Announcement

Collapse
No announcement yet.

Kernel.org Still Struggles To Return

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by Wyatt View Post
    Microsoft could try to spin this if they liked, but all it would manage is poisoning the well with any remotely-competent IT person.
    One could argue that linux.com/kernel.org lacked such a person. Gotta be careful with statements like that.

    It's not like the stakes in a complete security audit are an unknown or something. It's an apples to oranges comparison if their scenario is anything but "someone with commit access to our operating system was social-engineered into compromised credentials and may have inserted malignant code", and in the first place neither Apple nor MS have a sterling record they can boast in contrast (and don't think they don't know it)
    Not saying that Apple nor MS haven't had their issues as well, however it has not taken them a month+ to get those services running. Remember is was Linus himself that chose to start calling down others on their security mindedness with his "masturbating monkeys" comments a few years back. It looks like now and only after that they were compromised that security has once again become an issue that requires a bit more attention "then anything else".

    If they (any of them) somehow managed to...say, lose tens of millions of users' personal information (i.e. "Pull a Sony") I'd be all for laying into them, but that's not the scenario.
    It could have been just as easy to get that information had such information been present.

    Taking time and being careful while still developing the kernel? That earns my respect. From where I sit, their response was actually pretty on the ball, and it'll be relatively simple to turn git into the star of this show when it's all done.
    They could have just as easily addressed the immediate issue and kept going with the old system until the replacement was ready.

    Comment


    • #12
      Originally posted by 89c51 View Post
      and kernel.org isn't exactly the first thing the average user will rush to to get his updates or something. it is down and i suspect apart from devs and geeks the average linux user didn't even notice.
      Besides, it's probably maintained more as a hobby by some kernel developers, and they have other things to do. And --OSS and distributed development FTW-- linux.org is not really that important to have for us compared to microspf.com or aple.com for them.

      Comment


      • #13
        Originally posted by not.sure View Post
        Besides, it's probably maintained more as a hobby by some kernel developers, and they have other things to do. And --OSS and distributed development FTW-- linux.org is not really that important to have for us compared to microspf.com or aple.com for them.
        I respectfully disagree. If it is maintained as a "hobby" that is a problem and a serious one at that. Like it or not it does leave a bad impression to have associated "banner" web sites for your product to go down for extended periods of time especially when it served as a mirror for many distro's. Those sites were getting 100k plus hits a day all the way back in 1999 and has grown considerably since then.

        Comment


        • #14
          Originally posted by deanjo View Post
          Even though they are "trying to do things right", it still doesn't look good having a month of downtime after a security breach. You can be rest assured that MS already has a bunch of presentations in the works citing lengthy delays of recovery and using it as a horror story example to IT's who may be considering migrating to Linux.
          And they would be right in doing so.
          It is more than just embarrassing. Also a lot of people said that there was no danger anyway since the linux kernel sources are managed via git. Yeah but these people obviously forgot that kernel.org was also hosting packages for at least Arch Linux.

          Comment


          • #15
            Originally posted by deanjo View Post
            It could have been just as easy to get that information had such information been present.
            Yes, but such information wasn't present. That is one of the reasons why the two situations are so different. The practical impact of a security breach at the Linux servers is small. The practical impact of a similar security breach at the Microsoft or Apple servers would be massive. So saying that people would be hypocritical for being more upset at an Apple or Microsoft security breach than this one ignores the difference in impact the events would have.

            It is like saying people would be hypocritical to be more concerned about a fire at huge apartment complex with hundreds of apartments than one at a single-family home. The potential impact of one is much greater than the other, even though both are bad.

            Comment


            • #16
              Originally posted by TheBlackCat View Post
              Yes, but such information wasn't present. That is one of the reasons why the two situations are so different. The practical impact of a security breach at the Linux servers is small. The practical impact of a similar security breach at the Microsoft or Apple servers would be massive. So saying that people would be hypocritical for being more upset at an Apple or Microsoft security breach than this one ignores the difference in impact the events would have.
              Sorry but you are assuming that every server system @ apple.com/ microsoft.com / amazon.com / store CC information and the likes and that is the farthest thing from the truth. Do you know for a fact for example that the linux foundations funding information for example has not been compromised?

              Comment


              • #17
                Summary: deanjo is disappointed that there hasn't been a big backlash due to the lenghty downtime of linux.org. As a bsd proponent he has a dislike for Linux and perhaps more towards Linus due to a (admittedly shitty) remark where bsd developers where compared to masturbating monkeys. As such he wants this breach to reflect as badly as possible on Linux as a whole. *yawn* more bsd<->linux zelot mudslinging...

                Comment


                • #18
                  Originally posted by XorEaxEax View Post
                  Summary: deanjo is disappointed that there hasn't been a big backlash due to the lenghty downtime of linux.org.
                  Just pointing out the double standards of how it is viewed for no logical reason other then "it's bad when it happens to others but when it happens to our faction it is acceptable".

                  As a bsd proponent he has a dislike for Linux and perhaps more towards Linus due to a (admittedly shitty) remark where bsd developers where compared to masturbating monkeys. As such he wants this breach to reflect as badly as possible on Linux as a whole. *yawn* more bsd<->linux zelot mudslinging...
                  It has nothing to do with free vs closed, os vs os, it does however have everything to do with being prepared and not letting "bush league" administration practices effect public perception by any for/against faction. It's just bad administration and deployment, period.

                  Comment


                  • #19
                    Originally posted by XorEaxEax View Post
                    Summary: deanjo is disappointed that there hasn't been a big backlash due to the lenghty downtime of linux.org. As a bsd proponent he has a dislike for Linux and perhaps more towards Linus due to a (admittedly shitty) remark where bsd developers where compared to masturbating monkeys. As such he wants this breach to reflect as badly as possible on Linux as a whole. *yawn* more bsd<->linux zelot mudslinging...
                    Despite his zealotry (I think mostly nobody is free of that in this site, myself included), he has some valid points.

                    It's obvious this is a disaster for Linux and must be a lesson for Linux Foundation and the community itself. Anyway, Linux ecosystem has a long Nietzschean-like way: Which does not kill Linux, makes it stronger.
                    • One of the big things was the BitKeeper controversy, this resulted in Git.
                    • The SCO controversy implied to different parties like Novell, IBM, Red Hat, Linux and others. Finally the copyrights got resolved and Novell was the one owning the UNIX copyrights, that is positive because (still) being a Linux-based company.



                    So I think this will result in something to manage Linux Foundation's services in a lot more professional way and also a motivation to innovate in them.

                    Comment


                    • #20
                      Originally posted by timofonic View Post
                      Despite his zealotry
                      I don't think of deanjo as a zelot, which to me is someone who is a fanatic and I don't think he is, although he's certainly a bsd partisan. That said there are some people here on phoronix who in my opinion would fit the bill, both in the linux/bsd camps. Personally I'm an everyday Linux user, however what I REALLY want to use is Haiku, Linux is just the best alternative for me until (hopefully) Haiku matures enough for me to use it as my primary desktop system. So yes, I'm certainly a Haiku partisan/fanboy. However, unlike the case with a zelot, my liking of Haiku does not translate to dislike/hatred toward other systems.

                      Originally posted by timofonic View Post
                      It's obvious this is a disaster for Linux
                      Ehh? Disaster? Development went on practically uninterrupted (I just built and installed the latest rc). Again deanjo is unpleasantly surprised over the fact that the slow return of kernel.org hasn't started a massive shitstorm. But the answer is obvious, not kernel.org nor the Linux Foundation webstite are in any way a vital part of Linux development, as proven by this situation. As for the breach itself, from what has surfaced someone with root access has had his account credentials compromised and that account has been used to deploy a rootkit which in turn has been fishing for other credentials. Obviously no security system can protect itself from a malicious user with proper credentials for a root account, so the real question is how the credentials were compromised in the first place and if security policies can be amended to prevent something like this from happening again.

                      Originally posted by timofonic View Post
                      Anyway, Linux ecosystem has a long Nietzschean-like way: Which does not kill Linux, makes it stronger.
                      I don't see how Linux has come out stronger from this, nor can I see how it has come out weaker. It has perhaps highlighted the flexibility of it's development model (by simply moving the project temporarily to github) but I doubt that was news to anyone.

                      Originally posted by timofonic View Post
                      So I think this will result in something to manage Linux Foundation's services in a lot more professional way and also a motivation to innovate in them.
                      I certainly think that there will be a focus on security procedures and a tightening of account priviledges, but again I can't see how this has any measurable effect on 'Linux'.

                      Comment

                      Working...
                      X