Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hyper-Threading, Linus Torvalds vs. Colin Percival

timothy posted more than 9 years ago | from the local-exploit-means-other-bad-things dept.

Security 396

OutsideIn writes "The recent Hyper-Threading vulnerability announcement has generated a fair amount of discussion since it was released. KernelTrap has an interesting article quoting Linux creator Linus Torvalds who recently compared the vulnerability to similar issues with early SMP and direct-mapped caches suggesting, "it doesn't seem all that worrying in real life." Colin Percival, who published a recent paper on the vulnerability, strongly disagreed with Linus' assessment saying, "it is at times like this that Linux really suffers from having a single dictator in charge; when Linus doesn't understand a problem, he won't fix it, even if all the cryptographers in the world are standing against him.""

cancel ×

396 comments

Sorry! There are no comments related to the filter you selected.

He won't fix it? (5, Insightful)

Morgahastu (522162) | more than 9 years ago | (#12565292)

Then somebody else will.

Re:He won't fix it? (2, Insightful)

lintux (125434) | more than 9 years ago | (#12565303)

And how is that somebody else going to make Linus accept the patch?

Re:He won't fix it? (1, Insightful)

astro_ripper (884636) | more than 9 years ago | (#12565316)

Just because Linus doesn't think it's a major issue doesn't mean he won't accept a patch to fix it.

Re:He won't fix it? (1)

solafide (845228) | more than 9 years ago | (#12565326)

They won't. It'll just be a addon that every distro uses and advertises. Eventually, it'll be such a selling point of those that do use it that it will not be a vurnurability anymore.

Re:He won't fix it? (0)

Anonymous Coward | more than 9 years ago | (#12565327)

Why is Linus accepting a patch important? End-users use distributions. Distributions don't simply take whatever Linus blesses. They can and do incorporate their own stuff into the kernel. Even if Linus refused to apply a patch to fix this (and why would he?), the distributions would still apply it and the users wouldn't be any worse off.

This is how open-source works.

Re:He won't fix it? (4, Interesting)

Jugalator (259273) | more than 9 years ago | (#12565387)

Why wouldn't he?

He doesn't say "I don't want a fix for this anywhere in the kernel" anywhere. Just that he doesn't think it's a very critical issue.

If someone else does the patch for him, why wouldn't he accept it?

Re:He won't fix it? (5, Funny)

untouchable (615727) | more than 9 years ago | (#12565304)

Fix what?

If I remember correctly, there hasn't been a shown exploit for this yet. It's better to wait and see before fixing something that may not matter later.

Re:He won't fix it? (3, Insightful)

Niekie (884742) | more than 9 years ago | (#12565354)

And it might be best to start researching it as soon as possible before it will be massively exploited by someone who just found out how it works..

Re:He won't fix it? (5, Insightful)

CaymanIslandCarpedie (868408) | more than 9 years ago | (#12565364)

Oh come on man, don't be that guy ;-)

So MS$ shouldn't fix problems in IE until an exploit has been shown for it?

It's better to wait and see before fixing something that may not matter later.

Its better to just fix it and be safe than wait and see if something happens later. It may not be top priority, but remember this "wait and see" approach to security is exactly what got MS$ into so much trouble with users. We don't need the same for Linux.

Re:He won't fix it? (1, Insightful)

untouchable (615727) | more than 9 years ago | (#12565554)

I'm sorry. I don't know who modded me funny, but I wasn't actually trying to be funny.

From the little bit I understand from the paper (which, when this story was first posted on Slashdot May 13th, wasn't publicly available), it's an extremely low level attack that depends on certain process switching back and forth, without emptying cache. (I think that's the base of it.)

From what I've learned in software writing, is that it's preferrable to wait and see how much and how bad your software runs or has problems before you start charging into the situation to fix it. Especially something as low level as this, which could have unseen side effects. Especially since this (to me, at least) seems to be more of a hardware problem than software, per se. (But, of course, I could be wrong.)

Its better to just fix it and be safe than wait and see if something happens later.

I would think that would only be adviseable only if you (internally) found the bug/security problem. I would put up a notice saying I've heard of this situation, and maybe even come up with an idea for the fix, but definitely wouldn't implement it until I could prove or see proof that said problem exists.


p.s. Microsoft's reaction is slightly different than what you describe. Microsoft didn't seem to care about bug fixes to IE, period, only fixing them when the griping got too loud and the public started paying more attention to Firefox. There was no motivation to fix IE, not just a 'wait and see' type attitude.

Re:He won't fix it? (5, Funny)

Threni (635302) | more than 9 years ago | (#12565415)

That reminds me of the joke about programmers being in a car, steaming downhill with failed brakes, narrowly avoiding death, then once the car has come to a standstill suggesting that instead of seeing what went wrong they just get back in the car and `see if it happens again`.

Re:He won't fix it? (0)

Anonymous Coward | more than 9 years ago | (#12565542)

Fix what?

If I remember correctly, there hasn't been a shown exploit for this yet. It's better to wait and see before fixing something that may not matter later.


Are you stupid? You don't wait for an exploit BEFORE you start to fix the problem.

That's like knowing your front door lock is broke and waiting for someone to break in before you fix it...retard

Re:He won't fix it? (1)

Ritz_Just_Ritz (883997) | more than 9 years ago | (#12565314)

If somebody else fixes it (which probably won't be long), Linux still has to agree to make it part of the latest/greatest kernel. I'm not really agreeing with his childish "dictator" accusation, but he does have a point. Linus can be dismissive of patches when it's not something of interest to him or is esoteric enough that he can't (or won't...or doesn't have time to) wrap his brain around it. Not a criticism, mind you...just an observation. Cheers,

Re:He won't fix it? (1)

squiggleslash (241428) | more than 9 years ago | (#12565664)

There's no childish "dictator" accusation in the post, just a lot of Slashdotters who are a little new and unaware of standard terminology within the FOSS crowds. I've posted an explanation here [slashdot.org] .

