The article seems to be very vague.
Firstly there are flaws.
Linux is not an operating system which Linus named after himself, as the
article suggests.
Secondly, they have not given any mention to the fact that security not
= openness of code, but security = transparency which comes with the
open code and the digital freedom to modify and redistribute your
modifications.
So if a security bug is discovered, it can be fixed rappidly.
The major contention which I believe makes the article crap however is
in the next fact I am pointing out.
There was no mention of any example in the kernel where security flaw
has been seriously ignored by the man himself or his circle of
contributers nor any link has been given to point to such an issue
discussed elsewhere.
So the research is not complete.
Happy hacking.
Krishnakant.
On Wednesday 11 November 2015 07:03 PM, Guru wrote:
How authentic/realistic is this article?
Guru
IT for Change
Net of Insecurity: The kernel of the argument Fast, flexible and free,
Linux is taking over the online world. But there is growing unease
about security weaknesses.
By Craig Timberg
Nov 5 2015
<http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/>
It took years for the Internet to reach its first 100 computers. Today,
100 new ones join each second. And running deep within the silicon
souls of most of these machines is the work of a technical wizard of
remarkable power, a man described as a genius and a bully, a spiritual
leader and a benevolent dictator.
Linus Torvalds — who in person could be mistaken for just another
paunchy, middle-aged suburban dad who happens to have a curiously
large collection of stuffed penguin dolls — looms over the future of
computing much as Bill Gates and the late Steve Jobs loom over its
past and present. For Linux, the operating system that Torvalds
created and named after himself, has come to dominate the exploding
online world, making it more popular overall than rivals from
Microsoft and Apple.
But while Linux is fast, flexible and free, a growing chorus of
critics warn that it has security weaknesses that could be fixed but
haven’t been. Worse, as Internet security has surged as a subject of
international concern, Torvalds has engaged in an occasionally profane
standoff with experts on the subject. One group he has dismissed as
“masturbating monkeys.” In blasting the security features produced by
another group, he said in a public post, “Please just kill yourself now.
The world would be a better place.”
There are legitimate philosophical differences amid the harsh words.
Linux has thrived in part because of Torvalds’s relentless focus on
performance and reliability, both of which could suffer if more
security features were added. Linux works on almost any chip in the
world and is famously stable as it manages the demands of many
programs at once, allowing computers to hum along for years at a time
without rebooting.
Yet even among Linux’s many fans there is growing unease about
vulnerabilities in the operating system’s most basic, foundational
elements — housed in something called “the kernel,” which Torvalds has
personally managed since its creation in 1991. Even more so, there is
concern that Torvalds’s approach to security is too passive, bordering
on indifferent.
“Linus doesn’t take security seriously; it’s yet another concern in
his mind, and he’s surrounded himself with people who share those views,”
said Daniel Micay, a Toronto-based security researcher whose company,
Copperhead, is developing a hardened version of the Android mobile
operating system, which is based on Linux. “There are a lot of kernel
developers who do really care about security, but they’re not the ones
making the calls.”
The rift between Torvalds and security experts is a particular source
of worry for those who see Linux becoming the dominant operating
system at a time when technology is blurring the borders between the
online and offline worlds. Much as Windows long was the standard for
personal computers, Linux runs on most of the Internet’s servers. It
also operates on medical equipment, sensitive databases and computers
on many kinds of vehicles, including tiny drones and warships.
“If you don’t treat security like a religious fanatic, you are going
to be hurt like you can’t imagine. And Linus never took seriously the
religious fanaticism around security,” said Dave Aitel, a former
National Security Agency research scientist and founder of Immunity, a
Florida-based security company.
Torvalds — who despite his history of blistering online exchanges is
genial in person, often smiling from behind round-framed glasses —
indeed appears to be the opposite of a religious fanatic as he zips
around his adopted home town of Portland, Ore., in a yellow Mercedes
convertible. The license plate is “DAD OF3,” but it’s the plate holder
that better captures his sly sense of humor, somehow mixing
self-confidence with self-mockery. “MR. LINUX,” it reads, “KING OF
GEEKS.”
Over several hours of conversation, Torvalds, 45, disputed suggestions
that security is not important to him or to Linux, but he acknowledged
being “at odds” with some security experts. His broader message was
this: Security of any system can never be perfect. So it always must
be weighed against other priorities — such as speed, flexibility and
ease of use — in a series of inherently nuanced trade-offs. This is a
process, Torvalds suggested, poorly understood by his critics.
“The people who care most about this stuff are completely crazy. They
are very black and white,” he said, speaking with a slight Nordic
accent from his native Finland. “Security in itself is useless. . . .
The upside is always somewhere else. The security is never the thing
that you really care about.”
When the interviewer asked whether Linux — designed in an era before
hacking had become a major criminal enterprise, a tool of war and
constant threat to the privacy of billions of people — was due for a
security overhaul after 24 years, Torvalds replied, “You’re making
sense, and you may even be right.”
But what followed was a bracing example of why Torvalds said the
interviewer was wrong: Imagine, Torvalds said, that terrorists
exploited a flaw in the Linux kernel to cause a meltdown at a nuclear
power plant, killing millions of people.
“There is no way in hell the problem there is the kernel,” Torvalds
said. “If you run a nuclear power plant that can kill millions of
people, you don’t connect it to the Internet.”
_______________________________________________
network mailing list
[email protected]
http://lists.fosscom.in/listinfo.cgi/network-fosscom.in
_______________________________________________
network mailing list
[email protected]
http://lists.fosscom.in/listinfo.cgi/network-fosscom.in
