The ups and downs of life with Linus (LINUX)

ZDNet UK ^ | 3/1/2005 | Ingrid Marson in Brussels

[GeorgiaFreeper]

-----snip-------

"Linus is a good developer, but is a terrible engineer," said Cox. "I'm sure he would agree with that."

-----snip-------

Cox said that Torvalds does not always let people know when he has fixed a security bug in the kernel. This can be a problem as the patch will take a while to make it to production, which means that hackers can exploit the vulnerability before it is made available to individuals and enterprises running Linux.

"Linus has this bad habit of fixing security holes quietly," said Cox. "This is a bad idea as some people read all the kernel patches to find the security holes."

[GeorgiaFreeper]

After reading this news article (written from quotes of Linux kernel maintainer Alan Cox), a person could come to the concusion that Linux may not be much safer than Microsoft's operating systems. Instead the vulnerabilities are quietly corrected. Because of the relatively small installed base and loyal following, the bugs are less likely to be trumpeted in the news.

From Cox's quotes, the Linux maintainers do not appear to divulge security issues unless they are brought up publicly. I would point out that Microsoft is regularly criticized by the open source fanboys for their lack of candor. I am interested to see the reaction to the "father" of linux maintaining the same practices.

[GeorgiaFreeper]

Can you ping the usual participants in the Linux vs Microsoft discussions?

[E. Pluribus Unum]

If you think Linux is less secure, you definitely should not use it.

Is it okay with you if I do, though?

[GeorgiaFreeper]

Is it okay with you if I do, though?

Do you have the right? Sure ...

Should you? No.

By supporting Linux, I think you are contributing to a trend that will damage the US economy in the long run. Just my opinion.

BTW is Alan Cox now a Microsoft knee-padder since he criticized Linus?

[ShadowAce]

Linux Ping!

[Ernest_at_the_Beach]

By supporting Linux, I think you are contributing to a trend that will damage the US economy in the long run. Just my opinion.

I think I have heard this theme song before.

[GeorgiaFreeper]

Also there is the all so popular patent issue: http://www.freerepublic.com/focus/f-news/1354375/posts.

[Golden Eagle]

I would point out that Microsoft is regularly criticized by the open source fanboys for their lack of candor. I am interested to see the reaction to the "father" of linux maintaining the same practices.

I sincerely hope you're not actually expecting them to admit any fault with their "communal" processes. More likely their response will be limited to the usual finger pointing attacks against American software businesses, instead.

[GeorgiaFreeper]

I am expecting the ad hominem attacks as well. Shouldn't be long now...

[Tribune7]

BTW is Alan Cox now a Microsoft knee-padder since he criticized Linus?

He was speaking at the Free and Open source Software Developers European Meeting and I really didn't see a lot of criticism. He sounded like he was describing the insides of Linux maintenance.

Anyway, an open discussion of problems to improve the product is good. FUD to discourage use of product, OTOH, is bad.

[ShadowAce]

I sincerely hope you're not actually expecting them to admit any fault with their "communal" processes.

Well, I have not actually read the article, but if the excerpts are correct, and they're pulling this kind of crap, it needs to stop.

Security through obscurity does not work.

[GeorgiaFreeper]

The first line of the article:

He may be the saint of the Linux community, but it sounds like Linus Torvalds - with his secret security fixes - could still be a challenge to work with

[Dataman]

By supporting Linux, I think you are contributing to a trend that will damage the US economy in the long run.

Oh, yes- competition is bad. Just ask Gates.

Microsoft does stupid things like announce it is working on a patch for a specified vulnerability. In the meantime, all the roaches are alerted to the weakness.

[N3WBI3]

Because of the relatively small installed base and loyal following, the bugs are less likely to be trumpeted in the news.

Linux is the second most used server operating system in the world. So how exactly is its market share small?

From Cox's quotes, the Linux maintainers do not appear to divulge security issues unless they are brought up publicly. I would point out that Microsoft is regularly criticized by the open source fanboys for their lack of candor.

I would like to see an example rather than a 'sometimes'. Show me when a fix went in to the kernel tree and was not made public when it was found. I would also like to point out that in addition to making a regular practice of not informing OS users of bugs MS goes the extra mile by pressuring security firms not to tell people.

If you can present an example, not just someone who says sometimes I will be quick to slam Linus for this. It should be noted that many distros like Redhat release their own kernel (they do not fork, but they do enhance the public kernel in their distro).

[Golden Eagle]

Security through obscurity does not work.

Actually, it does, when actually used properly. It's the exact method the US government uses to keep critical documents protected, by making them "classified" to certain need to know levels. Perhaps you've heard of this term, before? Got a better way, instead?

[Golden Eagle]

Microsoft does stupid things like...

Yep, 13 posts in, and here they come.

[E. Pluribus Unum]

By supporting Linux, I think you are contributing to a trend that will damage the US economy in the long run. Just my opinion.

Commies, right?

Thanks for revealing your true agenda.

[ThinkDifferent]

By supporting Linux, I think you are contributing to a trend that will damage the US economy in the long run.

Yes, and the light bulb was bad for the economy because it put candle makers out of business.

[ShadowAce]

The problem with that analogy is that not everyone has those (classified) documents, encrypted, within their possession. Everyone does have a copy of Windows (or whatever you choose) within their possession. That allows the more motivated black hats to hack away at it in the privacy of their own home. They can then release a virus/trojan/worm/whatever onto an unsuspecting public--who also has the exact same codebase.

You want MS to implement the same type of security? Pull every copy of Windows on the market and not let anyone touch it for any purpose.

With an OS, that is basically a commodity, security is more likened to law. The best way to keep everyone safe, is to allow everyone access to it.

[Golden Eagle]

Yes, and the light bulb was bad for the economy because it put candle makers out of business.

Extremely poor analogy. US companies didn't have a lock on the candle business when light bulbs arrived.