I have one minute to kill before Slashdot will let me post again, so let me add this: these kinds of issues come up a lot these days with old arguments being retread as if for the first time, with a large number of people not understanding basic stuff that's not meant the way it's intended. In some ways, this is a great thing - it suggests that the Free Software and Open Source movements are attracting large numbers of new followers, who see the advantages of code they can change and use to help others. Unwitting flamewars aside, let's hope this continues. It's a shame we can't really give out a "Read this before you start on FOSS" document that explains all of this, as I doubt anyone would read it, and I doubt it'd cover even 1% of what needs to be commented upon.

Re:He won't fix it? (0)

Anonymous Coward | more than 9 years ago | (#12565315)

Er, no. It's Linux and the kernel is Linus's baby. He decides what to do with it. If others were to "fix" it, they would be working on a copy, and they would be starting an entirely new fork altogether. I, for one, certainly don't want that to happen.

Re:He won't fix it? (2, Insightful)

ssj_195 (827847) | more than 9 years ago | (#12565374)

If others were to "fix" it, they would be working on a copy, and they would be starting an entirely new fork altogether. I, for one, certainly don't want that to happen.
I think pretty much every distro in existence maintains its own patchset for the vanilla kernel (effectively maintain their own "fork", I guess), and it is not causing any problems. In brief, if Linus does not accept a useful patch (or essential!), the distros will, and so this "forking", if you can really call it that, will have no negative effect on the end-user.

Re:He won't fix it? (0)

Anonymous Coward | more than 9 years ago | (#12565317)

exactly what i said on kernel trap

Critical Thinking (1)

mfh (56) | more than 9 years ago | (#12565325)

Linux really suffers from having a single dictator in charge

Critical to the Open Source model is agility, and it's why Windows is at a strong disadvantage to Linux -- they can't have the same agility as we do.

There isn't a single dictator in charge of Linux, only a media figurehead. Try telling that to the media, who can't yet comprehend our multidimensional, fractal, Open, Source, methodology.

Re:Critical Thinking (0)

Anonymous Coward | more than 9 years ago | (#12565378)

mutlidelusional, fratricidal, Open Sores, mediocracy??

I was getting a buzz from all those buzz words....

Not Accurate (1)

mfh (56) | more than 9 years ago | (#12565429)

I was getting a buzz from all those buzz words....

I'd like to address this directly because I find it funny that AC would suggest open source was anything but a multidimensional methodology. Clearly you have no understanding of the subject matter, buzz words or not.

Re:Not Accurate (1)

smitty_one_each (243267) | more than 9 years ago | (#12565497)

I like the phrase: "I feel your research into the subject may be incomplete".

Re:He won't fix it? (5, Interesting)

Vo0k (760020) | more than 9 years ago | (#12565334)

Actually, my bet is it will be fixed in the new CPU revision, by Intel. And eventually Kernel fix dug into the config somewhere next to other "bugfix/support" entries, with note like "Early multithreading Intel Pentium 4 CPUs have a vulnerablity that allows to override privledges of a process. This entry includes a patch for this bug at cost of increasing the kernel size by 32K and slightly slowing it down. If you have an early Pentium 4 processor and run a multi-user system, say Y. If you don't or aren't sure, say N."

Re:He won't fix it? (0)

Anonymous Coward | more than 9 years ago | (#12565351)

This sentence no verb.

Re:He won't fix it? (-1, Troll)

magefile (776388) | more than 9 years ago | (#12565452)

Parent post [is] ass.

Re:He won't fix it? (0)

Anonymous Coward | more than 9 years ago | (#12565703)

you would think this could be done via the bios (upgrade)

Re:He won't fix it? (1)

gl4ss (559668) | more than 9 years ago | (#12565356)

ok..
now..
what are the real threats from the vulnurability?

the author of the paper seems to see there to be some crapload of problems from this, yet I don't quite see it so(the attack route being quite far fetched imho). so much that a lot of other people probably saw this same 'problem' earlier as well but didn't really think of it as anything.

AND

is it something that can be done something to in the kernel and not in the suppoesdly vulnurable openssl? like, it is a 'feature' rather than a bug.

Re:He won't fix it? (2, Insightful)

A beautiful mind (821714) | more than 9 years ago | (#12565409)

There is nothing to fix there, most of the coders agreed!

Some people are just keep pushing their flawed agendas.

Disclaimer: i did read the whole thread.

Re:He won't fix it? (2, Insightful)

ysachlandil (220615) | more than 9 years ago | (#12565457)

And how will they fix this?

The only fix that kinda works is disabling hyperthreading. But on a dual core processor the problem is there as well (if there is a shared cache somewhere). And switching of the second core because of that would be stupid.

The problem Colin points out (getting an RSA key) is a userland problem anyway, so there is nothing to fix for Linus... fixing cache eviction covert channels in the kernel is possible, but not without losing a lot of performance.

--Blerik

Re: He won't fix it... (1)

greenlava (879054) | more than 9 years ago | (#12565298)

Well Played

Dictator? (0)

Anonymous Coward | more than 9 years ago | (#12565301)

Dictator? Yeah, right.

