back to article Linus Torvalds slams 'pure garbage' from 'clowns' at Grsecurity

Linux lord Linus Torvalds thinks he'll be able to give the world version 4.12 of the Linux kernel next week. In his post to mark the release of 4.12 release candidate seven, Torvalds wrote “It's fairly small, and there were no huge surprises, so if nothing untoward happens this upcoming week, this will be the final rc.” “But …

  1. This post has been deleted by its author

  2. Adam 52 Silver badge

    Alternative headlines could equally well have been:

    "Linus Torvalds rejects Linux security"

    "Backwards compatibility more important than security in Linux"

    Or

    "Linux kernel team reinvent wheel"

    Is there any evidence to back up this libellous accusation?

    1. Dan 55 Silver badge

      Quoting words Linus himself used?

      I don't think the messenger can be shot for this one.

    2. Snorlax Silver badge
      Facepalm

      @Adam 52: "Is there any evidence to back up this libellous accusation?

      I don't think you understand how libel works...

      1. Doctor Syntax Silver badge

        "I don't think you understand how libel works"

        Imagine this reaching court.

        Both sides would set out to prove the truth of their positions. How?

        They could call expert witnesses. Who would have to be acknowledged as the leading expert on the Linux kernel?

    3. Tom Samplonius

      "Is there any evidence to back up this libellous accusation?"

      Libel requires a published false statement. "grsecurity is garbage" is a true statement though.

      SELinux is the right answer.

      1. Just Enough

        How libel works

        Libel actually requires a statement of fact, that it is reasonable to assume is not satire, that might be taken seriously, and is demonstrably false.

        What Torvalds has said is an opinion. You cannot be sued for having an opinion that someone disagrees with.

        IANAL.

        1. JDX Gold badge

          re:You cannot be sued for having an opinion that someone disagrees with.

          You can if you use your prominent position to spread that opinion and it leads to provable damages, can't you?

          Having an opinion and sharing an opinion are very different. If you believe that the Holocaust is not real, that's very different to saying "The Holocaust didn't happen"

          1. Anonymous Coward
            Anonymous Coward

            Re: re:You cannot be sued for having an opinion that someone disagrees with.

            But then, negationism is not libel

          2. Just Enough

            Re: re:You cannot be sued for having an opinion that someone disagrees with.

            "You can if you use your prominent position to spread that opinion and it leads to provable damages, can't you?"

            Well people can sue for just about anything, but winning is different matter.

            As long as you don't lie about the facts, you can use your prominent position to voice any opinion you like, even if damages someone's interests. That's what film/book/restaurant/theatre critics do for living.

            Of course, you could be a massive jerk about it and make yourself a social pariah. Your opinion may be repulsive and disputed by every living soul on the planet. Or the nature of your prominent position may make voicing your opinion inappropriate, and cost you your job. But it still wouldn't be libel.

            Holocaust denial is a special case with specific laws in many places. And they're usually rooted in discrimination/racism/hate laws, rather than personal damages. I don't think there are any specific laws covering Linux developers.

          3. Uffish

            Re:Godwin's Law

            @JDX

            Next time try to argue things with logic instead of emotion.

        2. strum

          Re: How libel works

          >Libel actually requires a statement of fact, that it is reasonable to assume is not satire, that might be taken seriously, and is demonstrably false.

          And causes damage (loss) to the libelled.

          Someone could call me 'graceful'. Demonstrably false, but not libellous.

      2. patrickstar

        SELinux has stopped how many kernel exploits exactly? Of which there has been A LOT, regularly supplied with SELinux disabling shellcode and all...

        And in case you thought grsec was just about exploit mitigation, it does come with RBAC as well - a very powerful ACL system.

      3. chasil

        SELinux is not the answer.

        SELinux is not the answer - pledge() is the answer.

        https://news.ycombinator.com/item?id=10537674

        http://www.openbsd.org/papers/hackfest2015-pledge/mgp00001.html

        Android has been running SELinux since JellyBean (I think), and has been repeatedly owned despite this.

        1. Steve Davies 3 Silver badge
          Facepalm

          Re: SELinux is not the answer.

          There is FAR, FAR, FAR more to SELINUX security than just running it. Doh!

          Once running it is how it is configured and how your system is configured that matters.

          1. bazza Silver badge

            Re: SELinux is not the answer.

            I am no SELinux expert, but isn't one of its problems that it can be configured badly, to the point of uselessness? Of course, "configure", "badly", and "uselessness" are all very subjective words, everyone has different requirements...

            Doesn't BlackBerry's spin of Android run GR patches? If so, anyone know whether it has resisted exploits that have worked on other flavours of Android? Linus might not like the GR guys, but if their code is working then there must be some merit in it.

            1. cream wobbly

              Re: SELinux is not the answer.

              And here's where it gets interesting: grsecurity might work, but that doesn't make it good. It might work despite breaking other things. It might break other things in order to work. It might not work according to the design intent. It might work despite having a terrible design. Or some combination of these. Or some combination of each by degree. Or for shorthand, "garbage".

        2. Oh Homer
          Linux

          Re: SELinux is not the answer.

          I used to have to deal with SELinux a lot, in QA and package maintenance. It's been a long time, but IIRC the thing I disliked most about it was the fact that it was so obscenely complicated to administer, mainly because it required learning a whole new "language" (obscure "contexts"), and the resultant policies actually needed to be "compiled" into very inaccessible binary blobs, that even developers had a hard time understanding it, so your typical end user wouldn't have a hope of configuring it properly if at all.

          Indeed the only actual "configuration" we saw from pretty much all the users was to disable SELinux to save having to deal with it, and the number one complaint, other than persistent breakage from buggy or incomplete policies, was the fact that no one felt comfortable blindly accepting security policies that needed to be created by complete strangers, because they were the only ones who understood SELinux well enough to write those policies (broken though they often were).

          Any security mechanism so complicated that nobody understands it is patently not really secure, no matter how good it might be in theory.

      4. Ramazan
        Facepalm

        Re: "grsecurity is garbage" is a true statement though.

        You've misspelled something there: ""SELinux is garbage" is a true statement though". Here, fixed it for ya, Tom.

  3. Snorlax Silver badge
    Meh

    Ego Overload

    I was reading the email thread over the weekend - that Brad guy had some valid points.

    Torvalds is a joke, he's like a petulant child thriving on a cult of personality. Ad hominem attacks and public criticism of people's work aren't how you get things done...even in Linux-land.

    1. jake Silver badge

      Re: Ego Overload

      So, Snorlax, when is your own new open source kernel going to start making inroads on Linux? I for one can't wait to see your brave new way of doing things! I'm sure it'll be an absolutely phenomenal success, given your world-class management skills!

      1. AndyS

        Re: Ego Overload

        Jake, what a useless comment.

        I take it you wouldn't dare criticise the people involved in fitting the cladding to Grenfell Tower, since you yourself don't personally operate a successful business retrofitting aging tower blocks?

        No doubt you'd never criticise Trump (or Obama), since you're not the President of the USA?

        1. jake Silver badge

          Re: Ego Overload

          AndyS, might want to look up the meaning of strawman. I don't play that game.

          1. Geoffrey W

            Re: Ego Overload

            @Jake "AndyS, might want to look up the meaning of strawman. I don't play that game."

            You do play other games though. Your OP sounds like ad hominem to me, though there is probably another specific logical fallacy in your original attack. You say he cannot criticize Torvalds because he has not written his own OS. Then I cannot criticize Ford for the poor functioning I find in one of their cars, because I haven't designed and built my own car. I cannot criticize a politician because I have never been elected. It's just absurd.

            Edit: Here you go - your original post was an "Appeal to accomplishment" fallacy.

          2. IsJustabloke
            Trollface

            Re: Ego Overload

            @jake ... "AndyS, might want to look up the meaning of strawman. I don't play that game."

            Just as well really... you'd lose.

    2. John H Woods Silver badge

      Re: Ego Overload

      @Snorlax

      Rejecting someone's technical input "because they are xxx" is only ad Hom. when xxx has nothing to do with the matter ... if xxx is (as implied) "technically substandard" then it may lack justification, and it might be rude, counterproductive or even false ... but it's not really an ad hominem attack.

      1. Snorlax Silver badge

        Re: Ego Overload

        @John H Woods: Ridiculing somebody by calling them a clown isn't an ad-hominem? Riiiight.

        I don't see Torvalds criticising KSPP's "work", which basically involves them copy-and-pasting grsec code...

        As usual with him, it's a dick-measuring contest.

        1. John H Woods Silver badge

          Re: Ego Overload

          "@John H Woods: Ridiculing somebody by calling them a clown isn't an ad-hominem? Riiiight"

          Correct. Ad hominem is not a fancy synonym for name calling. It means attacking someone's work, argument, position, etc. by just attacking them personally ... " I wouldn't even look at their code, they're Trump supporters, it's bound to be awful"

          HTH HAND &c

          1. Snorlax Silver badge

            Re: Ego Overload

            @John H Woods: An ad-hominem attack is a personal attack full-stop. Nothing to do with the quality of work, the colour of the sky, or the day of the week.

            So if I call you a clown, that's an ad-hominem attack. I'm attacking the messenger, not the message.

            If you have to resort to ad-hominem attacks, you don't have a worthwhile argument.

            Hope this cleared things up for you...

            1. DavCrav Silver badge

              Re: Ego Overload

              "@John H Woods: An ad-hominem attack is a personal attack full-stop. Nothing to do with the quality of work, the colour of the sky, or the day of the week.

              So if I call you a clown, that's an ad-hominem attack. I'm attacking the messenger, not the message."

              If I call someone a clown, going on to give a point-by-point refutation of their positions, that's not ad hominem. If I call someone a clown without the second bit, that's an insult, but it's not ad hominem. If I say someone is a clown, so ignore them, that's potentially an ad hominem. But it depends on whether I say that that person is a clown because of many previous experiences with the person where it's become clear that they have no idea what they are talking about. It's still technically ad hominem, but it's much more reasonable to ignore the ramblings of a confirmed idiot than check every single time.

            2. Kiwi Silver badge
              Coat

              Re: Ego Overload

              @John H Woods: An ad-hominem attack is a personal attack full-stop.

              Wot, like "Typical criticism-deflection tactic from the linux camp."? Or hows about "lol at you. What are you, his knight in shining armour, coming to the rescue because somebody said something bad about him on the internet?"? Or the real pearler... " no matter how stupid, ill-informed or obnoxious it may be."

              FTFY

              Does the hypocrisy come naturally, or is it a part of the MSCE jokecourses?

              If you have to resort to ad-hominem attacks, you don't have a worthwhile argument.

              Yes....

              (And yes, I do plenty of ad-hominem attacks.. Even worse, I sometimes enjoy doing it :( Though that said, some people I think are worth getting some enjoyment out of)

            3. strum

              Re: Ego Overload

              > An ad-hominem attack is a personal attack full-stop

              Nope.

        2. hplasm Silver badge
          Gimp

          Re: Ego Overload

          "As usual with him, it's a dick-measuring contest."

          And one he can't win. All the biggest dicks are associated with closed source.

          1. HandleAlreadyTaken

            Re: Ego Overload

            @hplasm: are you saying open source supporters have small dicks then?

        3. strum

          Re: Ego Overload

          >Ridiculing somebody by calling them a clown isn't an ad-hominem? Riiiight.

          Actually, no it isn't. Common abuse =/= ad hominem.

