over and above any actual vulnerabilities, the ideas as to the scope of what a server should be allowed to do, has an extreme influence on the effective security. This is a composite of many small forces, not any single "magic bullet". Probably related to why Linux vulnerabilities never seem to amount to much.
And here the answer might be sadly "no" because anything that is smaller is inevitably easier to scratch, as any given scratch is relatively larger.
Relative tolerances are a bit misleading in that the tolerances for very large rotating machinery have to be tighter in absolute terms than for their more reasonably sized kin. If you scale an ant to the size of an elephant, you don't get a super-strong ant, you get something that can't support its own dead weight.
The main advantage of the smaller drives is that it should soon be feasible to increase the rotation speed again. Remember when drives were physically huge and always 3600 RPM?
I've spent the last five years having to apologize to my users for some of the screwy, quirky things that Windows does.
Always blame Microsoft. It's not your fault. It's not my fault. It's Microsoft's fault.
Just watch it try to "walk and chew gum" at the same time. Actually rather funny sometimes. One more thing. When it starts acting goofey, kill the power. Do not log off. Do not do a "safe" shutdown. Unplug it. Remove the battery. Do not let it write its scrambled brains back to the hard disk. That scramble wants to live. Kill it.
Come on, MontaVista, don't try to cock things up for the rest of Linux just because you're too lazy to patch the kernel yourself.
Errr, maybe I'm missing something, but that would seem to be exactly what they have been doing.
What is interesting is to view this phenomenon, and it can hardly be unique, in light of attempts to place a value on the Linux kernel and Darl McBride warning companies that they must protect their intellectual property or risk being 'sacked by open source-touting bandits.
I haven't dug any details, but this much is obvious from the surface. MontaVisa has invested some large amount (time and resources) into some "Intellectual Property". They want to "donate" this "Intellectual Property" to the main-line kernel and Linus is far from falling all over himself to accetpt it. This says something about the effective market value of Darl McBride's "Intellectual Property". Playing dog-in-the-manger with a bit of "Intellectual Property" really gives that "Intellectual Property" a negative net value. Figuring a replacement cost for Linux is difficult in that buying the best on the market is not enough to buy some of the stuff that goes in. I assume that eventually this, or something similar or better will eventually go into the main line, but whatever does go in will occasionally be of a better calibre than could be obtained on the open market. Don't confuse free with cheap.
"We have 1,000 machines running Linux. Our infrastructure is priceless!"
You have 1,000 machines running Linux. I have 1,000 machines running Linux. (I wish) There is no reason to assume that the value (or the cost) of your 1,000 machines is the same as mine.
Business property is generally valued at (depreciated) acquisition cost which does not necessarily have any relation to a fair market value (although there is incentive to revalue or dispose of anything booked substantially above current fair market value).
What a company is actually worth is not the same as the sum of the "actual monetary values for all of your business property".
that tells me it's actually pretty damn good at retaining information.
Assuming Google actually knows what they're doing, and that seems highly likely, it will take more than one simultaneous disaster for them to lose information. At all times, all the information exists in more than one form in more than one place. A bit of heads-up and redundancy and it is impossible for a single failure to wipe out everything. Whereas a bone-headed operator and a sophisticated backup system and a single indication of failure does give fairly good odds for wiping out everything.
That is why Google should stop being the poster boy for "look what you can do w/ Linux and lots of cheap hardware"
Why? It is precisely the openness of Linux that allows them to tweak/mutilate/whatever the system so that their Linux serves Google's purposes rather than Google serves Linux's purposes.
Google itself is ultra reliable so long as most everything is working kinda sorta well. Something breaks and Google just researches the web, which it was going to do anyway. Google can function perfectly well with lots of its components broken. Almost nobody else can.
SQL syntax is far too wordy that it really hurts usability.
Tradeoffs. Using syntax as a replacement for wordiness. Win some lose some. It's pretty rare that anything dominates. Even if the main body stays the same, the boundaries, the edges, the places where bugs like to hide, are different. Not necessarily better or worse. Different.
An advantage of wordy languages like SQL and COBOL is that someone unfamiliar with the language and the application can look and easily get some idea as to what is going on. This is not just managers. It includes programmers who have to do something with it a few years later. This even includes the same programmer coming back to it a few years later.
The advantage of syntax is that in addition to being shorter, the edges tend to be better defined allowing for more complex expressions being feasible. The problem with using syntax is that it really has to be better defined to just break even. This isn't just defining some of it, you really need all of it, which means playing around with abstractions rather deeper and more fundamental than you would at first expect.
default behaviour of hiding file extensions, it really helps those people who are trying to disguise stuff.
In general, anything sneaking around pretending to be something other than what it is, is up to no good. That rule was good for detecting malware five years ago and it will be good for detecting malware five years hence.
I mean really, it's a security hazard for a large amount of PC owners and/or users, and if they think that their Security Center is a step in the right direction
Right. And security is a perimeter-type thingee. Security Center and blinded guards is a good way to ensure the lack of any effective security.
Linux: bash:./foo: Permission denied Windows: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.
Linux: ls: Anytime I see file sizes or dates, I see the owner and group and the permissions for owner, group, and world. Windows: While it is possible to set and view the permissions, it's not something to be undertaken lightly with a few thousand files.
The defaults, to a very large extent, do determine what will be done. If turning off the executable attribute for one file is a big deal, how much trouble is it worth to turn off the executable attribute for all the files on a Windows system that should not be executable?
???? You are telling me you would rather stack shelves than have the opportunity to use your brain at least once in a while and get some decent pay?
I'd say he has plenty of opportunity, primarily because there isn't so much need to use so much to try to stay afloat. Something that requires more brain than you have just to stay even doesn't leave much opportunity to use it for anything else.
Actually screen savers are one of the primary reasons we are running Linux on our servers. Now everybody knows you don't run screen savers on servers. but bring up a nice desktop as an ordinary user and let the screen saver kick in. Now telnet in and see how responsive the system is. Hit the mouse on the server and the screen saver is gone before the mouse stops moving. With a heavy load, the scheduler seems to ensure that the screen saver doesn't suffer too much. All of which is highly desirable in anything where several things are going on at the same time.
But here's a fundmental fact that nobody understands- it's open-source to every employee working under windows in Microsoft. [Emphasis added]
Under Windows. Interesting choice of preposition. Some of those countries have a bit of appreciation for what it means to be under some regime.
If Microsoft is at all concerned with its "Intellectual Property", I cannot image that the source, all of it, is always available to all employees all the time.
It's hardly incredible that, in cooperation with some three-letter agency, there are some built-in back doors which are known only to a select few.
Mathematics is the art of knowing and doing as much as possible while assuming as little as possible. The ultimate is to know everything and be able to do everything with nothing to support you, which is of course impossible.
Magic is the art of providing plausible explanations of phenomena which have no actual relationship between "cause" and "effect". Magic can be demonstrated and proven. Internet down? Get a rain-dancer to do something for an appropriate period of time and the internet will come back up. Like good comedy, timing matters.
Science is how things work, stretching into why things work. Science differs from magic in that there is supposed to be some actual relationship between cause and effect. It is expected that this relationship be repeatable and predictive.
Engineering is how to make things work, based mostly on science but with a bit of magic here and there. Engineers tend to be aware of the limits of the scope of their knowledge. Engineers use fudge-factors and safety margins to compensate for lack of complete knowledge. The products of engineers will be tested, in the real world, where everything they don't know will affect the results.
All of these are defined internally rather than externally. The critical distinctions exist within and are not really comprehendable to outsiders. Physics is what physicists do. Physicists are the people who do physics.
All of these are ways to cope with a universe that is rather bigger than we are.
Assuming that they are fair to mediocre players and that their scores do not and will never matter, and they are comfortable with having their scores purged, and they do nothing to "help their buddies" or "hurt their enemies", I don't see anything that unethical about it. A lot depends on the target and any perceptions of conflict of interest. Even getting nosy about academic records is most likely taboo.
