[talk] Washington Post article on Linus/Linux

thornton.richard at gmail.com thornton.richard at gmail.com
Mon Nov 9 15:15:03 EST 2015


I read the article. I doubt the Washington Post is any sort of definitive source for these types of topics, because what is the underlying message?  Back in 2003 when SCO was claiming Linus infringed on their code, the rebuttal was to show the code. SCO lost.  Why doesn't Theo show the‎ code then?  

I am a user of OpenBSD and Xubuntu. Am I being naive to even consider using a Linux? Xubuntu makes a great desktop system. Are hundreds of thousands of users of Linux stupid compared to those using OpenBSD as the desktop OS?


Richard

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
  Original Message  
From: William Totman
Sent: Monday, November 9, 2015 10:43 AM
To: George Rosamond
Cc: NYCBUG
Subject: Re: [talk] Washington Post article on Linus/Linux


> On Nov 9, 2015, at 00:39, George Rosamond <george at ceetonetechnology.com> wrote:
> 
> Referenced in a recent Theo presentation...
> 
> washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument
> 
> Honorable mention to the OpenBSD crew early in the article (hint: the
> monkeys), as one of the many security experts at odds with Linus.
> Surprise, surprise if you didn't pick up the theme over the past few years.
> 
> The grsecurity comments have been pretty noisy over the past few years,
> and receive a lot of mention.
> 
> Pretty remarkable article.. rather, shocking. In reality, nothing
> really has changed in my memory. No one cared about spam until upper
> management gets too many "C1al1s" emails, or until an attachment shuts
> down the firm for a morning, or a web site is defaced, or customer data
> is lost on laptop and it's publicly disclosed... to imagine that all the
> corporations paying devs to contribute code have any different attitude
> to security would be humorous.
> 
> g
> 
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk


There are a few things that might be at work to change C-level execs minds about their 
responsibilities in securing their companies:
- the Target breach saw their CEO get canned
- the justice department seeking to bring criminal charges against executives
- criminal negligence anyone?
- cyberthreat insurance is seeing premiums jump as high as 30%
- let alone the monetary cost of such a breach
- de facto (individual) industry standards that, if not pursued, could be used by 
cleaver lawyers in civil suits (vis a vis: the second bullet)


Notice how Torvalds immediately builds the most ridiculous scenario to justify his attitude:

MILLIONS ARE GOING TO DIE!

He might as well have used the Sun going supernova as an example.

While there are edge cases that involve protecting people’s lives - there are many
other important facets to cyber security that Torvalds obviously doesn’t care about.


-bt


_______________________________________________
talk mailing list
talk at lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk



More information about the talk mailing list