Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
On the contrary, nix has a splendid command of the English language. In this particular case he is spot-on, as has been sufficiently proved.
Posted Jul 18, 2008 21:51 UTC (Fri) by nix (subscriber, #2304)
I'm trying to train myself out of responding to them. Security people tend
to fall into two categories, charming and horrible, without many in the
middle. tytso and Wietse Venema are examples of the charming type...
Of course people can be quite different in person than on the net. I hope
this is true here too.
Posted Jul 20, 2008 22:17 UTC (Sun) by PaXTeam (subscriber, #24616)
while you two are celebrating i-don't-know what, let me remind the readers of this thread what
these two geniuses said in the recent past.
nix in http://lwn.net/Articles/286336/:
In fact your interpretation makes no sense at all: why would people
spend time coordinating to hide security holes when knowingly doing
that could have no consequence other than to harm the reputation of
the system they're working on? Doing that would be ridiculous. Ergo,
they aren't doing that: there is no magically coordinated decision to
fix security holes while hiding them by the single means of describing
them differently in commit logs, no conspiracy, no bad intent.
man_ls in http://lwn.net/Articles/286629/:
Yes: do not hide bugs and do not hide security implications. "Do not
hide" is the relevant part here.
contrast that with what Linus and others said and think about who's played the fool here all
this time ;).
Posted Jul 20, 2008 22:49 UTC (Sun) by man_ls (subscriber, #15091)
The way to adulthood usually is that first you learn how to behave and to respect your fellows, and then you can discuss whatever you like. Please do so; we don't need another De Raadt.
Posted Jul 20, 2008 23:27 UTC (Sun) by PaXTeam (subscriber, #24616)
the thing is, right from the start you did not have a civilized discussion, i believe you see
that yourselves now in hindsight. the lesson for you is that next time before you question the
messengers, you should look at the message and do some background research yourselves before
you engage them. in other words, ad hominem attacks are not conductive to your civilized
discussion no matter how much you talk about adulthood and respect to your fellows later.
Posted Jul 21, 2008 6:15 UTC (Mon) by nix (subscriber, #2304)
Most of your evidence was on private mailing lists: there's no way we
could do that. (The word 'evidence isn't even really appropriate here.)
Thus all we really have to go on is the word and character of the
participants. Let's see, you or Linus. Boy, I wonder, *that's* a hard
choice. After all you've been acting in a way so sure to make people
believe every word you say.
(Yes, the way you say things *does* matter. I dislike it too sometimes,
but it's human nature.)
Posted Jul 21, 2008 7:16 UTC (Mon) by PaXTeam (subscriber, #24616)
> Most of your evidence was on private mailing lists: there's no way we
> could do that. (The word 'evidence isn't even really appropriate here.)
actually, pretty much nothing was. we explicitly showed you commits and corresponding
bugzilla/etc entries where the discrepancy should have at least raised a curious "yeah,
really, what's up with that?" and resulted in your asking further questions to the devs
themselves. and your reaction to that? let's see http://lwn.net/Articles/286405/ :
Mostly I'm not interested enough to bother people over it.
and *then* you still continued to attack the characters of people for *weeks* and even *now*
you keep arguing that truth is decided by who says it, not by the supporting facts. that's as
absurd and irrational as it can get.
> Thus all we really have to go on is the word and character of the
really, you *have* to? as if there were no alternative. you're just trying to explain your
behaviour instead of apologizing for it (ah yes, that's part of adulthood too, you know,
although you'll probably not find it in the dictionary that you seem to be so attached to).
as a final note i'd like to make an observation in that the most or even all voracious ad
hominem attacks came from anonymous posters such as yourselves. something to remind yourself
next time you divide the 'security people' into black and white categories as somewhere above
(i'm not into security by the way, just a web programmer).
Posted Jul 21, 2008 7:46 UTC (Mon) by nix (subscriber, #2304)
I'm not saying that truth is determined by who says it, nor have I ever.
What I'm saying is that *when a lot of evidence is invisible* (as was the
case with yours despite your protestations), people *will* use the
characters of the arguers in determining the probable truth or falsity of
Fallacy or not, *this is the way people think*, and if you want to have
anyone believe anything you say in future, remembering this might be wise.
Right now I wouldn't believe you if you said the sky was blue, unless
confirmed by independently available evidence. Your every action
screams 'bias' (because all we have available is your words, and your
words are every bit as rife with ad hominem attacks as they were when this
Posted Jul 21, 2008 12:36 UTC (Mon) by zooko (subscriber, #2589)
From my perspective, it seems like it would be nice for someone to do the work of identifying
security bugs specifically and explaining, for each one, what sort of situations expose the
user to danger, how to work-around it, and what patch(es) fix it.
We've already heard that GregKH and Linus aren't going to do that.
Perhaps there's an opportunity for some other motivated, skilled person to offer that service?
Such a service would help some users manage their risks better, and it would provide a
valuable "feedback loop" to the kernel developers by documenting the issues.
Posted Jul 21, 2008 12:46 UTC (Mon) by PaXTeam (subscriber, #24616)
yes, it would be the next step after the already known security issues are acknowleged at
least. since such research requires full staff, the Linux vendors are in the best position to
fund such a service.
Posted Jul 21, 2008 13:44 UTC (Mon) by nix (subscriber, #2304)
Excellent idea. However, if the distro vendors did this, they'd probably
do it for their stable enterprise kernels, as those are the kernels their
paying customers use (and also kernels that change slowly enough that this
sort of fine tooth-combing is possible).
I wish this sort of thing was possible to fund with the raging high-speed
chaos that is upstream kernels but I have a feeling that it isn't :/
still, hopefully if this were done *some* of the holes that were found in
distro kernels might still be applicable upstream.
(disclaimer: I have no input into funding decisions anywhere at all nor
ever have had. This is purest speculation.)
Posted Jul 21, 2008 12:01 UTC (Mon) by man_ls (subscriber, #15091)
Unsurprisingly you did not learn anything from the discussion and had to go to lkml, where you were told essentially the same thing. Now our grumpy editor has dedicated a full article to the same issues from where (unsurprisingly) you came out as unenlighted as before.
As to "questioning the messengers" it is always a healthy exercise and it would not be wise to stop doing it. If you are not up to such questioning then maybe your case is not that clear. I will not go into your accussations of ad hominem since they are completely unfounded.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds