Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
Starting discussions with people by labeling them as clueless as the first sentence, is doing
a pretty terrible job about not inciting emotional responses.
"Stable" kernel 188.8.131.52 released
Posted Jun 17, 2008 10:52 UTC (Tue) by PaXTeam (subscriber, #24616)
it wasn't a start but the continuation of http://lwn.net/Articles/285438/ . second, it's not a
discussion apparently, but just talking to ourselves and maybe telling the world to look at
certain problems, the discussion itself is apparently to be had on lkml with the kernel devs,
not us. finally, maybe you wanted to say 'flame' instead of 'trolling'? there's a big
difference and lkml is full of the former yet life continues, problems get solved. why can't
this one be?
Posted Jun 17, 2008 11:27 UTC (Tue) by Los__D (guest, #15263)
<p><i>it wasn't a start but the continuation of http://lwn.net/Articles/285438/ </i><br/>
Another post started in exactly the same mocking way, and not intended FOR the developers, but
for spewing gall at them, on a semi-random news site.
Please note that I don't disagree at with the technical parts, just the serving.
Posted Jun 17, 2008 13:53 UTC (Tue) by nix (subscriber, #2304)
Likewise. Obviously it would be nice if more things that were security holes got so labelled,
but short of educating everyone who commits anything to think in a suitably paranoid manner (a
nice long-term goal but ridiculous in the short term), I can't see any way in which this
problem could be instantly fixed, except if the people who *could* determine that particular
fixes fix security problems were to help with that.
But at least one of them (sorry Brad, mixed you up, it may be that only PaXTeam is alleging
some sort of widespread dishonesty conspiracy theory and you're merely alleging insufficient
paranoia, which I'd agree with) would apparently rather moan than help fix the problem.
Posted Jun 17, 2008 14:25 UTC (Tue) by PaXTeam (subscriber, #24616)
1. none of us talked about 'conspiracy', you did. you keep coming up with this strawman and
i'll keep exposing it. but keep trying ;).
2. as you were told about a dozen times already, the problem isn't with not recognizing a bug
for its security impact (or rather, that's a separate problem), but the intentional omission
of such information when it is already known. you have yet to explain the ptrace self-attach
commit, why don't you say something about that?
3. we can't help fix the problem because the problem isn't with us but rather those kernel
developers who decided (but failed to inform the public about) that full-disclosure is a PR
act only, in reality they don't practice it. the consequence of this double-play is that
people who trust them on their word will make false security evaluations when looking at the
commits (and no, they have nothing else to judge because these bugs are discussed on private
Posted Jun 17, 2008 15:07 UTC (Tue) by nix (subscriber, #2304)
Did you not read what I wrote at all? You're insisting that your assertions of coordinated
identical intentional malpractice on the part of many dozens of unrelated people does not
constitute a conspiracy theory... but coordinated identical intentional malpractice is the
very *definition* of conspiracy.
i.e. you're now arguing with the dictionary, not with me.
Posted Jun 17, 2008 15:24 UTC (Tue) by PaXTeam (subscriber, #24616)
i read what you wrote but i think we're having a definition crisis of some sort ;). how do you
define 'coordination'? somewhere above i told you it doesn't take much in a close-knit circle
of people who belong to the same social group anyway. if you mean written edicts issued in
secret or something like that, then it's definitely not that. if you mean the 'see what Linus
does, do as Linus does' kind of 'coordination', then you may call it that but it doesn't make
it so. ever heard of unspoken/unwritten rules that people understand and abide by? doesn't
make them all conspirative, does it? nevertheless, it can still be bad practice and in this
case, it is.
but in the end, you know what, whatever word makes you happy. can you now make the next step
and actually do something about checking the facts out for yourself?
Posted Jun 17, 2008 15:42 UTC (Tue) by nix (subscriber, #2304)
I can't do that because the facts are largely on private lists I don't have access to. (That's
why I trusted that the facts were as you stated.)
Posted Jun 17, 2008 15:47 UTC (Tue) by PaXTeam (subscriber, #24616)
> I can't do that because the facts are largely on private lists I don't
> have access to.
and what prevents you from asking for them? are you not curious? don't you think that it may
be a good idea to make them public? or just afraid of finding your beliefs shattered a bit?
Posted Jun 17, 2008 18:09 UTC (Tue) by nix (subscriber, #2304)
Mostly I'm not interested enough to bother people over it (and I have other things to do). If
the holes get fixed, it's good enough for me personally...
Posted Jun 17, 2008 20:53 UTC (Tue) by ncm (subscriber, #165)
Sorry, nix, the "definition of conspiracy" involves lawbreaking. I see no evidence of crimes
here, and no accusations of crimes, hence no conspiracy and no accusation of conspiracy.
What we do appear to have is a belief in security-by-obscurity, abetted by preference for
convenience and tidiness, and by publicity-shyness, finally coupled with disrespect for
SELinux. None are crimes, but the combined effect on security is no less fortunate.
Posted Jun 17, 2008 22:36 UTC (Tue) by nix (subscriber, #2304)
There's a dictionary definition and a legal definition, and they're
different. The dictionary definition doesn't mention lawbreaking (at least
not in my dictionary).
(And no, nobody's alleged crimes, although some of the allegations might
be read to allege criminal *intent*.)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds