back to article Buggy? Angry? LET IT ALL OUT says Linus Torvalds

Linux overlord Linus Torvalds has articulated views on security at Linux.conf.au, and seems to be closer to Google's way of thinking than Microsoft's. Torvalds, along with Debian luminary Bdale Garbee, Samba man Andrew Tridgell, and kernel coder Rusty Russell spent an hour answering conference attendees' questions last week. …

  1. Anonymous Coward
    Anonymous Coward

    How do you think "script kiddies" manage to hack places? using scripts. Such scripts are drawn up using all the disclosures about bugs.

    1. Magnus_Pym

      How do you think 'script kiddies' get away with it for so long

      just because you don't know about the flaw doesn't mean no-one does.

      1. admiraljkb

        Re: How do you think 'script kiddies' get away with it for so long

        >>just because you don't know about the flaw doesn't mean no-one does.

        @Magnus_Pym is quite correct. In the current era of a menagerie of criminal groups, government agencies (globally, pick a country, any country), and others like hacktivist groups, there are a LOT of flaws that are undisclosed, already found and WAITING for the right time to exploit. This isn't the good old days with a solitary kid in his basement hacking away for the lulz of it, its now serious business. Responsible/timely disclosure should be mandatory, because other people probably already know about the vulnerability and are holding the exploit for it in reserve until the "time is right".

    2. David Dawson

      No, the one does not follow the other.

      Hacking tools are built by clever devs, yes. They are sometimes picked up by script kiddies, sure. Where the vulnerability information they are based on comes from is an open question.

      There are established market places for information like this, which wouldn't be the case if it all came from public disclosure reports. It seems likely that a goodly proportion of the data publicly disclosed is actually being rediscovered by legitimate researchers, and is in use already as an attack vector.

      Publicly disclosing ASAP in those cases is essential.

      Part of the problem is that it's very often unclear when those cases are, hence some in the industry leaning towards general disclosure (as Google and Linus promote), and others leaning towards selective disclosure.

      1. Roland6 Silver badge

        >"There are established market places for information like this, which wouldn't be the case if it all came from public disclosure reports."

        I think the main effect of encouraging quicker public disclosure will be to reduce the value of a known loop hole. With companies quietly sitting on bugs, they create a blackmarket for known exploits: So if I were to discover a vulnerability, it is probably in my interest to sell it on the blackmarket and the longer the bug goes unfixed the greater (hopefully) my return.

        With public disclosure however, we significantly increase the exposure of a bug, making it much easier for "script kiddies" to hack something together "for a laugh" (remember the early PC virus's?).

        Additionally, just as we've seen with services such as Virus Central, a public list permits the holder of an exploit to firstly assess whether anyone else has discovered the exploit and secondly to track it's closure; knowing these contributed to the value and hence price placed on an exploit.

        Whilst the effects of this might be to make major companies such as MS et al. to be more pro-active on fixing bugs, I suspect a knock-on effect will be both an increase in price and a reduction in the current included service level, due to the additional costs being incurred in maintenance and support.

        So I think that we need to be sure that bugs are 'publicly' disclosed in a way that facilitates their distribution to those who wish to guard us against their exploitation and those who will ulitmately fix the bug itself, but discourages/minimises disclosure to those who wish to exploit the bug.

      2. Anonymous Coward
        Anonymous Coward

        If anyone wonders why Linux is not taken seriously in the corporate world you just need to look at the tie die T-shirt and sandal wearing proponent of the OS in this vid.

        Linux - The OS of the 1960's.

        1. Doctor Syntax Silver badge

          " look at the tie die"

          Really! Professional shills ought at least to be literate. The correct spelling is "dye".

          1. admiraljkb
            Joke

            " look at the tie die"

            >> Really! Professional shills ought at least to be literate. The correct spelling is "dye".

            It might have been "Deutchlish" - then it would translate to "tie the shirt" ? If that is the case, they might have a point. Tied shirts like those worn by Daisy Duke and other backwoods beautys would be unprofessional in the workplace. Not that I've seen a Linux using Daisy Duke in IT yet.... *sigh* hehe

    3. SolidSquid

      True, but generally either those bugs have been patched and the scripts only effect older versions, the disclosure was done on the darknet rather than publically (so the developers aren't aware of the issue) or it was disclosed to the company first then publicly and the developers have decided it was't a big enough issue to be worth patching.

      Public disclosure of a bug is a pretty small proportion of automated scripts, which tend to favour detecting and exploiting known existing bugs which just might not have had the patches installed yet and using that to get access to the server, and an internal IP for the network to access other systems (like the Sony server hacks back when Geohot was sued, the boxes used for entry hadn't been patched in years despite fixes for the bugs the hackers exploited having been released for some time)

      1. jake Silver badge

        @SolidSquid

        "on the darknet"

        There is no "darknet". That meme was generated by computer illiterate journalists. Probably after hearing about "dark fiber", which by definition isn't really important in this kind of discussion.

        1. chivo243 Silver badge

          Re: @SolidSquid

          @ Jake

          There may not be a "darknet" but there are some dark alleys of the internet I'd rather not enter...

        2. Anonymous Coward
          Anonymous Coward

          Re: @SolidSquid

          Google "goatse" and tell me there is no darknet

        3. lambda_beta
          Linux

          Re: @SolidSquid

          Illiterate journalists mean dark matter, which everone knows is the force behind skynet. Dark fiber is the outcome of brown barley consumed in enormous quantities.

        4. Tom 13

          Re: "on the darknet"

          I'd be more inclined to think it was a cyberpunk author. Given we all know what it means, it is now a good and useful word.

          1. Michael Wojcik Silver badge

            Re: "on the darknet"

            Given we all know what it means,

            The premise is false. I have no idea what "darknet" is supposed to mean, beyond "ooh, scary people have network connections".

            it is now a good and useful word.

            And even if the premise were true, I reject that enthymeme. Common meaning is not sufficient to make a word useful, except in the degenerate sense of "has some possible use". If it doesn't add some novel and productive connotation or rhetorical effect to the vocabulary, why is it useful in any practical sense?

            (In this context, "good" is meaningless, so I'll ignore it.)

            1. Daniel B.

              Re: "on the darknet"

              The premise is false. I have no idea what "darknet" is supposed to mean, beyond "ooh, scary people have network connections".

              It usually refers to hidden networks that allow connected users to remain anonymous, like Tor or Darknet (yes, there's an actual "darknet" called Darknet).

    4. Tom 7

      The best way to find flaws is to use the methods that should be used in testing in the first place: take part of an API and fire shit at it until it fails in a way you can take advantage of. Twenty years ago this was almost pointless but now you can exercise an interface with several tens of million different bits of crap in a second - a lot easier than reading the source code.

      1. Michael Wojcik Silver badge

        The best way to find flaws is to use the methods that should be used in testing in the first place: take part of an API and fire shit at it until it fails in a way you can take advantage of. Twenty years ago this was almost pointless but now you can exercise an interface with several tens of million different bits of crap in a second - a lot easier than reading the source code.

        Fuzzing and other forms of black-box testing are certainly important, but there's no justification for calling them the "best way to find flaws". That's simply wrong.

        Historically, many important vulnerabilities that were discovered by other means - whether that's reading source code, manipulating multiple documented interfaces, or whatever - could not possibly have been discovered by fuzzing, because they require manipulating multiple vulnerabilities in ways that combinatorial explosion puts far beyond the reach of (pseudo-)random brute force. Tavis Ormandy's #GP Trap Handler exploit for Windows is a good example.

        Analytically, it ought to be obvious that there can't be a "best" method of security analysis in any absolute sense, because requirements are situational. If I'm testing the part of my threat model that involves someone breaking into a data center and physically stealing drives, fuzzing APIs isn't going to do me a damn bit of good.

        Many people want to condense IT security down to some simple set of rules. Ain't gonna happen. Complicated systems are complicated.

    5. Lee D Silver badge

      If someone, anyone, a security researcher or some kid downloading something from the Internet, is able to tweak a setting and compromise a system... it DOES NOT MATTER the origin of that information. There are entire markets with 0-day flaws, there are flaws floating about IRC channels and Usenet, there are pre-built hacking tools just ready to download and craft your own version of any particular exploit.

      The fix is not to pretend the flaw doesn't exist, couldn't be found by someone else, etc. It's to patch it. As soon as you can. As well as you can. Rather than bury your head in the sand.

      And "testing" some of those patches is almost not necessary - the fixes are so simple as to be auditable quite quickly and only in very isolated components that serve one particular task.

      Take the OpenSSL flaws. Some of those were hinted at and reported. When I looked through the OpenSSL code, it was a mess, but anyone with time on their hands and reason to do so could have found those flaws YEARS ago and kept a lid on it all that time. The fix is not to then go into a 90-day hiatus and eke out every second of non-disclosure. It's to fix the problem ASAP. For 90 days, someone in Google, probably several people, has KNOWN of that flaw. It's been in a database that probably dozens of people had access to. Any compromise at Google would have given someone a 90-day window of flaw execution. Why is it that people "don't trust Google" for years but all of a sudden they expect them to hold onto such a flaw perfectly and never reveal it.

      It's a flaw. Someone knows about it. Fix it. Whether that someone is your own security team, a security researcher (of course, they are ALL trustworthy and would never sell their skills on the black market on the side....), or some kid on the Internet. Fix the damn problem.

    6. Anonymous Coward
      Anonymous Coward

      "How do you think "script kiddies" manage to hack places? using scripts. Such scripts are drawn up using all the disclosures about bugs."

      So? It's not the fault of the one who discloses the flaw.

      People seem to misunderstand the "full disclosure" concept. It does NOT mean: I find a bug, I publish it right away.

      What it actually means is: I find a bug, I inform whoever is in charge of the code, I give them a reasonable amount of time to fix it, I may even remind them after a while. If they still choose not to do anything about it, Joe Public has the right to know that the product he uses is being neglected by the people who provided it to him.

      Google's 90 days limit seems reasonable enough. Most disclosers wait even longer.

      Many reports also include a working example of how to abuse the flaw (exploit) or even an explanation or even a code example of how to fix it! If $provider chooses to ignore flaws over extended periods of time, they obviously don't give a toss. Going public is the only way to force them into doing something about it.

    7. Michael Wojcik Silver badge

      How do you think "script kiddies" manage to hack places?

      A better question is why do you think your ignorant and trivial argument is interesting?

      As Linus noted, and as I and other commentators have mentioned several times in these discussions, the question of responsible disclosure has been publicly and prominently debated for decades. What in the world would make you think that this sort of handwaving observation, even if it were true (and it is not), would be any sort of contribution?

  2. Anonymous Coward
    Anonymous Coward

    Sounds like he needs a kernel upgrade

    No need to be a dick.

    1. Anonymous Coward
      Anonymous Coward

      Re: No need to be a dick.

      But if enough people kiss your arse even when you are a dick then there's no reason to behave differently.

      Year of the linux desktop? Not while the public face of linux and the internet voices of it's devotees remain so pompous, arrogant and just downright unpleasant...

      1. Stuart 22

        Re: No need to be a dick.

        That's what you get when you leave developers in charge of development. Crisp code they can cope with, mushy people less so. Now a marketeer might be a lot more polite but ....

      2. fandom

        Re: No need to be a dick.

        "But if enough people kiss your arse even when you are a dick".

        Well, when you talk about "pompous, arrogant and just downright unpleasant" you certainly know what you are talkin about.

        1. Androgynous Cupboard Silver badge

          Re: No need to be a dick.

          Who do you want building your kernel? Someone who eats, breathes and sleeps it and will trample over anyone and anything to do so, or someone that's aware of the "wider picture", the business case for delayed releases, the internal policitcs of large organisations?

          There is room in this world for single-minded, borderline autistic obsessives - I want them building my kernels, my braking systems and my parachutes.

          1. asdf

            Re: No need to be a dick.

            >- I want them building my kernels, my braking systems and my parachutes.

            Unless they are encouraging people to cut your brake lines like Linus (half jokingly and also said something about poison in their coffee if I remember) did to the ARM SoC developers.

          2. Anonymous Coward
            Anonymous Coward

            Re: Who do you want building your kernel?

            What's with the assumption that to be any good at coding you have to be a dick? Coding skills and social skills aren't really related.

            Did it ever occur to you that his attitude might put off good engineers with valid contributions to make?

            1. Tom 13

              Re: Who do you want building your kernel?

              If you're willing to admit that coding skills and social skills are on independent axes, why do keep being a dick and insisting only people who have both can code important projects?

              I'm always amazed at how many people love Hugh Laurie in House, yet rant endlessly about such people when they are real life bosses.

        2. Anonymous Coward
          Anonymous Coward

          @Fandom: Well, when you talk about "pompous, arrogant and just downright unpleasant"...

          ... you certainly know what you are talkin about.

          I am rubber you are glue! Hey, if we're going to just so the "No, you are!" argument, let's do it properly.

          Difficult to judge my pompousness from one anonymous post though. Torvald's is all over the internet....

      3. Graham Hawkins

        Re: No need to be a dick.

        > Not while the public face of linux and the internet voices of it's devotees remain so pompous, arrogant and just downright unpleasant...

        Not, of course, a charge that can be levelled at the upper echelons of any closed-source OS companies, or their devotees.

      4. yossarianuk

        Re: No need to be a dick.

        > Not while the public face of linux and the internet voices of it's devotees remain so pompous, arrogant and just downright unpleasant...

        So Enterprise, phones, tablets, toasters, watches, fridges, cars, etc are fine with such a person.

        Why does the desktop need nice people again ?

        1. Anonymous Coward
          Anonymous Coward

          Re: No need to be a dick.

          Because many of them are done by Google who are bloody good at marketing and by saying Android are dammed good at avoiding mentioning Linux.

      5. Jim 59

        Re: No need to be a dick.

        Lol, yeah because punters in PC World always base their laptop buying decisions on the attitude of the chief kernel developer. FFS.

      6. FIA Silver badge

        Re: No need to be a dick.

        "Year of the linux desktop? Not while ..." Microsoft maintain a monopoly on IT in the workplace and consumer focused computing increasingly moves to tablets and mobiles. (and Macs).

        ;)

        Jobs was a dick and people still seem to like his shiny shiny.

        Most non techie* desktop users don't even know who Linus is.

        (*Aside: I really wanted to write 'techy' here, but I couldn't stop thinking of Mr Flibble).

        1. Teiwaz

          Re: No need to be a dick Mr Flibble

          I think you were confusing with 'tetchy' And that was an arguement between Lister & Kyten.

          Mr Flibble says "Go see the king of the potato people after class."

      7. Fluffy Bunny
        Paris Hilton

        Re: No need to be a dick.

        "so pompous, arrogant and just downright unpleasant..."

        You mean just like most of the other "industry leaders"?

      8. Michael Wojcik Silver badge

        Re: No need to be a dick.

        Year of the linux desktop? Not while the public face of linux and the internet voices of it's devotees remain so pompous, arrogant and just downright unpleasant...

        So true. Why, Windows would never have become popular if Gates and Balmer weren't so damn charismatic. And the Apple OSes also clearly owe their success to the modest charm of Mr Jobs.

        Really, I can't think of a single OS that doesn't owe its success to some saintly technical leader.

    2. chivo243 Silver badge

      Re: Sounds like he needs a kernel upgrade

      I'd punch him, that is all.

      1. tony2heads

        @chivo243

        be careful; his wife, Tove, is a karate champion

    3. phil dude
      Linux

      Re: Sounds like he needs a kernel upgrade

      and yet you're A/C, so how do we know what *you* do for a living?

      Seriously, I get why LT is not concerned about his social persona.

      Perhaps there is the lesson about meritocracy here?

      Have politicians blinded us all with their "polite but incompetent" veneer?

      There is short enough supply of competent people in this world, LT seems to have found the groove that plays the nicest tune...

      P.

  3. jake Silver badge

    There is a difference between asshatery and "not-my-problem & I'm tired of hearing about it".

    "Might Torvalds have been aware of Google's twin disclosures of as-yet-unpatched Windows flaws last week? Sadly that question didn't come up during the talk."

    Methinks Torvalds doesn't give a shit about Windows flaws. Not his problem. Nor mine.

  4. Anonymous Coward
    Anonymous Coward

    So he admits it

    He is unfit for the workplace. He may well be the darling of the penguinista fanbois, but that is no excuse for him being aggressive and insulting. If he wasn't idolised so much he would have been fired a long time ago for bullying.

    If Linux wants to be taken seriously, they have got to find a better poster-boy.

    As for 5 days to disclosure...no wonder Linux is derided. Some people have real work to do and can't spend 24/7 sat on the command line recompiling their kernels because some amateur screwed up. Again.

    At least with professional software you (usually) get updates at a predictable cadence and can plan the patches. Seems Mr Torvalds would rather have us firehose the damned things and that just won't happen.

    1. solo

      Re: So he admits it

      ..that he is not working because he is thinking of saving humanity. He's just being humble at the most (not calling himself Superman).

    2. Martyn 1

      Re: So he admits it

      "He is unfit for the workplace. .... no excuse for him being aggressive and insulting. If he wasn't idolised so much he would have been fired a long time ago for bullying."

      You could have said the same about Steve Balmer before he quit to sit on his pile of ca$h ;-)

      1. Mad Chaz

        Re: So he admits it

        Or Jobs. Rumor as it he was one heck of an asshole to work for.

        1. JDX Gold badge

          Re: So he admits it

          Gates was known for being pretty tough too in the early days, but more on the technical side where you might get ripped apart if your proposal wasn't thorough.

        2. Anonymous Coward
          Anonymous Coward

          Pattern Recognition. Re: So he admits it

          Linus. Jobs. Ballmer. Larry Ellison. Jeff Bezos. Bill Gates was reputed to be pretty brutal too, although most of his blow-ups were kept private.

          Anybody else seeing a pattern here?

          1. Anonymous Coward
            Anonymous Coward

            Re: Pattern Recognition. So he admits it

            Yes - the pattern is they are all being bell-ends.

          2. Anonymous Coward
            Anonymous Coward

            Re: Pattern Recognition. So he admits it

            Yes, realizing I'm a bit charm impaired as well, even I can see that they all would benefit from a good ass kicking out behind the barn. No excuse for bullying.

          3. Anonymous Coward
            Anonymous Coward

            Re: Pattern Recognition. So he admits it

            Yep, not tolerating fools and I certainly resemble that observation as well.

            1. sabroni Silver badge
              Happy

              Re: not tolerating fools

              Doesn't extend to those who can't construct a sentence then?

      2. Tom 13

        Re: You could have said the same about

        Or Steve Jobs.

        Or Larry Ellison.

        Or ....

      3. Teiwaz

        Re: So he admits it

        To (partially) quote the Psychiatrist from HHGTTG

        "Linus is just this guy, you know."

        From what Linus says in this vid (and from what he's said on others), you very mush get the impression that he is a total meritocrat, he believes that people should go with their strengths, and that all personality types working in their right role add to the whole, and everybody has something to give.

        All these videos are in a laid back atmosphere, a non-business-non-formal atmosphere. You'd not see the likes of Jobs or other IT Management or CTOs or commercial IT leads in such a relaxed setting often.

    3. Anonymous Coward
      Anonymous Coward

      Re: So he admits it

      Regarding his fitness for the workplace. I've knows a LOT of workplaces that would have benefited a lot from the people in charge being less politically motivated and back-stage backstabers. Give me a manager that says it strait over a lying bastard that keeps making excuses any day.

      Regarding Linux being taken seriously. Well, it DOES run pretty much all the internet critical stuff, is used in a lot of tech giants and as some pretty solid commercial backing.

      As for your supposed "professional software", I think you need some more experience with the kind of fun you can have with security issues and bugs the vendor refuses to acknowledge or fix. It gets fun really fast, especially when you're paying 6 figure sums each year for said support. (I'm looking at you Oracle)

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: So he admits it

        "Well, it DOES run pretty much all the internet critical stuff"... and the non-critical stuff, like domestic routers, i.e. the world's slowest computers... and the smartphones people use on them... and also the world's *fastest* computers:

        http://en.wikipedia.org/wiki/TOP500#Architecture_and_operating_systems

        Do I really care that my choice of desktop OS is in a tiny minority?

    4. jake Silver badge

      "for bullying" (was: Re: So he admits it)

      OH KNOWS!!! HE KNOWS HIS SHIT AND ISN'T AFRAID TO SPEAK HIS MIND!!! HE MUST BE A BULLY, BECAUSE I HAVE NO CONCEPT OF MAJOR REVISION CONTROL OVER A SOFTWARE PROJECT!!!

      Grow the fuck up, AC. If you can do it better, please demonstrate.

      Or stick with Redmond or Cupertino for a desktop OS, all the while ignoring that most of your telephone/media/TV appliances run Linux (and that Cupertino is BSD, for the most part).

    5. Jeff Green

      Re: So he admits it

      Errrrr, where to start ...

      "He's unfit for the workplace"? Whose workplace, he's fit for his and that's all that matters.

      Linux is ALREADY taken seriously, if you've used the internet today you've used more Linux than Windows, even if you are in a Microsoft house accessing Microsoft based sites that statement is probably true. Steve Ballmer was a total shit but M$ still made billions!

      Who recompiles their own kernels? Only amateurs. Amateurs are people who do things for the love of them, professionals because they are paid to. I know who I want looking after my key systems! The Linux security professionals who push out the security fixes are both amateur and professional and normally get fixes out same day.

      All the main linux distros these days have release cycles, for non-critical patches this is the way to do things, for critical patches the ONLY acceptable time-frame is ASAP. Waiting for the next 90 day release cycle while the bad guys empty your bank account may well be professional but it is also about as rankly stupid as it is possible to be!

    6. Anonymous Coward
      Anonymous Coward

      Re: So he admits it

      Microsoft screws up its kernel all of the time, and patches frequently result in yet more screw-ups. I guess however that Mr AC thinks that is acceptable since they are professional screw-ups.

    7. Dr Dan Holdsworth

      Re: So he admits it

      Actually, he is simply being brutally honest about himself, and is giving fair notice about who he is and what his personality type is. I also sympathise with his stance, because I would think he has tried the quiet, solftly-softly approach in the past, and found that it doesn't work.

      If you have a product out in the world, then it can be examined, decompiled, analysed and scrutinised. Thousands of people are doing just this. If the product has a security hole, then this hole will be found, eventually. The OpenSSL flaw was likely known about for a very long time; any protocol where the code is a horrible mess is automatically suspect as messy code is much harder to debug than is simple, efficient, neatly-written code; messy code is often buggier than neat code.

      The OpenSSL flaws were nasty, and disclosing them when discovered was the correct thing to do, and in a broader sense rapid disclosure is also the right thing to do as it forces a rapid fix. If you don't disclose flaws, they don't get fixed and while the swarms of brain-dead script kiddies don't get to hear of these flaws and thus there isn't a huge rush of witless knuckle-draggers trying to exploit them, this does not mean that they are not being quietly exploited for other, much more nefarious things.

      1. e^iπ+1=0

        Re: So he admits it

        "tried the quiet, solftly-softly approach in the past, and found that it doesn't work."

        Um, no he hasn't. He's always been loud and opinionated. That's his prerogative.

    8. Anonymous Coward
      Anonymous Coward

      Re: So he admits it

      Some people have real work to do and can't spend 24/7 sat on the command line recompiling their kernels

      - Recompiling the Linux kernel is a feature, not a requirement. On the rare occasion you're vulnerable to a kernel bug, just update and reboot.

      - Security is a 24/7 responsibility.

      - People doing "real work" on a computer have no problems with the command line.

      At least with professional software you (usually) get updates at a predictable cadence and can plan the patches

      No. Microsoft release patches at a predictable time not because they think it's a good idea, but because it's what their users wanted - in 2003.

    9. John Sturdy
      FAIL

      Amateur? Professional?

      I suspect you're trying to imply that Linux is written largely by hobbyists, with a low level of skill.

      In fact, the standard of its developers is high, and many (probably most: http://www.infoworld.com/article/2610207/open-source-software/who-writes-linux--corporations--more-than-ever.html says 80% of kernel patches) are employed to work on it. And many who aren't paid to work on it will be people who are paid to work on some other software.

      Not that the correlation between being paid to work at something, and being good at it, is perfect anyway.

    10. Amorous Cowherder
      Facepalm

      "Tough at the top"

      Have you ever run a club or a group? Takes a lot of "herding cats" type work and sometimes you have to just get everyone in line, that takes a bit of gentle goading and other times a lot of shouting. Yes I agree, there is no need to be rude or obnoxious about being in charge but when you're dealing a huge number of egos and they all want to get one up on each other including you. sometimes people need to be slapped back into line. Sorry but the world is not all happy and fluffy 'cos it's full of people and sometimes people can be arseholes to one another.

    11. Anonymous Coward
      Anonymous Coward

      Re: So he admits it

      The only thing he admits is that he's Finnish. Generally they are not a nation of smarmy suck-ups eager to embrace the "oh well at least you tried, here's a promotion" approach so popular in the US.

      1. Tom 13

        Re: here's a promotion" approach so popular in the US.

        once upon a time, the US was probably even more brutal on that front than the Fins.

        Honestly, I think we were better off back then.

    12. Anonymous Coward
      Anonymous Coward

      Re: So he admits it

      You sound like a lard-ass to me.

      1. Anonymous Coward
        Anonymous Coward

        Re: You sound like a lard-ass to me.

        Hard Hat! Hard Hat!

  5. Adair Silver badge

    As far as I can see...

    Linus isn't an 'unpleasant person' because he enjoys bullying people, but because he has no patience with bullshitters, or anyone who's more concerned about their ego than about the quality of their code and their willingness to be part of the solution.

    Fit for the workplace? Definitely, there's a clear job to be done, and if you can't stand the heat or aren't up to the job then what the hell are you doing in the kitchen?

    If Linus is gratuitously rude in order to hurt and/or manipulate people that is different, but I can't say I've ever read a quote where that seems to be the intention; he seems far too pragmatic and focussed for that kind of egotistical bullshit.

    1. Amorous Cowherder

      Re: As far as I can see...

      Exactly! I've run groups of volunteers and the biggest problem is getting a solid commitment. Most people here would have been managed in a work environment, there you have to do the job so everyone is already committed to the project as payday is reliant on you pulling your weight.

      With volunteers, people will happily say they will commit but then when you push them a little to get done what they promised, they suddenly have 50 other things to get done! If you get a commitment from someone then a promise is a promise and it needs to be seen through unless circumstances are so bad that it's impossible.

      I can't imagine what it's like to be in charge of such an important piece of code like the Linux Kernel and ensure all the egos are held in check and everyone is doing what they said they would to the best of their ability. Like herding a swarm of locust using a tea strainer!

  6. Deej

    Middle finger

    Much as I appreciate that Linus is not known for his diplomacy or tact, it doesn't mean that El Reg has to plaster the picture of him giving the middle finger all over the website. Where I work that makes the whole of The Register NSFW and there could be more organisations like mine, and it becomes more prominent because of the site redesign too.

    Just a polite request to consider where your audience accesses your site, that's all.

    1. DanDanDan

      Re: Middle finger

      Agreed. Can it at least be a blurred/pixelated finger?

    2. Hans 1
      WTF?

      Re: Middle finger

      >Just a polite request to consider where your audience accesses your site, that's all.

      Ohhh, come on ... where do you work ? Seriously ? Kindergarten or Airline ? This reminds me of Jim Jeffries "Business Class" act ... have your coworkers never seen a middle finger ?

      1. Graham 24

        Re: Middle finger

        "have your coworkers never seen a middle finger ?"

        I'm sure most have, and that they know what it means. That doesn't make it appropriate for a site like The Register.

        Most co-workers know the meaning of all the common "four letter" words. Most co-workers know what a person of either gender looks like without any clothes on. That doesn't make swearing or nudity appropriate for a Register article either.

        1. DropBear
          WTF?

          Re: Middle finger

          You seem to have used the words "Register article" and "appropriate" in the same sentence. By mistake, surely...

    3. Amorous Cowherder
      Facepalm

      Re: Middle finger

      It's funny OK? It's a little joke to make the man seem less like a God to some or a demon to others, but to make his public persona more like what he is, a human being with all the frailties that come with it.

    4. Doctor Syntax Silver badge

      Re: Middle finger

      "it doesn't mean that El Reg has to plaster the picture of him"

      But it doesn't mean you have to see it. Just block all images from regmedia.co.uk until they get over this redesign nonsense. You'll lose one or two meaningful things from time to time but on the whole the signal to noise ratio will be greatly enhanced.

      1. sabroni Silver badge
        Happy

        Re: Yeah Man!

        Fire up Lynx!

  7. Amorous Cowherder

    Rusty Russell ?

    Sounds like the name of a 1970's prog rock band drummer.

  8. Anonymous Coward
    Anonymous Coward

    Ballmer may have gone but at least we still have Linus.

  9. Anonymous Coward
    Anonymous Coward

    There are a lot of unscrupulous people in the world

    ...and no where near enough authorities to prosecute them all. Since the crims know this they continue their criminal ways be it hacking or other crimes.

    BTW it's interesting the meaning people attach to gestures. Is he just saying he's #1 or is he implying something different? It's all a matter of your beliefs.

    1. Steven Raith

      Re: There are a lot of unscrupulous people in the world

      Here's the context including apparently not safe for work hand gesture and language. Although if I worked somewhere that had a rule about hand gestures being seen on monitors being banned, I think I'd just fucking quit. I'm not nine..

      Anyway, if you can't get Youtube either, Linus bemoans the fact that Nvidia were flooding the market with Android chipsets and contributing fuck all back to the kernel - he cites them as by far the worst for this. "So Nvidia....fuck you".

      There's a bit of a smile there - you can tell he just thought of it right there and then.

      And it worked.

      1. Graham 24

        Re: There are a lot of unscrupulous people in the world

        Most places, if you used the language from your post at work, you wouldn't have a chance to quit; you'd be fired first. Try standing in reception at your place of work, in front of customers, and read your post out loud. My guess is that someone would complain in fairly short order.

        1. Steven Raith

          Re: There are a lot of unscrupulous people in the world

          No-one has ever complained about my language usage - period. But then, I know how and when to swear for maximum efficiency and ruthless, brutal effect.

          I have interviewed at places where they've felt my use of language was unprofessional (not swearing - just colourful euphemisms, vivd descriptions, etc) and I've been the one to terminate the interview, because, as noted, I'm not nine, I'm a grown adult and if I can't voice my opinions clearly and consisely, I don't want to work there, period.

          The thing with swearing - when you do it right, no-one will care you've done it at all.

          Steven R

          1. Long John Brass

            Re: I'm not nine

            Agreed, utterly & completely

            But as you say, the trick is to use that style of language at the right time for maximum effect.

            Some of my workmates over the years have effed & Blinded every second word; sort of dulled the impact of the *censored* words in question.

            I've always taken a twisted sense of pride in trying to get the same effect as swearing but with only "standard" descriptive language (it helps exercise the vocabulary). I was once oven able to make a co-worker blanch without a single foul syllable :)

          2. Graham 24

            Re: There are a lot of unscrupulous people in the world

            Well, I've never seen the need for it - on internet fora or in "real life".

            Far from finding you to be "efficient, ruthless and brutal", to me you came across as crass.

            If you can't voice your opinions clearly and concisely without swearing, it's probably time to expand your vocabulary.

            1. Steven Raith

              Re: There are a lot of unscrupulous people in the world

              My vocabulary is perfectly fine Graham me old chum :-) and to be fair, if someone does take great offence at my use of language - I do tone it down, although I tend not to let myself get into situations like that. But these are exceptions, and generally, once people realise that I'm not swearing just to be offensive or crass but to make an important point then they tend to be very chilled about it.

              When I swear, it's either because it's necessary or because it's funny. Because I'm a fucking professional, I am*

              Steven R

              *see what I did there? ;-)

              PS: Upvote because you're not wrong - I just have a different opinion on the subject...

        2. Michael Wojcik Silver badge

          Re: There are a lot of unscrupulous people in the world

          Most places, if you used the language from your post at work, you wouldn't have a chance to quit; you'd be fired first.

          Most places? I find that very hard to believe. Have anything to support that claim?

  10. PAT MCCLUNG

    Linus Torvalds is a treasure. The right man, in the right place, at the right time.

  11. Herby

    Used to be...

    That software was just something used to sell the hardware. When people started trying to make $$$ on it they hid it from everyone. Personally I would like to see what is behind the curtain before I buy something.

  12. Anonymous Coward
    Anonymous Coward

    Integration

    Well one of the biggest problems with MS being able to fix things in a timely manner is that they have highly integrated everything into everything. The *nix philosophy is to have many simple things work together (systemd aside) which is why it often is easier to "fix" things on any *nix based OS (OSX included). MS is their own worst enemy in this regards starting way back with the whole IE/Netscape bs they threw onto the world.

    For MS any "fix" isn't as simple as fixing the part that is flawed it is also making sure that this "fix" does not have any ripple effect causing more issues then what it resolves. One other reason why the average 3 year OS cycle they would like to push is also a very naive thought process. XP for all the growing pains it went through was truly an OS that most people respected that is why you get the troll baiting comments from the likes of AnonCoward #3 the tie die comment. Once the OS was finally very stable about 5 to 6 years in they dumped it.

    To put it simple, the longer any project is worked on the more stable it becomes as long as your not adding more bells and whistles with every patch.

    I've commented on this before but I guess it needs saying again, a known fact was that XP was released with 10000 known bugs, in August 2001 so many flaws that are disclosed have been known from day one. Also to give a bit of perspective is some unknown unknown (Cheneyism) comes along you may want to investigate the whole chain of code intertwined with that flaw, there may be something else. For profit companies do the least possible otherwise they would not make profit, that is a fact which is why the concept of what MS is trying to do is fundamentally flawed.

    Apple understand it a bit better (and I am so not an Apple fan but I give credit where it is due), they use someone else's base (BSD) with their shiny ontop, maybe it is time for MS to think in that direction, I'm sure a majority of the *nix world would buy into that without much argument. I never understood why there are so many silos in IT, it doesn't make sense, there is always room for money to be made, general users/companies who are not tech companies don't want to invent new tech they want to make money in their respective business foodchain, they will pay for it to be done for them.

    If the industry would just stop breathing methane and start breathing oxygen then they would realize have a consortium to deal with the base and build your shiny ontop of that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like