    3. wolfetone

      Re: Ego Overload

      "Torvalds is a joke, he's like a petulant child thriving on a cult of personality."

      Ah if only Billy Gates took the same approach with Windows. It might be a half decent secure operating system. Instead it's a bloated P.O.S. with code dating back to the 1980's that their developers have absolutely no clue what it does and won't remove it.

      Jog on.

      1. Snorlax Silver badge
        Windows

        Re: Ego Overload

        @wolfetone: "Ah if only Billy Gates took the same approach with Windows"

        Nobody mentioned Windows. Typical criticism-deflection tactic from the linux camp.

        0/10 for effort. Jog on yourself m8y...

        1. wolfetone

          Re: Ego Overload

          "Nobody mentioned Windows. Typical criticism-deflection tactic from the linux camp.

          0/10 for effort. Jog on yourself m8y..."

          Nah mate. This isn't Theresa May you're speaking to.

          It's a typical bullshit from people saying "wah wah wah, Linus is nasty because he swears". He tells it like it is, he's right in what he's said.

          Yeah the effort might have been lacking but when you see the same shite every month concerning these types of comments you do tend to get a bit jaded after a while.

          This isn't primary school, it isn't kindergarten lets play around with Barney the purple dinosaur. Adults swear, and by golly he's fully entitled to use the full length and bredth of the English lexicon to get his points across.

          1. Doctor Syntax Silver badge

            Re: Ego Overload

            "Adults swear, and by golly he's fully entitled to use the full length and bredth of the English lexicon to get his points across."

            Actually he's made life a bit more difficult for the usual suspects this time. He didn't swear.

          2. Snorlax Silver badge
            Trollface

            Re: Ego Overload

            @wolfetone: "It's a typical bullshit from people saying "wah wah wah, Linus is nasty because he swears". He tells it like it is, he's right in what he's said."

            lol at you. What are you, his knight in shining armour, coming to the rescue because somebody said something bad about him on the internet?

            "This isn't primary school, it isn't kindergarten lets play around with Barney the purple dinosaur. Adults swear, and by golly he's fully entitled to use the full length and bredth of the English lexicon to get his points across."

            There's a thing called respect, maybe you've heard of it? When dealing with other members of the human race you'll often find that if you treat people with respect, they return the respect. Swearing at people and insulting them will usually not get the job done as nobody likes a dictator...

            1. wolfetone

              Re: Ego Overload

              "lol at you. What are you, his knight in shining armour, coming to the rescue because somebody said something bad about him on the internet?"

              I am a man with an opinion and not afraid to express it in any form or any means, and certaintly not afraid to defend my opinion from someone who likes to be on their high horse.

              "There's a thing called respect, maybe you've heard of it? When dealing with other members of the human race you'll often find that if you treat people with respect, they return the respect. Swearing at people and insulting them will usually not get the job done as nobody likes a dictator..."

              I'm not sure you know the meaning of the word respect after trying to talk down to me in your previous paragraph.

              But yes, there is a thing called respect. But respect isn't just the domain of words. Respect is shown via work done, via software that people will use. If you're submitting shit work expecting it to be passed as OK when it's crap and will cause problems for those programmers and those end users, then you should ultimately expect the same level of respect given to you as you're giving out via shit work.

              1. Snorlax Silver badge
                Trollface

                Re: Ego Overload

                @wolfetone: "I am a man with an opinion and not afraid to express it in any form or any means, and certaintly not afraid to defend my opinion from someone no matter how stupid, ill-informed or obnoxious it may be."

                FTFY

                "Respect is shown via work done, via software that people will use. If you're submitting shit work expecting it to be passed as OK when it's crap"

                If the work is so crap, I will repeat the question I asked earlier: why has your buddy Torvalds not saw fit to also rip KSPP a new one for copying grsec's work? I mean, if the code is as bad as he says it is, why are KSPP using it?

            2. Anonymous Coward
              Anonymous Coward

              Re: Ego Overload

              "When dealing with other members of the human race you'll often find that if you treat people with respect, they return the respect."

              Solid long term respect is earned, its not simply given and retained. Basic respect is given at first, then as more interaction occurs the amount of respect raised or lowered according to the quality of the interaction.

            3. Roo
              Windows

              Re: Ego Overload

              "When dealing with other members of the human race you'll often find that if you treat people with respect, they return the respect."

              You could always have a crack at that respect thing yourself you know.

        2. Kiwi Silver badge
          FAIL

          Re: Ego Overload

          @wolfetone: "Ah if only Billy Gates took the same approach with Windows"

          Nobody mentioned Windows.

          Actually, I'm pretty sure Wolfetone mentioned Windows...

          Typical criticism-deflection tactic from the linux camp.</blockquote

          Ahem.. You're shoving your oar into a discussion about Linus Torvalds having an issue with someone's patches in Linux, and basically verification processes involved there.... And you're here as a Windows fan...

          Considering the very recent article about MS asking people NOT to install one of their patches because it was yet to be verified (yes, big shock to me too that they're actually doing that again!), don't you think you should get your own house back in order?

          Do they really pay enough to say this stuff? Or do they have a gun pointed at your kid's head or something?

          1. Snorlax Silver badge
            FAIL

            Re: Ego Overload

            @Kiwi: "Ahem.. You're shoving your oar into a discussion about Linus Torvalds having an issue with someone's patches in Linux, and basically verification processes involved there.... And you're here as a Windows fan..."

            What an idiot. Really? "You're here as a Windows fan"??? Says Kiwi, the guy whose hobby seems to be collecting downvotes by making stupid comments on every Windows-related article on this site...

            You don't have a clue what I'm a fan of.

            I will, however, tell you what I'm not a fan of:

            * Shouty, hysterical assholes

            * People who don't read the comments in context, but choose to look stupid by having an argument anyway.