Re:Dictator? (0, Offtopic)

shreevatsa (845645) | more than 9 years ago | (#12565338)

I can imagine Microsoft's campaign against Linux: "Would you want to use an operating system written by a dictator?

Re:Dictator? (4, Funny)

Megor1 (621918) | more than 9 years ago | (#12565381)

Now that I think of it I've never seen Castro and Linus in the same room....and Linus always seems to be smoking fine cigars...and open source software is practically communism anyway...it all makes sense now!

Dictator? (5, Insightful)

BBrown (70466) | more than 9 years ago | (#12565319)

A dictator who has made his domain open-source, thereby giving everybody free reign to change and make distinct copies of it?

Come on.

Re:Dictator? (1)

Alibloke (838866) | more than 9 years ago | (#12565331)

I agree, a centrally controlled domain does not have to be controlled by a dictator.

Re:Dictator? (5, Funny)

Tjebbe (36955) | more than 9 years ago | (#12565353)

or, to put it in Pratchett's words:

He doesn't administer a reign of terror, just the occasional light shower.

Re:Dictator? (1)

bsquizzato (413710) | more than 9 years ago | (#12565372)

Don't be so literal about it all, we should all be able to tell that he's simply referring to Linus' full control over the development of the project. A dictator is defined as "An absolute ruler."

You're placing a stereotype on the word by thinking that just because someone has absolute rule they can't be fair with it.

Re:Dictator? (1)

grasshoppa (657393) | more than 9 years ago | (#12565593)

But..but..he doesn't *have* full control over development. People can fork off at any time; that's not control. He steers his branch where he wants, and people build on top of that; that's not complete control either.

As much as I hate to say it, the truth of the matter is this: Linux essentially belongs to everyone in that we can all make our own forks if we feel it necessary. Linus simply directs the pack of juiced up monkeys in the development, but if enough people lost faith in him, a new fork would be started.

Re:Dictator? (5, Informative)

squiggleslash (241428) | more than 9 years ago | (#12565491)

The guy was refering to the oft-quoted observation that Linus is a "benevolent dictator [wikipedia.org] ", or rather than Linux's development model is one of benevolent dictatorship. It wasn't an insult aimed at Torvalds. It's a comment about the development model used by many FOSS projects. See also Larry Wall and Perl, or Guido Van Rossem and Python. In all these cases contributors to the projects defer to a project figurehead who makes the final decisions as to what goes into the official version of the project, and where that project goes.

The most common alternative model is community development, where a - usually but not always elected - committee of developer 'elders' steer the project. Apache and Mozilla would be good examples of the latter.

I appreciate some people have heard about this comment first today, people are joining the Free Software and Open Source communities all the time, but it kind of surprises me that so many are criticising Colin for this without anyone explaining this.

Single Dictator? (3, Insightful)

Anonymous Coward | more than 9 years ago | (#12565330)

If Linus decides that he does not want to bump its priority up, someone else can fix it. Thats what fellow kernel developers do.

If Microtoft decides not to fix it, then no one else can.

so which one is a single dicatorship?

Re:Single Dictator? (2, Interesting)

bloodbob (584601) | more than 9 years ago | (#12565350)

Linux developers can fix it but the fixes won't go in linus says what goes in and what doesn't.

Re:Single Dictator? (2, Informative)

MoonFog (586818) | more than 9 years ago | (#12565397)

Most distros have tweaked the kernels to suit their needs anyway, nothing stops them from implementing this in their own kernel version.

Re:Single Dictator? (0)

Anonymous Coward | more than 9 years ago | (#12565420)

Who cares? Hardly any end-users end up with the vanilla kernel anyway. The fact that your misguided "rebuttal" got modded up while the original post was left alone makes me weep.

In the vanilla tree yes (1)

gilesjuk (604902) | more than 9 years ago | (#12565477)

Yes Linus decides what goes in the vanilla Linux tree, but how many distros use that? they all patch their kernels with enhancements.

single dictator (0)

Anonymous Coward | more than 9 years ago | (#12565337)

The solution just presented itself! Multiple dictators for everyone! Oh what fun!

bad tactics from Colin Percival (3, Insightful)

Anonymous Coward | more than 9 years ago | (#12565347)

The answer to Linus' assertion that "I'd be really surprised if somebody is actually able to get a real-world attack on a real-world pgp key usage or similar out of it" is not to say "Well we all think its bad", but to produce a proof-of-concept exploit.

If he and "all the world's cryptographers" can't do that, then Linus' pragmatism beats the cryptographers paranoia (their defining quality, in my experience) into a cocked hat.

If an exploit can't actually be exploited, it's not and exploit.

Re:bad tactics from Colin Percival (1)

Trigun (685027) | more than 9 years ago | (#12565464)

Somehow I doubt that there will ever be a fully reproducable exploit on this, unless it is under extremely controlled conditions that would not occur in a production environment. That being said, the flaw exists, and should be removed. If the distro vendors want to get security ratings for their product, then they should give some spare cycles for it. Why is it up to Linus?

OK Colin, Well done (4, Insightful)

Timesprout (579035) | more than 9 years ago | (#12565352)

you found an obscure and difficult to exploit vulnerability. Now quit trying to make out the world is doomed and trolling on Linus to keep the spotlight on youself.

Re:OK Colin, Well done (2, Insightful)

MoonFog (586818) | more than 9 years ago | (#12565414)

I wonder what people would say if this was about Microsoft and not Linux? You think Slashdot would talk about it in the same way?