Mathematics includes testable statements. True. One counterexample constitutes a disproof. However, passing a test means almost nothing in mathematics whereas it is essentially the basis of validity for most of science.
Untestable ones are at the edge of metaphysics Axiom of choice. Euclids fifth postulate. Yep, the foundations of mathematics are at the edge of metaphysics.
Slashdot Mirror
Maybe Linus is saying that as viruses start attacking Linux, he's willing to radically rethink
Correct at that point. It's not just permissions or any other one thing. When you have to react you try to get at the root of the problem as much as possible.
One advantage of Unix is that it is inherently multi-user. If it's just me on the computer, why should I be limited to just one identity? Seems I should be able to run a browser under its own identity and if it catches viruses and whatever, all it can mess up is itself. Adds a wee bit of a hassle in that I have an extra step anytime I want to lift something out of the browser, but has the distinct advantage that I'm in control, not the browser.
When Linux gets attacked, you get responses from several levels. You do not have to wait for official patches. If the official sources are still asleep you'll find something at least marginally effective on Slashdot. Some of the early stuff may do more damage than good, but in the heat of battle you are considerably better off if you can choose your own optimum in the space between "must do something now" and "best to wait for the official patch". The situation may resemble the Keystone Kops, but it is effective and there is a high probability that at the end something does actually get fixed instead of some kinda-sorta workaround.
Some folks still think that *nix is inherently virus proof
Technically, *nix is vulnerable, but there will be enough response and effective enough response that the malware won't get much of anywhere. A simple count of vulnerabilities is a poor indicator of the success of exploiting those vulnerabilities.
It's not the DEFAULT, it's the fall-through.
This is one case where the lack of goto's is harmful.
The body is
yada_yada += 1;
nader += 1;
kerry += 1;
bush += 1;
The cases just determing where the stream is joined.
Anytime nader gets a vote, kerry and bush also get a vote.
Anytime kerry gets a vote, bush gets a vote.
None of the above will fail to register, with or without a DEFAULT.
Well, since it's a SERVER, it is likely running as a service with all the rights of the admin who installed it...which means it can do whatever it wants.
Maybe that's why apache started running as nobody.
But seriously, the scope of what a server should be accessing and doing tends to be pretty limited. There should be tendency to for a service to artificially limit what it can do, to limit the effects of any bugs if nothing else. A server really should have much more restricted rights than an ordinary user.
Over and above any actual vulnerabilities, the ideas as to the scope of what a server should be allowed to do, has an extreme influence on the effective security. This is a composite of many small forces, not any single "magic bullet". Probably related to why Linux vulnerabilities never seem to amount to much.
And here the answer might be sadly "no" because anything that is smaller is inevitably easier to scratch, as any given scratch is relatively larger.
Relative tolerances are a bit misleading in that the tolerances for very large rotating machinery have to be tighter in absolute terms than for their more reasonably sized kin. If you scale an ant to the size of an elephant, you don't get a super-strong ant, you get something that can't support its own dead weight.
The main advantage of the smaller drives is that it should soon be feasible to increase the rotation speed again. Remember when drives were physically huge and always 3600 RPM?
I've spent the last five years having to apologize to my users for some of the screwy, quirky things that Windows does.
Always blame Microsoft.
It's not your fault.
It's not my fault.
It's Microsoft's fault.
Just watch it try to "walk and chew gum" at the same time. Actually rather funny sometimes.
One more thing. When it starts acting goofey, kill the power.
Do not log off. Do not do a "safe" shutdown.
Unplug it. Remove the battery. Do not let it write its scrambled brains back to the hard disk. That scramble wants to live. Kill it.
"taking a sledgehammer to your computer is a Unix vulnerability."
Yep, Unix is vulnerable. It's all a matter of degree of what it takes to smash it. Vulnerability is not a yes-no thingee. It's all a matter of degree.
Come on, MontaVista, don't try to cock things up for the rest of Linux just because you're too lazy to patch the kernel yourself.
Errr, maybe I'm missing something, but that would seem to be exactly what they have been doing.
What is interesting is to view this phenomenon, and it can hardly be unique, in light of attempts to place a value on the Linux kernel and Darl McBride warning companies that they must protect their intellectual property or risk being 'sacked by open source-touting bandits.
I haven't dug any details, but this much is obvious from the surface. MontaVisa has invested some large amount (time and resources) into some "Intellectual Property". They want to "donate" this "Intellectual Property" to the main-line kernel and Linus is far from falling all over himself to accetpt it. This says something about the effective market value of Darl McBride's "Intellectual Property". Playing dog-in-the-manger with a bit of "Intellectual Property" really gives that "Intellectual Property" a negative net value. Figuring a replacement cost for Linux is difficult in that buying the best on the market is not enough to buy some of the stuff that goes in. I assume that eventually this, or something similar or better will eventually go into the main line, but whatever does go in will occasionally be of a better calibre than could be obtained on the open market. Don't confuse free with cheap.
"We have 1,000 machines running Linux. Our infrastructure is priceless!"
You have 1,000 machines running Linux.
I have 1,000 machines running Linux. (I wish)
There is no reason to assume that the value (or the cost) of your 1,000 machines is the same as mine.
Business property is generally valued at (depreciated) acquisition cost which does not necessarily have any relation to a fair market value (although there is incentive to revalue or dispose of anything booked substantially above current fair market value).
What a company is actually worth is not the same as the sum of the "actual monetary values for all of your business property".
that tells me it's actually pretty damn good at retaining information.
Assuming Google actually knows what they're doing, and that seems highly likely, it will take more than one simultaneous disaster for them to lose information. At all times, all the information exists in more than one form in more than one place. A bit of heads-up and redundancy and it is impossible for a single failure to wipe out everything. Whereas a bone-headed operator and a sophisticated backup system and a single indication of failure does give fairly good odds for wiping out everything.
That is why Google should stop being the poster boy for "look what you can do w/ Linux and lots of cheap hardware"
Why? It is precisely the openness of Linux that allows them to tweak/mutilate/whatever the system so that their Linux serves Google's purposes rather than Google serves Linux's purposes.
Google is a completely different animal.
Google itself is ultra reliable so long as most everything is working kinda sorta well. Something breaks and Google just researches the web, which it was going to do anyway. Google can function perfectly well with lots of its components broken. Almost nobody else can.
SQL syntax is far too wordy that it really hurts usability.
Tradeoffs. Using syntax as a replacement for wordiness.
Win some lose some. It's pretty rare that anything dominates.
Even if the main body stays the same, the boundaries, the edges, the places where bugs like to hide, are different. Not necessarily better or worse. Different.
An advantage of wordy languages like SQL and COBOL is that someone unfamiliar with the language and the application can look and easily get some idea as to what is going on. This is not just managers. It includes programmers who have to do something with it a few years later. This even includes the same programmer coming back to it a few years later.
The advantage of syntax is that in addition to being shorter, the edges tend to be better defined allowing for more complex expressions being feasible. The problem with using syntax is that it really has to be better defined to just break even. This isn't just defining some of it, you really need all of it, which means playing around with abstractions rather deeper and more fundamental than you would at first expect.
default behaviour of hiding file extensions, it really helps those people who are trying to disguise stuff.
In general, anything sneaking around pretending to be something other than what it is, is up to no good. That rule was good for detecting malware five years ago and it will be good for detecting malware five years hence.
I mean really, it's a security hazard for a large amount of PC owners and/or users, and if they think that their Security Center is a step in the right direction
Right. And security is a perimeter-type thingee. Security Center and blinded guards is a good way to ensure the lack of any effective security.
The hard part is determining exactly what files you need which permissions for.
Right.
And even worse is determining exactly what files need to have their permissions changed from what they currently are.