            * People who run away and hide when presented with questions which show their argument in a bad light

            1. Kiwi Silver badge
              Pint

              Re: Ego Overload

              the guy whose hobby seems to be collecting downvotes by making stupid comments on every Windows-related article on this site

              That silver badge by my handle? You don't get them for downvotes y'know. But while appreciated, and sometimes can even brighten my day, I'm not here for the votes. But I'll let the tally of my up/down votes vs yours in this thread speak to your comment.

              (Having a quick look at your history, I see there are other topics we agree on, and probably a number of posts of yours I've upvoted (I don't see any blue arrows (thanks Reg for implementing that) but they may not follow everything that far back)...

              I will, however, tell you what I'm not a fan of:

              * Shouty, hysterical assholes

              * People who don't read the comments in context, but choose to look stupid by having an argument anyway.

              So.. You're not a fan of yourself then? :)

              * People who run away and hide when presented with questions which show their argument in a bad light

              Like.. How you're not answering questions about your posts, and attacking the person instead? Remind me, who was it who, a few hours ago, said that if you attack the person you don't have much of an argument?

              It's 1:20am here on what is becoming a cold winter's night. I'm not "running away" as you might claim, I'm hopping into a nice warm bed. That should mean it's early afternoon on what I hope is a nice summer's day for you. Have one of these -->

      2. This post has been deleted by its author

    4. Lee D Silver badge

      Re: Ego Overload

      The Brad guy manages a set of security patches.

      Patches that he has questionably licensed (it's GOT to be GPLv2 because they are kernel patches, but now you only get them if you are part of his little clan, and if you distribute them, he threatens to never supply you another patch again).

      Patches that he has zero interest in submitting through the proper channels. He regularly claims to have done so but it's mainly just dumps of the entire thing with no breaking down to individual patches. Not even an idiot is going to apply megabytes of patches to the Linux kernel overnight.

      Patches that are based on the Linux kernel which is a damn sight harder to manage than just his security patches, but he won't co-operate with anyone, and - as with the licensing - he somehow thinks he should be treated better than anyone else.

      I've had a couple of run-ins with him on other forums, nothing to do with the code (I'm happy to assume his stuff works and is worthwhile, technically he's quite clever) but about the attitude. He just expects everyone else to do the work to integrate, because his code is so fabulous, while at the same time refusing to make any effort that way himself and questionably mis-licensing and threatening people. Then he complains about how Linux doesn't have all this stuff.

      Instead, BECAUSE of his attitude, the kernel maintainers are reinventing the wheel without bothering to look at his code in case it somehow taints them and causes trouble. You can just imagine the attitude of the above guy if they start just pulling in his code anyway, or copying it wholesale. This completely hinders any integration of his patches. NO ONE will volunteer to pull his stuff across piecemeal (as EVERY OTHER major patch to Linux was handled) because of this attitude. If you speak to the guy, you'll see why.

      It seems to me that we have another "BitKeeper" debacle, that's going to end with his patches becoming obsolete, while someone else does the hard work again in another way to do what he could just do overnight.

      To be honest, I can even understand his point of view. He knows his stuff. But equally, I can quite understand why no-one will deal with him. And should anyone go to the effort of doing this integration, his patch-set is dead overnight. Nobody will ever remember him. Perhaps that's why he actively hinders efforts.

      I've never seen another major kernel patch set where NOBODY will step up to help them integrate any more (it's been tried several times), and where people would rather re-invent the wheel rather than deal with the personality.

      TBH: I'm with Linus here.

      1. patrickstar

        Re: Ego Overload

        The story is basically this:

        Linus, and the other kernel maintainers, have been essentially ignoring security for years. Attempts to introduce security hardening into mainline has been met with indifference or outright hostility. In the rare occasion where something has ended up landing, it has been in a watered-down form with limited value, often demonstrating the commiter's lack of deeper understanding of the issues involved.

        Linus has even publicly stated that he doesn't view security bugs as any different from any others, with predictable results. Lots of security issues that actually do get fixed do so more or less silently with a non-descriptive commit, causing much joy for blackhats reading the changelogs and much pain for people trying to backport security fixes to old kernels.

        m

        During this whole period, grsec has basically been the only way to let untrusted code run on a Linux box without guaranteeing eventual compromise.

        At some point, there was some sort of debacle with Wind River marketing (I'm weak on the details here - someone can fill in perhaps?) that pissed off spender to the point where he stopped making stable grsec patches public.

        After a round of bad press, the mainline kernel guys launched the Kernel Self-Protection Project with major corporate backing. It turned out to consist of poor reimplementations (or even cut and paste without understanding the details) of features from grsec/PaX. The very same features that were previously rejected by Linus et al. for political/personal/religious reasons (or plain lack of understanding) mind you, and which were developed without anything comparable to the corporate backing of the mainline Linux kernel.

        Absolutely no interest has been demonstrated in actually involving grsec in any of this, despite them having been doing this work with excellent results for many years on a shoe-string budget.

        Not too surprisingly, this was the last straw and now no grsec patches are publicly available anymore.

        And if you think spender/pipacs produce garbage, I'd suggest you start by turning off ASLR and DEP on all your systems. They invented those, after all... grsec/PaX had those literally years before any mainline Linux kernel eventually implemented them in half-assed watered-down ways.

        1. Snorlax Silver badge
          Thumb Up

          Re: Ego Overload

          @patrickstar:"Linus, and the other kernel maintainers, have been essentially ignoring security for years...

          ...And if you think spender/pipacs produce garbage, I'd suggest you start by turning off ASLR and DEP on all your systems. They invented those, after all... grsec/PaX had those literally years before any mainline Linux kernel eventually implemented them in half-assed watered-down ways."

          This guy gets it... Have an upvote.

        2. Roo
          Windows

          Re: Ego Overload

          "Linus, and the other kernel maintainers, have been essentially ignoring security for years."