Re:OK Colin, Well done (4, Insightful)

TuringTest (533084) | more than 9 years ago | (#12565451)

If this was about Microsoft and Bill refused to fix the vulnerability, nobody else could write a patch for the sources to solve the problem. See the difference?

Re:OK Colin, Well done (1)

MoonFog (586818) | more than 9 years ago | (#12565465)

Off course I see your point, but Mr. Percival is critising Linus Torvalds for personally not caring about the problem, not that the problem won't be fixed at all.

Re:OK Colin, Well done (2, Interesting)

maxwell demon (590494) | more than 9 years ago | (#12565495)

Of course. Except that the roles would be taken by other people: The Linux zealots would play the "it's a major security problem" role, while the MS zealots would play the "there's no real exploit here" role.

Except that for MS problems you'd probably not actually hear about it unless an exploit has been found (MS would of course keep quiet about it, and others would probably not find out other than by creating an exploit).

However, IANASE

Linus the great Dictator (2, Insightful)

tronicum (617382) | more than 9 years ago | (#12565360)

Just because Linus does not share the same opinion on the importance of this issue this does not mean that he is an dictator.

Colin needs to cool down a bit. At least the Linux distros (SuSE, Red Hat, etc are the ones which will get a problem from affected systems) are going to get patches for it. From Linus or any other Kernel developer.

Re:Linus the great Dictator (1)

squiggleslash (241428) | more than 9 years ago | (#12565569)

Here's [slashdot.org] the explanation of that comment. He's not accusing Linus of being an evil torturing Saddam-wannabee, he's refering to the development model of Linux.

Open Source, YOU win! (2, Informative)

xiando (770382) | more than 9 years ago | (#12565367)

Linux is Open Source. So it does not matter what the dictator thinks. Because even if he is, like Colin childishly claims, a dictator, he does not have any real power over Linux users. There are, in fact, dozens of flavors of Linux kernels available on the market. And almost none of the major distributions today use the stock vanilla kernel, most of them ship with kernels who include numerous patches who are not part of the vanilla kernel. If Linus does not make a patch, someone else will. And chances are high the patches will be taken into the vanilla kernel. But even if such patches are not accepted into the vanilla kernel tree, they can still be applied to it. This is why Open Source wins. We have the source, the source is with us - And we are free to do what ever we like with it. I can apply a secure patch if one comes available regardless of what the dictator thinks of that, and that is obviously why it is totally wrong to call a person who is kind enough to use hours and hours of his time to develop something that greatly benefits mankind a dictator.

Linus and RMS (3, Funny)

uchi (534979) | more than 9 years ago | (#12565368)

If Linus is the dictator, does that make RMS the court jester? On second thought, do dictators even have jesters? This does not look good for RMS.

Re:Linus and RMS (0)

Anonymous Coward | more than 9 years ago | (#12565437)

If Linus is the dictator, does that make RMS the court jester? On second thought, do dictators even have jesters? This does not look good for RMS.

no not Jester..... GNU/Jester

I know, I know, trolling, but I actually agree with RMS though, it's a GNU system with a linux kernel. Don't undervalue the work of people who release their code GPL for any compatible unix system, in fact, most of "linux" isn't the kernel, so yeah, I run a GNU OS with a linux kernel.

Re:Linus and RMS (0)

Anonymous Coward | more than 9 years ago | (#12565538)

Thanks for sharing.

Re:Linus and RMS (0)

Anonymous Coward | more than 9 years ago | (#12565445)

He is R2D2 to Linus's Luke Skywalker ;)

Re:Linus and RMS (4, Interesting)

daigu (111684) | more than 9 years ago | (#12565621)

RMS is more like the tribal elder reminding you of your ideals - especially during those times when you consider putting them aside because they seem impossible to live up to.

but... but... but... (4, Funny)

databyss (586137) | more than 9 years ago | (#12565369)

The all powerful Dvorak said linux had no leaders...

Re:but... but... but... (3, Funny)

saintp (595331) | more than 9 years ago | (#12565545)

There's only one way to find the truth: cage match between Dvorak and Percival. Whoever comes out alive wins.

Re:but... but... but... (0)

Anonymous Coward | more than 9 years ago | (#12565627)

The men enter, one man leaves. Then later the other man leaves after being declared the winner.

Re:but... but... but... (1)

Timesprout (579035) | more than 9 years ago | (#12565560)

You need to stop listening to your keyboard man.

Re:but... but... but... (2, Funny)

Couldn'tCareLess (818316) | more than 9 years ago | (#12565679)

You have a keyboard man? Where do you keep him? What does he eat?

I want a keyboard man!

Micro-Managing Minutiae Mayhem (3, Funny)

mathmatt (851301) | more than 9 years ago | (#12565383)

when Linus doesn't understand a problem, he won't fix it

This is interesting logic: The idea that the creator of an organization must understand minutiae and micro-manage everything that the organization does.

Interesting indeed...too bad it's fallacious. (Although it might explain what is taking Longhorn so long to come out - I can see Bill Gates searching Google for whitepapers on file systems, search algorithms, GUI's, etc.)

Re:Micro-Managing Minutiae Mayhem (2, Funny)

mwvdlee (775178) | more than 9 years ago | (#12565552)

No, that still wouldn't explain it. Bill gates searching MSN for the info would!

At least Linus.... (2, Informative)

MarkEst1973 (769601) | more than 9 years ago | (#12565388)

...has a job. Naturally this guy would disagree with Linus. He's got nothing else to do. I, too, would strongly disagree if someone casually dismissed the past three months of my life.