Linux: bash: ./foo: Permission denied
Windows: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.
Linux: ls: Anytime I see file sizes or dates, I see the owner and group and the permissions for owner, group, and world.
Windows: While it is possible to set and view the permissions, it's not something to be undertaken lightly with a few thousand files.
The defaults, to a very large extent, do determine what will be done.
If turning off the executable attribute for one file is a big deal, how much trouble is it worth to turn off the executable attribute for all the files on a Windows system that should not be executable?
???? You are telling me you would rather stack shelves than have the opportunity to use your brain at least once in a while and get some decent pay?
I'd say he has plenty of opportunity, primarily because there isn't so much need to use so much to try to stay afloat.
Something that requires more brain than you have just to stay even doesn't leave much opportunity to use it for anything else.
Computers really make lousy masters.
So, careers involving handling sewage, manure or garbage are actually BETTER than being an IT manager?
Well, yes. People actually believe you when you tell them what you handle.
Actually screen savers are one of the primary reasons we are running Linux on our servers. Now everybody knows you don't run screen savers on servers. but bring up a nice desktop as an ordinary user and let the screen saver kick in. Now telnet in and see how responsive the system is. Hit the mouse on the server and the screen saver is gone before the mouse stops moving. With a heavy load, the scheduler seems to ensure that the screen saver doesn't suffer too much. All of which is highly desirable in anything where several things are going on at the same time.
But here's a fundmental fact that nobody understands- it's open-source to every employee working under windows in Microsoft. [Emphasis added]
Under Windows. Interesting choice of preposition. Some of those countries have a bit of appreciation for what it means to be under some regime.
If Microsoft is at all concerned with its "Intellectual Property", I cannot image that the source, all of it, is always available to all employees all the time.
It's hardly incredible that, in cooperation with some three-letter agency, there are some built-in back doors which are known only to a select few.
To the extent that the chances of survival are much greater inside a group than outside alone, exile was pretty much a sentence of death.
Mathematics is the art of knowing and doing as much as possible while assuming as little as possible. The ultimate is to know everything and be able to do everything with nothing to support you, which is of course impossible.
Magic is the art of providing plausible explanations of phenomena which have no actual relationship between "cause" and "effect". Magic can be demonstrated and proven. Internet down? Get a rain-dancer to do something for an appropriate period of time and the internet will come back up. Like good comedy, timing matters.
Science is how things work, stretching into why things work. Science differs from magic in that there is supposed to be some actual relationship between cause and effect. It is expected that this relationship be repeatable and predictive.
Engineering is how to make things work, based mostly on science but with a bit of magic here and there. Engineers tend to be aware of the limits of the scope of their knowledge. Engineers use fudge-factors and safety margins to compensate for lack of complete knowledge. The products of engineers will be tested, in the real world, where everything they don't know will affect the results.
All of these are defined internally rather than externally. The critical distinctions exist within and are not really comprehendable to outsiders.
Physics is what physicists do. Physicists are the people who do physics.
All of these are ways to cope with a universe that is rather bigger than we are.
Assuming that they are fair to mediocre players and that their scores do not and will never matter, and they are comfortable with having their scores purged, and they do nothing to "help their buddies" or "hurt their enemies", I don't see anything that unethical about it.
A lot depends on the target and any perceptions of conflict of interest. Even getting nosy about academic records is most likely taboo.
Mathematics includes testable statements.
True. One counterexample constitutes a disproof.
However, passing a test means almost nothing in mathematics whereas it is essentially the basis of validity for most of science.
Untestable ones are at the edge of metaphysics
Axiom of choice.
Euclids fifth postulate.
Yep, the foundations of mathematics are at the edge of metaphysics.
That's where that "testable" characteristic comes in.
...
Testable:
"All numbers are less than one million."
One is less than one million, Two is less than one million. Three is less than one million.
Testing and crude aproximations are far from useless. They are also far from being mathematics.
First fire the arrow.
Then paint the target.