Originally posted by sdack
View Post
Announcement
Collapse
No announcement yet.
Linux 4.14-rc7 No Longer Clashes With AppArmor To Break Networking
Collapse
X
-
Originally posted by GreatEmerald View PostI was under the opposite impression. Didn't they introduce a new security feature that, given that access is denied by default, would deny access to the internet unless given permission to the application?
Originally posted by sdack View Post...
Seriously, when you screw up and refuse to either admit that you screwed up or put in any kind of effort into fixing the mess you made, instead saying that other people who should learn to live with the mess that you made, you deserve to get chastised for it. The only thing you can really fault Linus for here here is his excessive use of profanity in the chastising, nothing else.
Seriously, the fact that changes in the kernel occasionally break things doesn't mean that it's ok to do it for no reason. The fact that you run over some old lady because you were texting while still counts as manslaughter even when other people drive distracted.
This kind of attitude of "Everyone is doing it so it's ok for me to not give a damn about doing thing properly even if it causes problems for other people" may be acceptable for your own little hobby projects, but when you're working on something worked on and used by as many people as mainline Linux+derivatives is, this sort of thing is just unacceptable. If you can't get with it, get out!Last edited by L_A_G; 31 October 2017, 10:15 AM.
- Likes 2
Comment
-
Originally posted by sdack View PostSure do I expect a kernel to break user space. Some things always break with a new kernel. It doesn't actually matter what it is that breaks. Even when it's called "user space" is it still just something most users don't actually come in touch with. Most users don't mess around with kernel APIs. And as a software developer do you not have a problem with occasional changes to APIs. It's part of the job. Administrators then have to deal with all sorts of problems created by newer kernels. To them is the task of finding and installing the right driver, for example, a part of their user space. Do you see them getting "protection by Daddy"? No.
What then makes sense and doesn't has nothing to do with rules. Sense comes from context and if a change makes sense, or if it doesn't, depends on the context. If then the only context you can find is that it broke a rule then fuck the rule and move on, or you just end up digging yourself into a pile of BS without any substance and for you to be believable.
Do you disagree?
I'm a user space developer and I have never ever had to make a single change in any of my programs due to a kernel change, I have tons of applications from back when kernel 2.0 was the main version and they all work flawless with 4.13.
I also happen to admin all our servers and "finding and installing the right drivers" sounds like a Windows problem, all the drivers that we use come from mainline. And on my home machine I use an AMD card so the driver is once again from mainline. I have also downloaded and compiled every new stable kernel release from v4.4 to v4.13 and they all run on my Ubuntu 16.04 with all user space unchanged without any problems what so ever.
So no I have no clue what you are talking about.
- Likes 1
Comment
-
Originally posted by starshipeleven View Postneither are hacked-together knockoffs of grsecurity, as they focus on mostly other stuff entirely.
Mind you, there's a technical & historical reason for this: Many of grsecurity patches hurt performance since they double-check certain operations. It's not as bad nowadays since the overall hardening efforts have made similar compromises after countless exploits showed it's the only reasonable decision... But historically, their patches were rejected over performance concerns.
Comment
-
Originally posted by starshipeleven View PostThere are rules set down by Torvalds ...
Comment
-
Originally posted by L_A_G View PostOh for crying out loud...
See? The nonsense works both ways and accomplishes nothing. Now you, too, know why we have rules in our society, why we value respect and dignity even with laws, because these matter to the majority of people. Only the idiots try to yell on the Internet, preferably with bold text, because their brains don't get the type of media they are trying to yell at. Learn to manage your anger or it just blocks out the rest of your brain.Last edited by sdack; 06 November 2017, 04:52 AM.
Comment
-
Originally posted by F.Ultra View PostYes I disagree. What user space is and what user space is not is already defined ...Last edited by sdack; 06 November 2017, 05:07 AM.
Comment
-
Originally posted by sdack View PostShut the fuck up.Only the idiots try to yell on the Internet, preferably with bold text
Seriously thou, as I said, the only issue here is Linus' excessive use of profanity. If you can't stand being chewed out for not only making mistakes, but also refusing to fix them and instead insisting it's other peoples' job to work around the mess that you made you probably shouldn't be working on anything other people actually use. You're probably better off just working on your own projects in your bedroom and letting people with at least some semblance of co-operative software development actually do that.
Comment
-
Originally posted by cyberwizzard View PostDoes anyone know why Linus is 'unhappy' with AppArmor as it is?
Linus always says "we don't break userspace" and even if Michael overblown the issue somewhat. It wouldn't break any distro, this would break only distro maintainer boxes, who would fix the issue before it hit their userbase. That and presumably few tens of thousands of people that compile kernel themselves AND use apparmor (which would account for .1% linux users not counting embedded).
I think Linuses comment was mostly hating on state of kernel security subsystem in general, security people tend to go overboard with "security first" and annoy linus with patches that often sacrifice performance for doubtful security gains. Plus there is this outdated linux security module (LSM) model that is somewhat broken in practice and no longer just doing what it's supposed to do.Last edited by Guest; 07 November 2017, 11:52 AM.
Comment
-
Originally posted by sdack View PostNo. Everyone has their own definition and the definition made up by kernel developers in particular are impractical for most purposes. Nobody outside the kernel development actually cares for them. Even within the kernel development are there exceptions to the rules. And when the rules needs to be enforced by anti-social behaviour then it shows only further. It's really an arbitrary rule set made up by a dictatorship to serve its own existence with similar features of favouritism among its followers. Only it's not quite as bad as it was with Saddam Hussein of course (the only dev I know of who killed somebody was Hans Reiser), but it's in there.
Comment
Comment