Linux and Security

[deanwebb]

http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/

Short version: Linus Torvalds wants full speed and performance - sees security as someone else's job. Sort of like a guy that makes an amazing car, but refuses to put in seat belts or airbags - drivers should be cautious and the sides of the roads buffered with 10 meters of foam padding? Guys that propose security measures that slow Linux down get ripped a new one by Torvalds...

[Reggle]

Of all people... WTH.

[wintermute000]

Actually that's quite normal behaviour for Linus. I'd argue that without his single minded focus and take-no-crap-get-out-of-my-way attitude, the kernel would have fallen victim to all the ridiculous infighting and spinning in circles that afflicts too many open source projects.

You might not agree with his objectives but I can sort of see where he's coming from. If he'd let every tom dick and harry throw their 2c worth into the kernel it would be a bloated, buggy mess by now.

[deanwebb]

True... but, by keeping it as lean as possible, it's now highly vulnerable to kernel exploits, and that's not good. It's the performance vs. security argument, once again, and Torvalds has decided the winner for his kernel.

Which is why there are some security-based forks in the development tree. Torvalds may not care if firm A chooses Windows over Linux because of security concerns, but firm A may want to keep using *nix of some sort, because that's what they're already doing and it would be a huge cost to port things over. For the firms that make their money from supporting *nix deployments, they have to have an alternative that satisfies the increased corporate demand for security.

Some people play SimCity. Linus Torvalds wrote Linux. Neither of those parties want anyone messing around with the beautiful systems they've created.