Moderator
One could argue that linux.com/kernel.org lacked such a person. Gotta be careful with statements like that.Originally Posted by Wyatt
Not saying that Apple nor MS haven't had their issues as well, however it has not taken them a month+ to get those services running. Remember is was Linus himself that chose to start calling down others on their security mindedness with his "masturbating monkeys" comments a few years back. It looks like now and only after that they were compromised that security has once again become an issue that requires a bit more attention "then anything else".It's not like the stakes in a complete security audit are an unknown or something. It's an apples to oranges comparison if their scenario is anything but "someone with commit access to our operating system was social-engineered into compromised credentials and may have inserted malignant code", and in the first place neither Apple nor MS have a sterling record they can boast in contrast (and don't think they don't know it)
It could have been just as easy to get that information had such information been present.If they (any of them) somehow managed to...say, lose tens of millions of users' personal information (i.e. "Pull a Sony") I'd be all for laying into them, but that's not the scenario.
They could have just as easily addressed the immediate issue and kept going with the old system until the replacement was ready.Taking time and being careful while still developing the kernel? That earns my respect. From where I sit, their response was actually pretty on the ball, and it'll be relatively simple to turn git into the star of this show when it's all done.
Senior Member
Besides, it's probably maintained more as a hobby by some kernel developers, and they have other things to do. And --OSS and distributed development FTW-- linux.org is not really that important to have for us compared to microspf.com or aple.com for them.
Moderator
I respectfully disagree. If it is maintained as a "hobby" that is a problem and a serious one at that. Like it or not it does leave a bad impression to have associated "banner" web sites for your product to go down for extended periods of time especially when it served as a mirror for many distro's. Those sites were getting 100k plus hits a day all the way back in 1999 and has grown considerably since then.
Phoronix Member
And they would be right in doing so.
It is more than just embarrassing. Also a lot of people said that there was no danger anyway since the linux kernel sources are managed via git. Yeah but these people obviously forgot that kernel.org was also hosting packages for at least Arch Linux.
Senior Member
Yes, but such information wasn't present. That is one of the reasons why the two situations are so different. The practical impact of a security breach at the Linux servers is small. The practical impact of a similar security breach at the Microsoft or Apple servers would be massive. So saying that people would be hypocritical for being more upset at an Apple or Microsoft security breach than this one ignores the difference in impact the events would have.
It is like saying people would be hypocritical to be more concerned about a fire at huge apartment complex with hundreds of apartments than one at a single-family home. The potential impact of one is much greater than the other, even though both are bad.
Moderator
Sorry but you are assuming that every server system @ apple.com/ microsoft.com / amazon.com / store CC information and the likes and that is the farthest thing from the truth. Do you know for a fact for example that the linux foundations funding information for example has not been compromised?
Senior Member
Summary: deanjo is disappointed that there hasn't been a big backlash due to the lenghty downtime of linux.org. As a bsd proponent he has a dislike for Linux and perhaps more towards Linus due to a (admittedly shitty) remark where bsd developers where compared to masturbating monkeys. As such he wants this breach to reflect as badly as possible on Linux as a whole. *yawn* more bsd<->linux zelot mudslinging...
Moderator
Just pointing out the double standards of how it is viewed for no logical reason other then "it's bad when it happens to others but when it happens to our faction it is acceptable".
It has nothing to do with free vs closed, os vs os, it does however have everything to do with being prepared and not letting "bush league" administration practices effect public perception by any for/against faction. It's just bad administration and deployment, period.As a bsd proponent he has a dislike for Linux and perhaps more towards Linus due to a (admittedly shitty) remark where bsd developers where compared to masturbating monkeys. As such he wants this breach to reflect as badly as possible on Linux as a whole. *yawn* more bsd<->linux zelot mudslinging...
Senior Member
Despite his zealotry (I think mostly nobody is free of that in this site, myself included), he has some valid points.
It's obvious this is a disaster for Linux and must be a lesson for Linux Foundation and the community itself. Anyway, Linux ecosystem has a long Nietzschean-like way: Which does not kill Linux, makes it stronger.
- One of the big things was the BitKeeper controversy, this resulted in Git.
- The SCO controversy implied to different parties like Novell, IBM, Red Hat, Linux and others. Finally the copyrights got resolved and Novell was the one owning the UNIX copyrights, that is positive because (still) being a Linux-based company.
So I think this will result in something to manage Linux Foundation's services in a lot more professional way and also a motivation to innovate in them.
Senior Member
I don't think of deanjo as a zelot, which to me is someone who is a fanatic and I don't think he is, although he's certainly a bsd partisan. That said there are some people here on phoronix who in my opinion would fit the bill, both in the linux/bsd camps. Personally I'm an everyday Linux user, however what I REALLY want to use is Haiku, Linux is just the best alternative for me until (hopefully) Haiku matures enough for me to use it as my primary desktop system. So yes, I'm certainly a Haiku partisan/fanboy. However, unlike the case with a zelot, my liking of Haiku does not translate to dislike/hatred toward other systems.
Ehh? Disaster? Development went on practically uninterrupted (I just built and installed the latest rc). Again deanjo is unpleasantly surprised over the fact that the slow return of kernel.org hasn't started a massive shitstorm. But the answer is obvious, not kernel.org nor the Linux Foundation webstite are in any way a vital part of Linux development, as proven by this situation. As for the breach itself, from what has surfaced someone with root access has had his account credentials compromised and that account has been used to deploy a rootkit which in turn has been fishing for other credentials. Obviously no security system can protect itself from a malicious user with proper credentials for a root account, so the real question is how the credentials were compromised in the first place and if security policies can be amended to prevent something like this from happening again.
I don't see how Linux has come out stronger from this, nor can I see how it has come out weaker. It has perhaps highlighted the flexibility of it's development model (by simply moving the project temporarily to github) but I doubt that was news to anyone.
I certainly think that there will be a focus on security procedures and a tightening of account priviledges, but again I can't see how this has any measurable effect on 'Linux'.
Posting Permissions
Reply With Quote