Deutsch English Français Italiano |
<vfaql1$21cfe$2@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Phillip Frabott <nntp@fulltermprivacy.com> Newsgroups: comp.os.linux.advocacy,comp.os.linux.misc Subject: Re: Torvalds Slams Theoretical Security Date: Wed, 23 Oct 2024 08:36:50 -0400 Organization: A noiseless patient Spider Lines: 59 Message-ID: <vfaql1$21cfe$2@dont-email.me> References: <pan$26699$6602b79b$4abe425a$df32a923@gnu.rocks> <_OmcnZpYmdE-PYX6nZ2dnZfqn_udnZ2d@earthlink.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Wed, 23 Oct 2024 14:36:49 +0200 (CEST) Injection-Info: dont-email.me; posting-host="21694f2201a9b01a2bf1889428bc5f10"; logging-data="2142702"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+j7CLQyONYCMeXmk1T8WIksu0Z+ZgJsLY=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:03fHkAP9KCjjhWXrPcdEJdQd/Yw= In-Reply-To: <_OmcnZpYmdE-PYX6nZ2dnZfqn_udnZ2d@earthlink.com> Content-Language: en-US Bytes: 3677 On 10/23/2024 03:07, 186282@ud0s4.net wrote: > On 10/21/24 3:07 PM, Lester Thorpe wrote: >> Distro maintainers, and their lackey consumers, who bloat their GNU/Linux >> distros with performance degrading security "features" should take note >> of the latest exclamations of Linus Torvalds: >> >> "Honestly, I'm pretty damn fed up with buggy hardware and completely >> theoretical >> attacks that have never actually shown themselves to be used in >> practice." >> >> https://linux.slashdot.org/story/24/10/21/1533228/linus-torvalds- >> growing-frustrated-by-buggy-hardware-theoretical-cpu-attacks >> >> Tell 'em, Linus! Those paranoid freaks are ruining desktop computing! > > Linus is "kind-of right", but "kind-of not". > > The problem is State-funded actors these days > and the MASSIVE computing power they can bring > to bear. At least SOME of those "theoretical" > attack vectors CAN become real attack vectors. > > But WHICH ??? > > Yes, you can go totally overboard on "security", > and, mostly, it won't do much good. Paranoia can > push this to extremes where you can barely use > the system/apps (think Vista) - and I think that's > what Linus is concerned with. > > However there ARE 'sensible' security measures > that go beyond mere Linux passwords and a few > port blocks. > I think the point that Linus was making was just that, even if these 'theoretical' attack vectors were actual issues, the CPU manufacturer's need to be the one patching it with a firmware update. Hardware related attacks need to be fixed by the hardware MFG and Linux should only fix software related attack vectors. I think that was the point Linus was making here. The kernel should not be the go-to agency for fixing hardware-specific security issues, nor should it be the kernel's job anyways. It's like, Boeing having a problem with an engine from another manufacturer. Who fixes the engine? It should be the engine manufacturer not some Boeing software engineer adding something to the throttle control system to 'mitigate' the issue. At least that was how I took it. I don't think Linus was trying to downplay the security aspect of it. I think it's just, it's not a "Linux Problem". Go fix your sh*t Intel/AMD. But that's just my take on the article. -- Phillip Frabott ---------- - Adam: Is a void really a void if it returns? - Jack: No, it's just nullspace at that point. ----------