Saturday, November 07, 2015

To use Linux is to embrace death...

Not really, but I got your attention didn't I?

The Washington Post had an article yesterday about Linux's growing influence and Linus Torvald's alleged unwillingness to address security issues.  I found it interesting and a number of the arguments made sense to me but a) I am a moron, b) although I use Linux in the course of work or school I am not a "Linux User" and c) I am a moron.
But while Linux is fast, flexible and free, a growing chorus of critics warn that it has security weaknesses that could be fixed but haven’t been. Worse, as Internet security has surged as a subject of international concern, Torvalds has engaged in an occasionally profane standoff with experts on the subject. One group he has dismissed as “masturbating monkeys.” In blasting the security features produced by another group, he said in a public post, “Please just kill yourself now. The world would be a better place.”
There are legitimate philosophical differences amid the harsh words. Linux has thrived in part because of Torvalds’s relentless focus on performance and reliability, both of which could suffer if more security features were added. Linux works on almost any chip in the world and is famously stable as it manages the demands of many programs at once, allowing computers to hum along for years at a time without rebooting.
Yet even among Linux’s many fans there is growing unease about vulnerabilities in the operating system’s most basic, foundational elements — housed in something called “the kernel,”
That gives you a taste.  As a non-"Linux User" I am not really qualified to comment on kernel issues, but I get the ICS-CERT and US-CERT vulnerability summaries each week and let me tell you I see the Linux kernel listed in them more and more.

That should be worrisome.

I am not saying it's a catastrophe or that Linux is inherently insecure or anything like that, but the fact that it is appearing so often tells me that criminal hackers are probably spending more time attempting to crack Linux, and just like there is a Rule 34 there is a rule 48, or 51, or Eleventy-Billion or whatever and that rule is: "If an exploit exists it will be found and used".  As to actual solutions, well there is probably an unhappy medium that both sides can agree to.

Now on the lighter side - Kill Bill - The Junior Edition :-)

Post a Comment

Cybersecurity Job Numbers from 3/11/2018 shows 285,681 open cybersecurity positions nation wide (not the 1,000,000 that I hear quoted so often).  The eight states with...