From the original article [daemonology.net]

  • Where do you work? I'm unemployed. For the past three months, I've spent almost all of my time working on this security flaw -- investigating how serious it was, contacting all of the affected vendors, explaining how this should be fixed, et cetera. I simply haven't had time to go out and get a job -- and I decided that making sure that this issue was properly reported and fixed was far more important than earning some money.

Re:At least Linus.... (0)

Anonymous Coward | more than 9 years ago | (#12565517)

How is this troll considered "informative"? The fanboys on this site are truly staggering.

Re:At least Linus.... (4, Insightful)

mattgreen (701203) | more than 9 years ago | (#12565528)

Nice ad hominem attack. Attack the argument, not the person.

Re:At least Linus.... (1, Insightful)

A beautiful mind (821714) | more than 9 years ago | (#12565549)

It would be only ad hominem if his status would be in no relation to the issue at hand, but in this case, his "obsession" is important.

Re:At least Linus.... (1)

mwvdlee (775178) | more than 9 years ago | (#12565592)

It's still not a valid argument.
It does go a long way to show the implied argument that the topic is important because the person is "obesssing" about it, is invalid too.
But I guess that wasn't the point of the interview quote in the first place.

Re:At least Linus.... (1)

squiggleslash (241428) | more than 9 years ago | (#12565622)

I disagree. What matters is whether this actually is an exploitable vulnerability. Whether it is or not has nothing to do with whether he's a Nobel Prize winning mathematician [snopes.com] or a certified lunatic in a home.

BTW, I think it's exceedingly ironic that someone criticising someone's grasp of mathematics on the basis of an accusation that they're mentally a little off-the-wall should have the Slashdot nick "A Beautiful Mind [imdb.com] "...

Re:At least Linus.... (1)

A beautiful mind (821714) | more than 9 years ago | (#12565691)

There is no such exploitable vulnerability, most of the people on LKML can tell you that, and they certainly wouldn't fix it inside kernelspace would there be one. The fact that the guy STILL holds on to the issue was explained by the top poster.

In your last paragraph you clearly demonstrated what is an ad hominem attack, and what is the difference between the top post and your post.

Btw, where did you hear about mathematics in relation to the issue? Because the whole issue is about coding and hardware design.

Re:At least Linus.... (0)

Anonymous Coward | more than 9 years ago | (#12565551)

You have that backwards; Ad Hominem means attacking the person and not addressing the argument.

Re:At least Linus.... (0)

Anonymous Coward | more than 9 years ago | (#12565596)

You have his intentions backwards. His second statement was intended as a command, not a definition of Ad Hominem.

Re:At least Linus.... (1)

GoofyBoy (44399) | more than 9 years ago | (#12565720)

Isn't this exactly what OpenSource/Linux/FSF wants? A bunch of dedicated people with too much time on their hands who will obsess over things important to them?

I really fail to see what having a job makes you more qualified or not. Would you listen to him more if he had a job at McDonalds?

Let the arguments/logic sort themselves out, and not the person/politics.

Fixing is easier said than done (5, Insightful)

Xpilot (117961) | more than 9 years ago | (#12565390)

The kernel developers don't seem to agree on the right way to fix this, whether at the kernel level or in userspace [lkml.org] . However, it may affect the performance of the kernel if it's done in kernelspace, and it is impractical to have everyone rewrite their userland software, as someone else pointed out [lkml.org] . The "patch" which is available [freebsd.org] for FreeBSD to fix this problem only disables hyperthreading [lkml.org] and does not provide a real fix.

I'M AN OPEN PROXY, BAN ME! (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12565398)

This message is posted from an open proxy. Open proxies are used to crapflood sites like Slashdot. Please mod this comment down so the proxy gets banned. If you don't care about open proxies, please mod this comment down because it's offensive to NIGGERS and KIKES.
iji iji iji iji iji iji jtiji iji iji iji iji iji
iji iji iji iji iji ijjDMNQtiji iji iji iji iji ij
iji iji iji iji iji cXMNMNMNQjiji iji iji iji iji
iji iji iji iji ijcSMNMNMNMNHJiji iji iji ij iji ij
iji iji iji iji iSWMNMNMNMHJiji iji iji ij iji iji
iji iji iji iji6WMNMNMNMNYiji iji Jciji iji iji ij
iji iji iji i5WMNMNMNMN5iji iji JHMNSc iji iji iji
iji iji iji5NMNMNMNMW5iji iji JHMNMN MWSiji iji iji
iji iji ijcXMNMNMNMNNYiji ijtKMNMN MNMNMW6iji iji i
iji iji iji jDMNMNMNMNHJijtQMNMN MNMNMNMNMW5iji iji
iji itciji iji QMNMNMNMNKDMNMN MNMNQWMNMNMNMN5iji i
ijitKMWSiji iji jQMNSIEGMNMN MNMNQtijSWMNMNMNMNYiji
itQMNMNMW6iji iji tKMNMNMN MNMNKtiji icSMNMNMNMNHJi
iJHMNHEILMW6iji ijcSMNMN MNMNMNDjiji ijicXMNMNMNN5i
ijiYNMNMNMNMN5ijiSWMNM MNMNMNMNMNDciji ijicDMNW6iji
iji i5NMNMNMNMNSWMNM MNMNHNMNMNMNMNXciji iji 5iji i
iji iji5WMNMNMNMNM MNMNN5ij5NMNMNMNMNSciji iji iji
iji iji i6WMNMNM MNMNW5iji ij6WMHEILNMWSiji iji iji
iji iji ijiSWM MNMNW6iji iji tKMNMNMNMNXciji iji ij
iji iji iji cSMNWSiji iji tQMNMNMNMNDjiji iji iji
iji iji ij iji c6ciji iji QMNMNMNMNQjiji iji iji ij
iji iji iji iji iji ijjDMHITLERNQtiji iji iji iji
iji ij iji iji iji ijcXMNMNMNMNKtiji iji iji iji ij
iji iji iji iji iji jQMNMNMNHJiji iji iji iji iji
ij iji iji iji iji iji tKMNHJiji iji iji iji iji ij
iji iji iji iji iji iji tYiji iji iji iji iji ij ij



Wed May 18 14:35:39 CEST 2005 [9619]

Is Linus getting old?? (0, Troll)

xtracto (837672) | more than 9 years ago | (#12565408)

First the Bitkeeper Tridgell accusations, and now this comments with a flavor of "no, it can not be better"... I guess Mr. Trovalds is entering the age where the ideas and innovation are not emerging, sad for this but, I guess we will start to see these kind of comments and actions from the Linux founder...

I'M AN OPEN PROXY, BAN ME! (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12565410)

This message is posted from an open proxy. Open proxies are used to crapflood sites like Slashdot. Please mod this comment down so the proxy gets banned. If you don't care about open proxies, please mod this comment down because it's offensive to NIGGERS and KIKES.
iji iji iji iji iji iji jtiji iji iji iji iji iji
iji iji iji iji iji ijjDMNQtiji iji iji iji iji ij
iji iji iji iji iji cXMNMNMNQjiji iji iji iji iji
iji iji iji iji ijcSMNMNMNMNHJiji iji iji ij iji ij
iji iji iji iji iSWMNMNMNMHJiji iji iji ij iji iji
iji iji iji iji6WMNMNMNMNYiji iji Jciji iji iji ij
iji iji iji i5WMNMNMNMN5iji iji JHMNSc iji iji iji
iji iji iji5NMNMNMNMW5iji iji JHMNMN MWSiji iji iji
iji iji ijcXMNMNMNMNNYiji ijtKMNMN MNMNMW6iji iji i
iji iji iji jDMNMNMNMNHJijtQMNMN MNMNMNMNMW5iji iji
iji itciji iji QMNMNMNMNKDMNMN MNMNQWMNMNMNMN5iji i
ijitKMWSiji iji jQMNSIEGMNMN MNMNQtijSWMNMNMNMNYiji
itQMNMNMW6iji iji tKMNMNMN MNMNKtiji icSMNMNMNMNHJi
iJHMNHEILMW6iji ijcSMNMN MNMNMNDjiji ijicXMNMNMNN5i
ijiYNMNMNMNMN5ijiSWMNM MNMNMNMNMNDciji ijicDMNW6iji
iji i5NMNMNMNMNSWMNM MNMNHNMNMNMNMNXciji iji 5iji i
iji iji5WMNMNMNMNM MNMNN5ij5NMNMNMNMNSciji iji iji
iji iji i6WMNMNM MNMNW5iji ij6WMHEILNMWSiji iji iji
iji iji ijiSWM MNMNW6iji iji tKMNMNMNMNXciji iji ij
iji iji iji cSMNWSiji iji tQMNMNMNMNDjiji iji iji
iji iji ij iji c6ciji iji QMNMNMNMNQjiji iji iji ij
iji iji iji iji iji ijjDMHITLERNQtiji iji iji iji
iji ij iji iji iji ijcXMNMNMNMNKtiji iji iji iji ij
iji iji iji iji iji jQMNMNMNHJiji iji iji iji iji
ij iji iji iji iji iji tKMNHJiji iji iji iji iji ij
iji iji iji iji iji iji tYiji iji iji iji iji ij ij



Wed May 18 14:37:09 CEST 2005 [1899]

I'M AN OPEN PROXY, BAN ME! (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#12565419)

This message is posted from an open proxy. Open proxies are used to crapflood sites like Slashdot. Please mod this comment down so the proxy gets banned. If you don't care about open proxies, please mod this comment down because it's offensive to NIGGERS and KIKES.
iji iji iji iji iji iji jtiji iji iji iji iji iji
iji iji iji iji iji ijjDMNQtiji iji iji iji iji ij
iji iji iji iji iji cXMNMNMNQjiji iji iji iji iji
iji iji iji iji ijcSMNMNMNMNHJiji iji iji ij iji ij
iji iji iji iji iSWMNMNMNMHJiji iji iji ij iji iji
iji iji iji iji6WMNMNMNMNYiji iji Jciji iji iji ij
iji iji iji i5WMNMNMNMN5iji iji JHMNSc iji iji iji
iji iji iji5NMNMNMNMW5iji iji JHMNMN MWSiji iji iji
iji iji ijcXMNMNMNMNNYiji ijtKMNMN MNMNMW6iji iji i
iji iji iji jDMNMNMNMNHJijtQMNMN MNMNMNMNMW5iji iji
iji itciji iji QMNMNMNMNKDMNMN MNMNQWMNMNMNMN5iji i
ijitKMWSiji iji jQMNSIEGMNMN MNMNQtijSWMNMNMNMNYiji
itQMNMNMW6iji iji tKMNMNMN MNMNKtiji icSMNMNMNMNHJi
iJHMNHEILMW6iji ijcSMNMN MNMNMNDjiji ijicXMNMNMNN5i
ijiYNMNMNMNMN5ijiSWMNM MNMNMNMNMNDciji ijicDMNW6iji
iji i5NMNMNMNMNSWMNM MNMNHNMNMNMNMNXciji iji 5iji i
iji iji5WMNMNMNMNM MNMNN5ij5NMNMNMNMNSciji iji iji
iji iji i6WMNMNM MNMNW5iji ij6WMHEILNMWSiji iji iji
iji iji ijiSWM MNMNW6iji iji tKMNMNMNMNXciji iji ij
iji iji iji cSMNWSiji iji tQMNMNMNMNDjiji iji iji
iji iji ij iji c6ciji iji QMNMNMNMNQjiji iji iji ij
iji iji iji iji iji ijjDMHITLERNQtiji iji iji iji
iji ij iji iji iji ijcXMNMNMNMNKtiji iji iji iji ij
iji iji iji iji iji jQMNMNMNHJiji iji iji iji iji
ij iji iji iji iji iji tKMNHJiji iji iji iji iji ij
iji iji iji iji iji iji tYiji iji iji iji iji ij ij



Wed May 18 14:37:10 CEST 2005 [2715]

Paper author just wants attention. (3, Informative)

tezza (539307) | more than 9 years ago | (#12565424)

"even if all the cryptographers in the world are standing against him.""

All said cyrptographers should buy a non hyperthreaded cpu, or turn it off.

I mean if you use GPG [gnupg.org] on most machines, it will issue you a warning about Insecure Memory. That is someone could potentially harvest data from disused pages in memory.
These cryptographers would use a secure memory system. I'm happy hoping that MI6 isn't running a remote memory exploit on my box.

Re:Paper author just wants attention. (2, Informative)

Anonymous Coward | more than 9 years ago | (#12565651)

The insecure memory warning is because GPG doesn't have enough privileges to allocate memory securely. It needs to be suid to work properly. It has nothing to do with a special type of memory for your computer.

Re:Paper author just wants attention. (1)

tezza (539307) | more than 9 years ago | (#12565698)

1. What if your admin doesn't allow SUID GPG on that machine?
2. What if your kernel doen't support secure memory.?? Say an earlier kernel.

The crypto-fascists [always wanted an excuse to use that Red Dwarf phrase] would know to await an admin or kernel that did.

This isn't just about stealing crypto keys. (1)

bani (467531) | more than 9 years ago | (#12565446)

By being able to reasonably guess what another program is doing, you can design attacks around it. You dont have to target stuff as specific as crypto keys.

Stuff like timing attacks. A timing attack that might have been difficult or impossible before, may be possible or trivial now.

No crypto involved.

welcome to open source! (1)

Lord Bitman (95493) | more than 9 years ago | (#12565462)

Linus doesnt actually sit there writing the entire kernel. It is impossible to have a "dictator" in an open source program. If Linus doesnt get it, someone else who gets it can fix it and it will be fixed.

This sort of attitude is pretty common (5, Insightful)

Raleel (30913) | more than 9 years ago | (#12565480)

It's along the same lines of the "if all you got is a hammer" problem. If you've spent a lot of time working on something, it's obviously important to you. That doesn't mean that it's important to everyone else. This may well be a significant flaw from the crytographer's perspective, but then again, they study crypto a lot and have a vested interest in it.

As someone pointed out, yay for linux being free. As one or two above pointed out, someone who does care with the knowledge will write a patch. It'll get implemented as an option in the code, and if shown to be unobtrusive enough, may even get turned on by default.

Re:This...attitude is pretty common - Thankfully! (1)

toby (759) | more than 9 years ago | (#12565597)

they study crypto a lot and have a vested interest in it

From this it should follow that we listen to them, not that we dismiss what they say!

I'm glad that the construction engineers who design the bridges we ride over "study [bridges] a lot", and aviation engineers who designed the plane I am about to ride on "study [planes] a lot" and you bet they "have a vested interest" in safety.

Praise the experts who "study a lot", for without them, we'd all be dead. :-)

And I thought lots of people wrote Linux (1)

rescendent (870007) | more than 9 years ago | (#12565481)

Now that I know Linus wrote all of it and fixes all of it I'm well impressed!

Look, this is like the Java argument (0, Flamebait)

deanj (519759) | more than 9 years ago | (#12565514)

The solution for this is just like the "Java should be open source" argument that people always float. "If Java were open source, we could do a fork and fix what's wrong with it".

If you don't like what's going on with the project, do a fork of it, and fix it.

At least, that's how the argument goes when people are talking about Java. Since this is the Linux kernel, people seem to be a bit unwilling to do the same thing.

It's long since time that there be splits in the kernel. This whole thing with SMP is going to turn around and bite Linux if something isn't done about it soon. Other operating systems are prepared (or are preparing), why should Linux be so far behind?

And don't make the argument that Linux isn't really that far behind. It is. If Linus had started the work several years ago, it wouldn't be as big of a problem. The trouble is Linus doesn't want it mucking up the kernel, or making it harder for other people to code for it.

Well, doing the work to get multiple processes in kernel context (not just two or three, I mean a LOT of processes) IS hard, and it will be difficult for people to program under the new kernel rules.

It doesn't mean the results aren't worth it though.

Another Fairy Tale... (4, Insightful)

ausoleil (322752) | more than 9 years ago | (#12565522)

In layman's terms, this debate is:

Scene: A wispy cloud scuds across the sunny blue sky. Not much happening, and the cloud is hardly even black.

Chicken Little: The sky is falling! The Sky is falling!

The Penguin DictatorNo, not really. It might fall, but it's very, very unlikely. So calm down!

Chicken Little: I strongly disagree. The sky is falling! And because you do not understand the problem we're all going to die!

The Penguin Dictator:Listen here. It's almost certainly not going to fall, and I need to worry about real problems!

Chicken Little: (Runs screaming to the nearest coffeehouse with free wireless, where he types incessently:) The sky is falling! The Sky is falling! Tell Slashdot! Tell Tom's Hardware! Tell Cnet! Tell Linux Business News!

The Penguin Dictator: Sigh. (And then he gets back to work. He looks up at the audience) They just do not get it, do they?

The Windows Dark Lord: (Rubs hands together) Excellent, MOST excellent. (Yelling) Bring me my marketing minion!

Marketing Minion: (being drug in by a bald guy yelling at him) Yes, O Master!?

The Windows Dark Lord:Tell all the peasants that the sky is raining huge chunks of fire and dung! Tell everyone, tell them now! And have our independent consultants work on this day and night, night and day! Make sure that they independently tell everyone that they can easily avoid falminf chunks of sky dung if they stand behind our Windows! And RAISE the price!

Some Guy At Some House In Some City Somewhere: "Wow, that was easy. Let me send this up to the Penguin Dictator. No sky ever fell, and that cloud is easily blown away. Nothing happening here, move along."

The Penguin Dictator "Well that was easy. Include this patch in the next day's weather update!" Marketing Minion: Press Release!!! Millions killed by falling flaming sky chunks of burning dung with brain eating worms who eat children!!! Run for your lives!!!!

Laura Didio, munching a do-nut"If you would hide behind Windows, the sky would stop falling! Your children would be safer and the world a better place." (looks at stoick ticker, says to self) 'Excellent. MOST excellent. Bring me a donut!'

The Penguin Dictator "Sigh. Why didn't I just keep Sky 0.7a for myself? Why the bother, wy the bother?"

EPILOGUE: No one was ever hurt by the piece of sky that never fell, and Chicken Little kept looking upward for another cloud to rant about.

The End.

Orchestra Director (1)

Tei (520358) | more than 9 years ago | (#12565533)

it is at times like this that Linux really suffers from having a single dictator in charge; when Linus doesn't understand a problem, he won't fix it, even if all the cryptographers in the world are standing against him.

Having only one point of fracture, only one right or wrong director of orchestra its not as bad as sound. Both music orchestra and army use a system where one leader and others follow. This help as you receive only one voice and clear. Even if that guidance fail, the "commander" can change the route. So its not that bad, Its work for some human areas.

Great (2, Insightful)

Mensa Babe (675349) | more than 9 years ago | (#12565540)

"it doesn't seem all that worrying in real life."

Yeah, just like a mouse driver having full access to kernel security structures and raw disk partitions, it doesn't seem all that worrying at all (except when your entire system crashes thanks to a buggy sound driver, or you get rooted, or...).

Not fixing this design mistake while laughing at respected experts in the field reminds me something [google.com] . I was hoping that we as a community might have became a little bit more mature during the last decade, but I seem to have been naïve again.

wow, a paper, no kidding (2, Funny)

l3v1 (787564) | more than 9 years ago | (#12565570)

Colin Percival, who published a recent paper on the vulnerability,

Well, it's obvious that he has to be right then, since he has published a paper on the topic, right ? Right ? Nobody else can "understand a problem", only him, since he's got a paper on it. A real paper.

All the cryptographers in the world... (2, Funny)

bmf033069 (149738) | more than 9 years ago | (#12565576)

"even if all the cryptographers in the world are standing against him"

Who would understand what they are saying anyway?

The man (2, Insightful)

Rinisari (521266) | more than 9 years ago | (#12565600)

Linus seems to be intelligent enough to understand when to undertake certain tasks. Up to now, no one knew about the vulnerability. There hasn't been solid proof of exploit released in virus form yet. All this is, as of yet, is FUD. Linus doesn't want to reshape his priorities because of newfound FUD, and he's very smart in doing this.

I'm sure that if an exploit is found, someone will have a patch ready for the next kernel revision - that's the beauty and advantage of Linux.

Perhaps crypto is not your biggest problem (1)

tezza (539307) | more than 9 years ago | (#12565605)

If you've got hackers coding exploits and targetting threads on your machine... perhaps Hyperthreading isn't your biggest problem.

Slashdotters defending Linus... (-1, Troll)

JakiChan (141719) | more than 9 years ago | (#12565607)

...news at 11!

The two main problems I have with dealing with linux in the real world are:

1) The "screaming teenager" factor where people feel linux is the answer to every question. (It's like on The Car Lounge where the answer to every "what should I buy" question is an E30.) They refuse to understand that in it's current form linux has flaws and limitations.

2) Worship of Linus. I'm sure the guys a stud and all, but if for some reason someone either doesn't patch this because Linus said they it's not necessary or if a patch has trouble being accepted for that reason, then that's just wrong.

This whole lack of a cult of personality thing is just one of the many reasons I run FreeBSD...

Re:Slashdotters defending Linus... (0)

Anonymous Coward | more than 9 years ago | (#12565704)

oh! I can't use this hammer because other people like it too much!!

They tell me how great it is and they really like it, so I can not use it!

Dictator or useless board? (1)

aliens (90441) | more than 9 years ago | (#12565705)

I might have my facts wrong but having a dictator can sometimes get useful things done when a voting board cannot. (Xfree)

And then even with a board people bitch about them too.

So how bout we just have a source tree where everyone and anyone can write to the tree and see where it takes us?

Actually that could be fun. Make it so.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?