back to article Torvalds dumps Kernel.org for Github after breach

Linus Torvalds has released the most current build of Linux 3.1 via Github, rather than use kernel.org, which is still experiencing downtime. Torvalds said in a post to LKLM.org that the move was simply a way to put the new code out there, rather than an indictment of the situation at kernel.org, which is still suffering after …

COMMENTS

This topic is closed for new posts.
  1. Milen A. Radev
    Happy

    "a post to LKLM.org"

    Hehe, you funny!

  2. Anonymous Coward
    Thumb Down

    Well...

    I guess we should all switch to Linux because it's safer than Windows, right? Oh wait...

    (Yes no one still cares about Mac OS which is why I didn't mention it...)

    1. KrisMac
      Facepalm

      ...feeding the troll...

      Once again the trolls show their ignorance...

      The issue is not about the safety of Linux - it is about the stupidity of sys-admins who fail up patch up their boxes... That problem is completely indpendant of OS...

      For those interested there is an old post from Information Week on Phalanx here: http://www.informationweek.com/news/software/infrastructure/210201115

      The inportant factoid to take away is the version of Linux affected by the rootkit.

      "Phalanx is a self-injecting kernel rootkit designed for the Linux 2.6 branch that does not use the now-disabled /dev/kmem device,"

      To blame Linus as it is today for lazy administratiion that could have prevented this attack years ago is like saying that Windows 2008 Server is completely insecure because someone out there is still running NT4...

      1. Patorian

        Re:...feeding the troll...

        May I conclude from what you are saying, that every OS is only as secure as it's next security update ?

        That security is only based upon the fact that constant patching is necessary to keep the hackers/crackers out, since they will inevitably catch up with the code that is written ? In other words yesterday's code which was branded and touted secure is now insecure and hackable at will (by those that have the right skills)

        I'm not judging here, just want to make sure that I understood correctly.

      2. Adam Nealis
        Happy

        Remember me on this computer?

        "The issue is not about the safety of Linux - it is about the stupidity of sys-admins who fail up patch up their boxes... That problem is completely indpendant of OS..."

        And there I was, about to say "that's what happens when you let devs admin servers." :)

    2. Muckminded

      Amazing...

      how a few words can display so much stupidity.

      1. OMGROFLSKATES
        Trollface

        Linux haiku

        Rootkit, Torvalds, Hack

        The trolls need attention, lulz

        Windows are now closed

    3. LaeMing
      Happy

      Because...

      ...an OS that gets rooted occasionally is just as insecure as one that gets rooted regularly.

  3. Eddy Ito
    Headmaster

    redundancy dept. calling dept. calling

    "change their change their passwords and update SSH keys."

    1. OMGROFLSKATES
      FAIL

      Obviously Authentication....

      and security along with the basics of how SSH function are lost on you.

      you can have one or the other or both so no redundancy, rather though and complete authentication reset at all levels.

      a Sys-Admin you not be, me suspect you are the Troll from above calling OSX and Windows Not secure with no concept of Security-in-depth best practices.

      I beleive thy requiereth a hat and coat

      did you read the sshd_config file?

      1. Anonymous Coward
        Trollface

        Obviously!

        Don't you know one of the key parts of SSH is having to change your change your password? If you haven't changed your changed your password recently then you should change your change your password today or you will regret having not changed your changed your password when you are hacked by the insecurity department, who will have changed their changed their passwords every day.

      2. Dan Crichton
        Happy

        read the post next time :)

        The key phrase to look out for in that post was "change their change their", not the part about passwords and keys. The title of the post was a very obvious clue ...

  4. -tim
    FAIL

    Minimal software?

    What ever happened to only loading the minimum amount of software that a server needs? How many thousands of packages are loaded on a typical kernel.org site that have never even been used?

  5. DrXym Silver badge

    Dumps kernel.org?

    Actually no. It's clearly a stop gap as evidence by Linus saying to fetch / pull tags & changes into your existing tree (which still points at kernel.org) rather than clone straight from github.com

  6. Anonymous Coward
    FAIL

    Death of Linux

    It will never recover from this. The Linux kernel could now have all sorts of shit in it, since the repository was hacked.

    Say what you like about Windows but at least its source respository has never been open to outsiders to stick whatever back doors they wanted into the core.

    I'm starting a process at my place to get rid of all our Linux boxes - it's just way too risky to take any patches now the source has been compromised.

    1. burnttoys

      Conversely...

      As you've never had any access to Windows source or any idea who has had access to it it could be littered with back doors, insecure security, simple coding errors leading to exploits.

      You also have no way of checking for them even if you wanted to.

      Seems to me all the kernel hackers have to do is diff the source between now and just prior to the breach. They can see all the changes. It takes time - but with many eyeballs on the job it's no big deal.

      TBH I can see why Mr Stallman and friends dislike BLOBs in the kernel now.

    2. James Hughes 1

      Are you taking the piss?

      Or are you just a moron?

      Please read up on what actually went one, if the latter.

    3. Tom Chiverton 1
      FAIL

      >cough<

      http://www.google.co.uk/search?q=windows+cource+code+leak

      1. Nextweek
        Facepalm

        Thats what I thought

        The windows source is more of a source for concern. Whilst Git has SHA hashes of each patch (with which distributed developers would have spotted any change), with Microsoft we don't know if its a central repository and who checks what gets committed.

    4. Daniel 19
      Devil

      The source wasn't compromised...

      The site that carried a COPY of the source was compromised. The location of the original was never compromised. This is an important distinction.

  7. John G Imrie

    Pragmattic

    Looks like Linus' pragmatic attitude coming to the fore again.

  8. Muckminded

    Sky is falling

    Grab both ankles, and confuse an OS with an FTP site.

  9. Anonymous Coward
    Trollface

    It is official; Netcraft confirms: Linux is dying

    One more crippling bombshell hit the already beleaguered Linux community when IDC confirmed that Linux market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent kernel.org security issue, this news serves to reinforce what we've known all along. Linux is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

    1. Anonymous Coward
      WTF?

      re: It is official

      Clearly unconnected with reality, is this failed satire or just a lunatic rant?

      1. Anonymous Coward
        Trollface

        re: "failed satire or just a lunatic rant"

        Apparently obvious troll was not obvious enough.

  10. Anonymous Coward
    Anonymous Coward

    @It is official; Netcraft confirms: Linux is dying

    If that's a sarcastic joke, ease up on the sarcasm, it's a bit too hard to detect!

    You're confusing Netcraft and IDC there by the way. One of them is a fairly respectable web metrics outfit. The other reports market share of a free operating system by sales in revenue.

  11. Anonymous Coward
    Facepalm

    @3 ACs replying to "It is offical:..."

    It's a classic slashdot troll written for FreeBSD that has been modified for Linux. I'm disappointed you didn't seem to spot it.

  12. Will Godfrey Silver badge
    Happy

    short version

    There is a problem with kernel.org.

    As the kernel is on a distributed system, Linus thinks now is a good time to try it out.

    It works.

  13. Brett the Brat
    Stop

    Remember Johnny Neumonic?

    Hashes need to start including more then one kind of check, problem is once this happens the government wouldnt be able to see all your dirty secrets which is probably why this has happened. All it takes is one person to learn the back door. Add a digital picture to the mix at random out of a database of hundreds of thousands of pictures, one side has half the other side has the other half, checks are done to see that the picture matches the original. Hack that hackzor boyz.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021