| |||||||||||||
Security quotes of the weekSecurity quotes of the weekPosted Jun 1, 2012 13:54 UTC (Fri) by malor (subscriber, #2973)In reply to: Security quotes of the week by hummassa Parent article: Security quotes of the week Only on Linux, and it is utter, absolute bullshit that it always needs to be that way. These guys spit in the face of the security community, and now they've dug themselves in so deep that they no longer can offer secure shared access to hardware. Their kernel is so rickety that they're scared to even try to offer shared access themselves. They won't eat their own dog food, because they have fatally compromised one of the two fundamental layers of Unix-style security. It used to require two exploits to own a box, a user-level exploit and then a root-level exploit, but now it only really takes one. To get any kind of reasonable security at all, we have to turn to extremely inefficient virtualization instead. We have to haul around a whole separate kernel for each user, because these assholes have been trivializing and laughing about security for a decade now. Security is hard, but it can absolutely be done, with the right focus. Sneering at the security community, and then actively lying about patches that fix security problems, is not the way to go about doing that. They're starting to figure out, finally, that their security is SHIT. Now the question becomes, are they willing to step up and fix their mess, or do people die because of security compromises, where people were foolish enough to trust Linux with data that could get them killed? This stuff matters. It matters desperately for a substantial fraction of the world's population. And if they trust Linux with their data, they may end up dead. If the kernel hackers don't have blood on their hands already, they eventually will.
(Log in to post comments)
Security quotes of the week Posted Jun 1, 2012 15:24 UTC (Fri) by etienne (subscriber, #25256) [Link]
> Security is hard, but it can absolutely be done
When the owner/defender of a Linux system refuses to pay anything (only beer-free software) and demands every undocumented hardware supported by windows to be supported by Linux for free;
Security quotes of the week Posted Jun 1, 2012 16:50 UTC (Fri) by AndreE (subscriber, #60148) [Link]
What fraction of the world's population needs this work or will end up dead? "Blood on their hands" sounds a bit dramatic.
Security quotes of the week Posted Jun 1, 2012 17:15 UTC (Fri) by hummassa (subscriber, #307) [Link]
> Only on Linux
On ANY Windows OS, privilege escalation is available the moment you log in.
Ditto for MacOSX.
It has been 15 years or more since I have seen other Unices in the wild (where I work nowadays used to be a Windows98 + Slowlaris/x86 shop some ten years ago, but the SunOS part of it was quickly replaced by Linuxes, and it was restricted to the Oracle server at the time).
Security quotes of the week Posted Jun 1, 2012 21:10 UTC (Fri) by dgm (subscriber, #49227) [Link]
What is more important, begin secure or being used? Look at Windows and answer it to yourself in the most honest way you can. And no, it's not a question of trade-offs (they are not mutually exclusive) but of focus.
Security quotes of the week Posted Jun 4, 2012 10:59 UTC (Mon) by jschrod (subscriber, #1646) [Link]
> It matters desperately for a substantial fraction of the world's
> population. And if they trust Linux with their data, they may end up dead.
Drama queen.
A tip: Tone down your hyperbole to a realistic level, and people might start to listen to you. Forecasting »death« for »a substantial fraction of the world's population« owing to their potential use of Linux, reads like paranoia, and not like a serious contribution to a discussion. Not using profanity will probably help, too.
|
|||||||||||||