Article <roOdnTeJZ7HHoob6nZ2dnZfqn

Deutsch English Français Italiano
<roOdnTeJZ7HHoob6nZ2dnZfqn_idnZ2d@earthlink.com>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!local-1.nntp.ord.giganews.com!Xl.tags.giganews.com!local-2.nntp.ord.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mail
NNTP-Posting-Date: Fri, 25 Oct 2024 06:48:58 +0000
Subject: Re: Torvalds Slams Theoretical Security
Newsgroups: comp.os.linux.advocacy,comp.os.linux.misc
References: <pan$26699$6602b79b$4abe425a$df32a923@gnu.rocks>
 <_OmcnZpYmdE-PYX6nZ2dnZfqn_udnZ2d@earthlink.com>
 <vfaql1$21cfe$2@dont-email.me>
From: "186282@ud0s4.net" <186283@ud0s4.net>
Organization: wokiesux
Date: Fri, 25 Oct 2024 02:48:57 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.13.0
MIME-Version: 1.0
In-Reply-To: <vfaql1$21cfe$2@dont-email.me>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Message-ID: <roOdnTeJZ7HHoob6nZ2dnZfqn_idnZ2d@earthlink.com>
Lines: 107
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 99.101.150.97
X-Trace: sv3-IGqYvuQ3fBPEPTXxBCralh2eF2mT04fw3gp8R+bIGAd7m9/RwpbE/GQc/h8/cZYhEDHWzjdb7dSvG62!u3qNVl0fRuxldd7tmHHAfwU1+JGANluZIjlLn8kkluzOsLYXzbYJ8QihJ5nf6c5KUwYdqreBa4xo!0oGlyfe1cTlVzkQWQ3ea
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40
Bytes: 5496

On 10/23/24 8:36 AM, Phillip Frabott wrote:
> On 10/23/2024 03:07, 186282@ud0s4.net wrote:
>> On 10/21/24 3:07 PM, Lester Thorpe wrote:
>>> Distro maintainers, and their lackey consumers, who bloat their 
>>> GNU/Linux
>>> distros with performance degrading security "features" should take note
>>> of the latest exclamations of Linus Torvalds:
>>>
>>> "Honestly, I'm pretty damn fed up with buggy hardware and completely 
>>> theoretical
>>> attacks that have never actually shown themselves to be used in 
>>> practice."
>>>
>>> https://linux.slashdot.org/story/24/10/21/1533228/linus-torvalds- 
>>> growing-frustrated-by-buggy-hardware-theoretical-cpu-attacks
>>>
>>> Tell 'em, Linus!  Those paranoid freaks are ruining desktop computing!
>>
>>    Linus is "kind-of right", but "kind-of not".
>>
>>    The problem is State-funded actors these days
>>    and the MASSIVE computing power they can bring
>>    to bear. At least SOME of those "theoretical"
>>    attack vectors CAN become real attack vectors.
>>
>>    But WHICH ???
>>
>>    Yes, you can go totally overboard on "security",
>>    and, mostly, it won't do much good. Paranoia can
>>    push this to extremes where you can barely use
>>    the system/apps (think Vista) - and I think that's
>>    what Linus is concerned with.
>>
>>    However there ARE 'sensible' security measures
>>    that go beyond mere Linux passwords and a few
>>    port blocks.
>>
> 
> I think the point that Linus was making was just that, even if these 
> 'theoretical' attack vectors were actual issues, the CPU manufacturer's 
> need to be the one patching it with a firmware update.

   SOME of it is CPU, SOME is 'system', SOME will be
   peripherial chips/drivers.

   There's no ONE attack vector. Vlad's boyz have the
   resources to put the proverbial battering ram to
   every portal.

   Oh, and CPU makers will ALWAYS be behind the curve.
   This is the ever-repeating paradigm for attacks and
   I don't think it can be fixed.

> Hardware related 
> attacks need to be fixed by the hardware MFG and Linux should only fix 
> software related attack vectors. I think that was the point Linus was 
> making here. The kernel should not be the go-to agency for fixing 
> hardware-specific security issues, nor should it be the kernel's job 
> anyways. It's like, Boeing having a problem with an engine from another 
> manufacturer. Who fixes the engine? It should be the engine manufacturer 
> not some Boeing software engineer adding something to the throttle 
> control system to 'mitigate' the issue.


   But again the TIME factor gets involved. No maker
   "just knows" all the weaknesses of their chips/system/
   apps. Their response is usually REACTIVE - but by then
   the damage has been done. This is the Real Life bummer.


> At least that was how I took it. I don't think Linus was trying to 
> downplay the security aspect of it. I think it's just, it's not a "Linux 
> Problem". Go fix your sh*t Intel/AMD. But that's just my take on the 
> article.

   Linus is super-smart and practical - no question. But
   even he can't guess ALL potential attack vectors, and
   they MAY revolve around tiny flaws created a decade,
   or decades, ago.

   SOME of the ultra-paranoid, oft "committee" derived,
   potential security issues ARE gonna be pure BS. The
   question is WHICH ? External critics always go hawg
   wild to make themselves look good, but they're not
   wrong about *everything*.

   It's a problem.

   Now a SERIOUS problem as the cyber-wars are escalating
   very rapidly.

   SO ... what the hell do we DO ???

   Ah ... C64s with dial-up and System-in-ROM  !

   Should have kept my C64 ... DO have a VIC-20
   stashed somewhere though .... the executors of
   my estate are gonna HATE my vast "weird stuff"
   inventory, but, hey, I won't care  :-)

   He who dies with the most toys ...........

   Hmm - wonder if my Sanyo mostly-pc-compatible
   is worth anything ? Tandy proto-laptop with
   actual Bill Gates code in it ? ZX-81 ? 8051
   chip inventory ? Apple-II ???  :-)