          I have seen plenty of evidence to the contrary over the past 23 years, so I can't help but wonder if you have been wearing your backside as a hat for the past couple of decades.

        3. Roo

          Re: Ego Overload

          "During this whole period, grsec has basically been the only way to let untrusted code run on a Linux box without guaranteeing eventual compromise."

          That is a very bold claim when there are millions of x86 boxes out there can be owned from userland regardless of what kernel is running.

      2. Anonymous Coward
        Anonymous Coward

        Re: Ego Overload

        @Lee D,

        The Brad guy manages a set of security patches.

        Patches that he has questionably licensed (it's GOT to be GPLv2 because they are kernel patches, but now you only get them if you are part of his little clan, and if you distribute them, he threatens to never supply you another patch again).

        IANAL, and I'm certainly not suggesting that grsecurity are playing by the spirit of the Linux kernel community.

        However, as far as I can tell so long as they're offering to ship physical media bearing the source code to whoever they've distributed compiled code to, they're within the terms of GPL2. And they're not obliged to distribute their patchset to the whole planet; they are not obliged to ship future patches to anyone at all, they can choose who they send it to.

        If this regretable situation is not to the Linux kernel community's liking, they're shipping their code under the wrong license. If it is ever going to be resolved, both sides of the argument are going to have to back down somewhat. However, that's not something I reckon Linus can do...

      3. Chika
        Mushroom

        Re: Ego Overload

        Instead, BECAUSE of his attitude, the kernel maintainers are reinventing the wheel without bothering to look at his code in case it somehow taints them and causes trouble.

        Seems to be a common problem. Actually surprised nobody has drawn the similarities between this and a certain other bit of coding bollocks which only seems to be perpetuated because everyone has their collective snouts planted between RedHat's cheeks.

    5. naive

      Re: Ego Overload

      Linus is a great leader since he openly dares to say what is wrong, which is a feature all great leaders share. If more people in power were leaders instead of cowards trying to avoid unfavorable fake news, we would have a better society. People like him fit in the same category as Ferdinand Porsche and Ferdinand Piech, who are always pursuing perfection, creating incredible things like the VW Beetle, Porsche 917, Bugatti Veyron.

      They differ from subdued company bots in a way that they don't go home at 17:00, but stop when their vision is realized.

      Linus is probably right. It is questionable if security code should be part of kernel code anyway, the kernel does deal with hardware, and should stay as small and light as possible. Who wants some "security" software get in the way of handling interrupts and other events which have to be handled within certain time constraints. The Linux kernel is already quite bloated, it should actually get rid of things.

    6. Doctor Syntax Silver badge

      Re: Ego Overload

      "Torvalds is a joke"

      I say, isn't that a bit ad hominem?

    7. cream wobbly

      Re: Ego Overload

      Per Lee D, he can have valid points and still be wrong, because of context. Torvalds isn't swimming in Brad's pool; Brad is swimming in Torvalds's. End of debacle.

  4. Gunboat Diplomat

    Grumble

    It's pretty tiresome seeing the 'ends justifies the means' argument being dusted off to defend Torvalds again. The man clearly has a great amount of technical ability, but he's not a leader. Imho, Linux is the best os available, but it's still got a lot of flaws, being rude won't encourage more people to get involved and fix those flaws.

    1. Snorlax Silver badge

      Re: Grumble

      @Gunboat Diplomat: "The man clearly has a great amount of technical ability, but he's not a leader."

      You're right.

      It's funny that a guy who's allegedly worth $150 million expects people to work for free, ostensibly for "the exposure". Linux isn't a grassroots effort anymore - maybe Torvalds is in denial or he just chooses not to acknowledge the fact openly because it suits his desire to have people work for nothing other than some mailing list kudos...

      1. Androgynous Cupboard Silver badge

        Re: Grumble

        You have managed to completely invert the situation Snorlax.

        It's not Linus "expecting people to work for free" (no doubt because of the billions he rakes in selling Linux, for nothing). Most of the patches are from firms, because they make use of Linux (which is free, remember) for their own benefit, or to ensure it runs on the hardware they sell. Or do you think Intel and IBM are just being altruistic?

        1. Snorlax Silver badge

          Re: Grumble

          @Androgynous Cupboard: "Most of the patches are from firms, because they make use of Linux (which is free, remember)"

          Linux is most definitely not free. What a myth!

          You might be able to download an Ubuntu ISO for free, but in a production environment Linux has costs just like Windows or OS X (unless your techies work for free in some kind of medieval serfdom, which I very much doubt).

          How much are RHEL support subscriptions these days?

          1. DavCrav Silver badge

            Re: Grumble

            "You might be able to download an Ubuntu ISO for free, but in a production environment Linux has costs just like Windows or OS X (unless your techies work for free in some kind of medieval serfdom, which I very much doubt).

            How much are RHEL support subscriptions these days?"

            What has that got to do with Linux not being free? If I get given a free car, I don't get to say "it's not free because I have to pay for the petrol".

            1. Snorlax Silver badge
              Trollface

              Re: Grumble

              @DavCrav: "What has that got to do with Linux not being free? If I get given a free car, I don't get to say "it's not free because I have to pay for the petrol"."

              Your "free" car is useless without paying for petrol, insurance, and maintenance.

              Similarly, that "free" (gratis and libre) linux ISO is also useless in a production environment without paying for support and maintenance. Support staff don't work for nothing, do they?

              I notice you didn't answer my question about how much commercial linux support costs...

              1. Anonymous Coward
                Anonymous Coward

                Re: Grumble

                I don't know how much commerical Linux support costs because here at $VERY LARGE CORPORATION$ we use CentOS.

              2. Roo
                Windows

                Re: Grumble

                "I notice you didn't answer my question about how much commercial linux support costs..."

                I'm giving you the benefit of doubt here by assuming that you are asking the question out of ignorance rather than out of hope of someone dropping a shilling into your palm:

                1) There are lots of vendors offering commercial Linux support, they all have different 'list' prices for different levels of support...

                2) Typically customers don't pay list price, so only the vendor and the customer know how much the support costs...

          2. Destroy All Monsters Silver badge

            Re: Grumble

            Linux is most definitely not free. What a myth!

            That strawman rustle!

          3. Gerhard Mack

            Re: Grumble

            "You might be able to download an Ubuntu ISO for free, but in a production environment Linux has costs just like Windows or OS X (unless your techies work for free in some kind of medieval serfdom, which I very much doubt).

            How much are RHEL support subscriptions these days?"

            Where I work, I maintain a mix of Windows, RHEL, Centos, Debian and pfSense. Of all of those Debian (completely free) is the one I spend the least amount of effort maintaining and Linux servers in their entirety require less tech time than the Windows servers to maintain despite the fact that we have more Linux servers than Windows.

          4. ST Silver badge
            Mushroom

            Re: Grumble

            > Linux is most definitely not free. What a myth!

            Linux is an operating system kernel. It can be downloaded by anyone, free of charge, in source code form.

            You can then compile your own Linux kernel into binary, free of charge.

            Can you do that with Microsoft Windows or Apple iOS? No you can't.

            The support costs you are referring to are not for the Linux kernel. They are for covering the cost of creating, putting together, testing and maintaining a particular Linux commercial distribution, as published by RedHat, SuSE, Ubuntu, etc.

            Do your homework and try understanding the difference between the Linux kernel and a Linux-based commercial distribution.

            Unless you work for Microsoft, or Apple, of course, in which case you don't really need to understand anything:

            - Microsoft: just click on the "OK" button when prompted.

            - Apple: click on the "OK" button when prompted, then have an iOrgasm because Apple sent you a magical software update.

          5. Anonymous Coward
            Anonymous Coward

            Re: Grumble

            Kind of like how those free samples at the grocery aren't free because one needs to chew them?

          6. Lars Silver badge
            Happy

            Re: Grumble

            Snorlax, what's your problem?.

          7. Roo
            Windows

            Re: Grumble

            "You might be able to download an Ubuntu ISO for free, but in a production environment Linux has costs just like Windows or OS X "

            Sure it does. The costs are just a lot smaller in a lot of cases. Why do you think all vast majority of HPC shops run Linux rather than Windows ? Quite a lot of those clusters are run by outfits that previously *only* ran Windows. They actually had to spend extra $$$ to hire Linux expertise, force the vendors to sell them boxes sans Windows Tax *and* fight the bean counters and the PHBs to get Linux in there in the first place.

            The reason why they succeeded is because HPC shops are particularly cost sensitive, and Linux really does beat Windows hands down in the HPC space for TCO.

        2. patrickstar

          Re: Grumble

          The proper comparision would be whether the STAFF of IBM, Intel, et al. are working for free or not...

          Not even the people involved in the KSPP are working for free. How come the grsec people (spender, pipacs and whoever else is involved) are expected to work for free, while the KSPP guys aren't?

          Why is there even a KSPP when they could have just funded grsec with much better results?

          Answer: Linus doesn't give a fuck about security or see exploit mitigation and hardening as something that belongs in the kernel. He along with certain others have successfully alienated the people who are actually have a damn solid track record of providing it.

          Now when the pressure is on to actually do something about the sorry state of Linux kernel security, trying to mend things would mean he publicly admitting he was wrong ... which he's far too proud to do.

          Besides, he doesn't actually care about security, only about appearing to do something about it, so the results don't really matter.

          Enter the KSPP which consisted mostly of taking random parts from grsec without any deeper understanding of the issues. Considering that the people involved have a near-zero record of meaningful innovation in this field, I would suspect they are pretty much screwed now without public grsec patches. At most they can add a bunch of half-assed useless "features" for show, probably introducing more vulnerabilities in the process just as they have done before.

          So, to save Linus' face, money is being spent on make-believe work and every Linux users security suffers.

    2. JimC

      Re: but he's not a leader.

      He clearly is a successful leader, since a co-operative project has achieved a great deal under his leadership. But then Genghis Khan and Attilla the Hun were successful leaders too.

      1. Random Handle

        Re: but he's not a leader.

        > But then Genghis Khan and Attilla the Hun were successful leaders too.

        An even more surprising thought when you consider they were probably using FORTRAN or AL GORE and only had 4800 baud dial-up back then.

  5. Unep Eurobats
    Holmes

    'I stopped trying to be polite'

    Like, ever.

  6. Anonymous Coward
    Anonymous Coward

    Linux Lord

    Linux lord linux lord riding through the glen.

    Linux lord linux lord ranting off again.

    Crap code to the left, smack downs the right.

    Linux lord linux lord

    Ermagurd

    Someones had his weetabix.

  7. Anonymous Coward
    Anonymous Coward

    strcat and strcmp have seen me fine for years...

    So why should I learn anything else?

    There will always be a zero byte somewhere - this security stuff is seriously overrated.

    1. Daniel Palmer

      Re: strcat and strcmp have seen me fine for years...

      I don't remember when those became syscalls but lets pretend for a moment that those are part of the kernel that userland calls directly...

      So the implementation is naive. Expecting memory not to be corrupted by programming errors or tempering is expecting too much. So lets just remove those functions. What's that? lots of shit you use doesn't work anymore? Oh dear you better get fixing it then.. You can't fix hundreds of libraries etc right this moment because someone decided some perceived security benefit is more important than stuff working? Oh dear oh dear oh dear whatever shall you do? You found out that expensive EDA, CAD or whatever package you use doesn't work and it's not supported by the vendor anymore? I guess what you need to do is run really old buggy versions of everything so you can avoid upgrading one thing that is super duper secure but makes your system unusable.

  8. Bob Hoskins
    Unhappy

    Linus exhibits all the qualities of pure sociopath

    It baffles me that anyone in the open source community is still prepared to subject themselves to his attitude.

    1. Adair Silver badge

      Re: Linus exhibits all the qualities of pure sociopath

      I baffles me why so many people waste so much of their time whining about someone who is doing his job, and who isn't particularly interested in wasting time with people who can't be arsed to do their work properly, or who spit their dummy out if their ego isn't regularly massaged.

      Yes, Linus can be painfully direct and even downright rude, but I can't say that I've seen much evidence of that behaviour arising without justifiable provocation.

      1. Bob Hoskins

        Re: Linus exhibits all the qualities of pure sociopath

        Well yeah, OK. But having worked on FreeBSD (and yes I know we're not comparing like with like) there are open source projects with far greater potential and merit. Linus is not the begin and end of the open source movement. He is often rude, unprofessional and rapidly becoming surplus to requirements.

    2. Anonymous Coward
      Anonymous Coward

      Re: Linus exhibits all the qualities of pure sociopath

      Perhaps because the rants aren't all that frequent. El Reg probably reports on every one of them, they are great clickbait.

      There is a difference between the occasional rant and permanent bad attitude. I suspect that if it was permanent bad attitude Linux would have died somewhere around 1991...

    3. Kiwi Silver badge
      Linux

      Re: Linus exhibits all the qualities of pure sociopath

      It baffles me that anyone in the open source community is still prepared to subject themselves to his attitude.

      If it wasn't for him, we'd be limited to Windows, and maybe what OSX would've been.

      And by Windows I mean something not as advanced as Windows is today. There have been a number of improvements/enhancements to Windows and it's subsystems that've been inspired by Linux (too tired to name any with any certainty right now, but sure someone else will fill in the blanks), or where Linux's growing use has challenged MS to do better.

      Without Linus we would not have the OS's we have today. And don't say "but someone else would've come along" because, sadly, no one else has come along.

      He gets stuff done. I've worked with people who talk etc like him who've been wrong and lost all the respect of those around them, and I've worked with people who talk like him when needed, and have the full respect of those around them because their "rant" is on the mark, and they do know what they're talking about (and a quick chewing out is often far better than some of the other methods people use to deal with "issues" - would you rather your missus spend a few seconds yelling about how you didn't notice she'd used a different shade of bleach, or several hours of "What's wrong honey?" "NOTHING" followed the next day by "Is something wrong" "WELL IF YOU DON'T FUCKING KNOW I'M NOT GOING TO TELL YOU"??)

      I'd rather work under him, and either be weeded out as someone useless, or rise to the challenge and improve my game to a point where I don't get growled at by him, than work under a number of other management styles, especially the styles that DON'T deal with issues. I've seen good companies go under because management wouldn't deal with people doing things badly, or being dickheads when a few words from the boss would've stopped the flow of workers out the door.

      He's blunt, but he seems to get stuff done. Good stuff at that.

      1. bazza Silver badge

        Re: Linus exhibits all the qualities of pure sociopath

        If it wasn't for him, we'd be limited to Windows, and maybe what OSX would've been.

        That's very doubtful. FreeBSD's origins predate Linus's efforts, and FreeBSD's itself first hit the Web very soon after Linux. Had Linus studied the History of Art instead, FreeBSD would have come into existence anyway (it was well on the way to completion). FreeBSD is pretty good.

        Then there's the NetBSDs and OpenBSDs of this world.

        You're also ignoring some perfectly good commercial OSes; QNX, INTEGRITY, VxWorks are all excellent. QNX in particular is quite interesting, in theory it's capable of being the basis of a desktop OS (you could use it like that back in its very early days). INTEGRITY could too, though that would be a massive piece of work. VxWorks is well and truly stuck in the world of embedded systems, but is (like the others) pretty good at what it does.

        1. Kiwi Silver badge
          Linux

          Re: Linus exhibits all the qualities of pure sociopath

          If it wasn't for him, we'd be limited to Windows, and maybe what OSX would've been.

          That's very doubtful. FreeBSD's origins predate Linus's efforts, and FreeBSD's itself first hit the Web very soon after Linux.

          The issue here is popularity though.

          BSD is quite low down on the rankings, and while I cringe even saying this, if it wasn't for the stuff written primarily for Linux that can be easily ported to BSD, there'd probably be quite a bit less software for BSD today.

          For some reason BSD isn't popular. At least some of Linux's early popularity came from Linus Torvalds himself. I remember in the mid 90's (when I stopped playing with computers and started playing with computers) how many techie people, especially those in their teens, were all but fawning over him like he was some kind of rock star. He was this guy who was really shoving it to the naysayers and the corporates, and who wrote his own kernel. To many he was quite a hero. These people went on to use it, to learn to work around the limitations it had, and by working around those limitations wrote code that has gone into the programs we use today (or early versions of them). That also gave OSX something, as if you could understand Linux you could understand BSD and therefore OSX - there was a boost to the people being able to work with these platforms. What I meant in my earlier post is Apple probably would've moved away from OS9 to something else, but would it have been BSD, or anything like what we have?

          He got a momentum behind Linux that made it what it is, the most used OS kernel by far (even if some of its use is embarrassingly poorly implemented, eg IoT).

          BSD never got that momentum, nor did anything else. Maybe it would've done without Linus doing what he did, but the fact that no one else has done suggests to me that it never happened. Of course, it is possible that there was stuff going on that I never learnt of, and what I saw of the hero-worship around LT was largely a NZ-based thing and overseas there were others who rose up but for some reason did not last.

          Of course, Google may've done something since the were wanting the smartphone and Chrome stuff, but they may have built something around a version of Windows (maybe put money and devs into ReactOS?)

          And maybe, as Patrickstar mentions, the people who became Linux coders would've supported *BSD or another OS for reasons other than the personality behind them.

          All this is largely based on the memories I have of the opinions I formed of talking to a core group of NZ BBSers mainly around Wellington, NZ, who I often met with in person (some of whom are still close friends even now), and with some messages via Fido-based networks to others. I never really took an interest in Linux until I started playing with web servers in the mid 2000s.

          1. patrickstar

            Re: Linus exhibits all the qualities of pure sociopath

            OS X is based on NeXTSTEP, which existed well before Linux did. Not BSD.

            Maybe the lack of Linux would have shifted the OS market in ways that would mean Apple had made another OS choice, but this sort of reasoning quickly gets more or less impossible... (and if they hadn't gotten Steve Jobs back on board by buying NeXT, who knows where they'd be today, etc)

            Anyways, personally I kinda fail to see how Linux had an impact another OS wouldn't sooner or later if it hadn't appeared when it did.

            There was already a solid base of *ix hobbyists - just that it was restricted to people with access to UNIX workstations and shell accounts (and the occasional one playing with Minix at home). There wasn't exactly a lack of free (as in speech and beer) and open source software, or people eager to develop more of it.

            The reason BSD and others are low in the popularity rankings is obviously because Linux took their place - not some inherent property of Linux itself that the others would be lacking today.

      2. patrickstar

        Re: Linus exhibits all the qualities of pure sociopath

        Uhm, Linux becoming the go-to x86 *nix clone was basically just a historical accident.

        If it hadn't gained traction when it had, the BSDs would probably be where it is today.

        Or maybe GNU HURD would have taken off.

        Or some now-dead system would now be dominant. Or some now-nonexistent one would have been born.

  9. handleoclast
    Coat

    I'm very similar to Linus

    He's a great coder. He's an effective leader. And he swears at people a lot.

    Just like me.

    Except I'm crap at leading. And not all that good at coding.

    1. Kiwi Silver badge
      Coat

      Re: I'm very similar to Linus

      Except I'm crap at leading. And not all that good at coding.

      I'm quite exceptional at leading myself. It's everyone else who is useless at following!

      1. ArrZarr Silver badge

        Re: I'm very similar to Linus

        The simple solution is find where everybody's going and walk in front of them

        1. Kiwi Silver badge

          Re: I'm very similar to Linus

          The simple solution is find where everybody's going and walk in front of them

          I try that. But the silly idiots forget where they're going and go elsewhere. Almost like they didn't want me in front of them or something..

  10. earl grey Silver badge
    Flame

    Dear Whingers,

    ODFO

  11. Herby

    Hornets nest??

    From the looks of the comments, it appears that nothing stirs up a hornets nest (and downvotes) like:

    1) Politics

    2) Religion

    3) Linus Torvalds

    4) Linux Kernel.

    From the looks of it, we might want to calm down.

  12. Inspector71
    Devil

    There's only one way to find out: FIGHT!

    I suggest pitting Linus against Theo in a fight to the death.

    400 quatloos on the Van Raadt.

    ( Cue fight music)

  13. Anonymous Coward
    Anonymous Coward

    As an outsider...

    As an outsider looking in it seems to me that Linus is tolerated as he is the 'leader', but a lot of other people "think" they are as important as Linus and try to bully others to get their way, even when they are completely bang out of order and throwing insults on a personal level - which doesn't appear to be Linus's style, he just tells you that your code is shit. I'm sure numerous people have quit the project because of Linus, but I suspect (based only on gut feel) that a hell of a lot more people have left because of other people's bullying and personal attacks.

  14. Anonymous Coward
    Anonymous Coward

    What'll Linus Think of Project Treble?

    Hmmm, well if Linus doesn't like what GR are doing, or like the people involved, I wonder what he'll think of Google's Project Treble? Essentially it'll turn Linux into a microkernel, with user space device drivers.

    I suspect that Project Treble will prove to be very popular with device manufacturers, especially those who think they have intellectual property to protect (e.g. the WiFi vendors). So it might be that across the entire Linux world some, then lots of device support will be made available "only if you have Project Treble".

    If that does happen, there's going to be pressure on the major distributions to go that way. For example, Ubuntu aren't too shy of including closed and / or third party stuff.

    If that's the way it goes, it risks becoming very messy. If Linux is going to become a little bit microkernel-ish, it would make sense to go the whole hog and make it entirely a microkernel. I can't see that being universally popular throughout the kernel community...

    Maybe systemd will beat Treble to it?!?!?!?!?

  15. This post has been deleted by its author

  16. Anonymous Coward
    Anonymous Coward

    Ad-hominem

    Ad hominem (Latin for "to the man" or "to the person"[1]), short for argumentum ad hominem, is now usually understood as a logical fallacy in which an argument is rebutted by attacking the character, motive, or other attribute of the person making the argument, or persons associated with the argument, rather than attacking the substance of the argument itself

    https://en.wikipedia.org/wiki/Ad_hominem

  17. Ramazan

    If grsec are clowns, Torvalds is a director of a circus, surely.

  18. Potemkine!

    "'I stopped trying to be polite about their BS"

    ROTFL! I wonder what "being polite" means for the Linux Overloard... throwing less than 2 insults by sentence maybe? ^^

  19. Donkey Molestor X

    An ounce of prevention is worth a pound of cure.

    An ounce of prevention is worth a pound of cure.

    If there is a way to defeat an entire class of errors (heap-stack collisions) would it not make more sense to implement it than play whack-a-mole in one piece of code at a time? Rather than writing it off as "pure garbage" just because you don't personally like the source of the fix?

    I guess Linus's attitude is good for the security industry as security researchers get to find the same vuln. in program after program and pretend they're doing original research each time. As long as it is the users who pay the price what does he care?

  20. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020