Deutsch   English   Français   Italiano  
<vfaql1$21cfe$2@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Phillip Frabott <nntp@fulltermprivacy.com>
Newsgroups: comp.os.linux.advocacy,comp.os.linux.misc
Subject: Re: Torvalds Slams Theoretical Security
Date: Wed, 23 Oct 2024 08:36:50 -0400
Organization: A noiseless patient Spider
Lines: 59
Message-ID: <vfaql1$21cfe$2@dont-email.me>
References: <pan$26699$6602b79b$4abe425a$df32a923@gnu.rocks>
 <_OmcnZpYmdE-PYX6nZ2dnZfqn_udnZ2d@earthlink.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 23 Oct 2024 14:36:49 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="21694f2201a9b01a2bf1889428bc5f10";
	logging-data="2142702"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX1+j7CLQyONYCMeXmk1T8WIksu0Z+ZgJsLY="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:03fHkAP9KCjjhWXrPcdEJdQd/Yw=
In-Reply-To: <_OmcnZpYmdE-PYX6nZ2dnZfqn_udnZ2d@earthlink.com>
Content-Language: en-US
Bytes: 3677

On 10/23/2024 03:07, 186282@ud0s4.net wrote:
> On 10/21/24 3:07 PM, Lester Thorpe wrote:
>> Distro maintainers, and their lackey consumers, who bloat their GNU/Linux
>> distros with performance degrading security "features" should take note
>> of the latest exclamations of Linus Torvalds:
>>
>> "Honestly, I'm pretty damn fed up with buggy hardware and completely 
>> theoretical
>> attacks that have never actually shown themselves to be used in 
>> practice."
>>
>> https://linux.slashdot.org/story/24/10/21/1533228/linus-torvalds- 
>> growing-frustrated-by-buggy-hardware-theoretical-cpu-attacks
>>
>> Tell 'em, Linus!  Those paranoid freaks are ruining desktop computing!
> 
>    Linus is "kind-of right", but "kind-of not".
> 
>    The problem is State-funded actors these days
>    and the MASSIVE computing power they can bring
>    to bear. At least SOME of those "theoretical"
>    attack vectors CAN become real attack vectors.
> 
>    But WHICH ???
> 
>    Yes, you can go totally overboard on "security",
>    and, mostly, it won't do much good. Paranoia can
>    push this to extremes where you can barely use
>    the system/apps (think Vista) - and I think that's
>    what Linus is concerned with.
> 
>    However there ARE 'sensible' security measures
>    that go beyond mere Linux passwords and a few
>    port blocks.
> 

I think the point that Linus was making was just that, even if these 
'theoretical' attack vectors were actual issues, the CPU manufacturer's 
need to be the one patching it with a firmware update. Hardware related 
attacks need to be fixed by the hardware MFG and Linux should only fix 
software related attack vectors. I think that was the point Linus was 
making here. The kernel should not be the go-to agency for fixing 
hardware-specific security issues, nor should it be the kernel's job 
anyways. It's like, Boeing having a problem with an engine from another 
manufacturer. Who fixes the engine? It should be the engine manufacturer 
not some Boeing software engineer adding something to the throttle 
control system to 'mitigate' the issue.

At least that was how I took it. I don't think Linus was trying to 
downplay the security aspect of it. I think it's just, it's not a "Linux 
Problem". Go fix your sh*t Intel/AMD. But that's just my take on the 
article.

-- 
Phillip Frabott
----------
- Adam: Is a void really a void if it returns?
- Jack: No, it's just nullspace at that point.
----------