I don't agree with RMS on everything, but it irks me to no end that Torvalds has criticized the free software movement as "Driven by hate" while everyone admires how unconventional and flame-happy Torvalds is. It's not as if his flames are more noble or more entertaining than RMS's, it's a pure double standard and pure bias.
Free software advocates often hate Microsoft, for their endless corruption. So does the co-founder of OSI. Torvalds hates corruption of other organizations-- what's the difference?
not to necessarily excuse torvalds, but one big difference is that his rants are a lot less ideological than stallman's. to a first approximation, linus rants against people he feels are being stupid, whereas rms rants against people he feels are being evil.
Most interesting part of that article is Linus' view on the security industry - haven't really heard much discussion on that from him before. I don't think it's as bad as all that - most security researchers are pretty good at contacting companies first to fix bugs before going along with the whole conference thing. At the heart of it he's right though, the whole IT security industry is basically just about profiting off the mistakes made by coders. That's pretty different from the real world security industry where you take something and actually secure it, rather than patching up the mistakes of others and claiming credit...
It is probably a good thing that the US has a strong security community, especially since they write a good chunk of the software that takes up most of the CPU time.
The other option would be government funded hackers in places like China finding security holes in US made software and ensuring they remain undisclosed (to anyone outside Chinese govt) to maintain an advantage.
Not meaning to pick on China in particular here, would it be any better if the US govt was the only ones to know this stuff?
Do you think NSA and CIA doesn't do the same? They even buy zero day exploits from hackers so they can use them themselves against other countries. How do you think they made Flame work? And these guys are "Government sponsored hackers" too. In fact they are even hiring for this right now.
That's sort of my point. If there isn't aren't independent security researchers who make a stink about security issues thus causing them to be fixed then these government organisations will be the only ones with knowledge.
Yeah I think you can't argue that malicious hackers won't find it and make it far worse if we removed the non-malicious hackers. It's obvious that hacking would be far worse without security researchers finding and disclosing bugs that can be fixed.
What Linus is describing seems to be more along the lines of 'public approval'. When a big new hack is found, the researcher who finds the hack is treated like a rock star and given a ton of praise, and the company/coder responsible for the security bug gets a lot of dirt thrown their way. "How can you be so stupid as to let customer's data be taken?!" - that kind of thing. As Linus says, these bugs are generally very complex things and people obviously make mistakes.
Might be better for the community in general to try and not treat security researchers/hackers with so much awe? Moot point at any rate, it's just human nature - not going to be able to change that. People will always jump on this kind of thing (strikers in soccer get far more awe than defenders, even though both are equally valuable to the team).
That's true, there's a lot of ego in this. Just watch any DEFCON talk for examples. OTOH nobody wants to be the idiot who wrote the insecure code or don't want their company shamed.
This can help developers persuade their bosses to allow them to spend the necessary time to diligently check their work for security issues.
Part of this is probably also the holywood perpetrated stereotype of the "hacker" as some evil/good mastermind who can destroy military infrastructure by typing a few commands on his terminal. This is seen as sexier than being some guy who writes code for a living.
"... the misdeeds of security industry and security researchers who become famous by uncovering the mistakes that people like Torvalds have missed." (from the article)
That's kind of what he's talking about though, isn't it? That idiot who let the vulnerable code go live to half the world in the case of a Linux vulnerability would be Linus. You'd have to argue pretty well to be able to convince anyone that Linus is an idiot though! Security (especially at a kernel level) is likely far too complex to be just a checklist of "don't do this" or "do this" and it magically becomes secure.
That would be USB. The floppy controller on AT-era PCs I'm pretty sure would only support 2 drives.
ObStory:
Minix + floppy drives taught me a valuable lesson about compression. In Minix there was a very useful command called "vol" which let you split the input over many floppy disk "volumes", eg:
<some huge input> | vol -w 360 /dev/fd0
would split the input, prompting you to change the floppy between each 360 kilobyte disk.
I chose this command to back up my Minix system:
tar cf - / | compress | vol -w 360 /dev/fd0
Unfortunately when I came to read it back, I found that floppy disk #5 (of about 15) had a bad sector, rendering the entire remainder of the backup useless.
Way before I got into PC / Linux I was into C64 and Amiga piracy as a kid. When we had stuff that needed more than two or three disks we'd use additional disks as a redundancy method. I don't remember all the redundancy details but basically if you have one additional disk you could have any one of the disk fully failing and you'd still be able to get back your data.
I'm pretty sure that there was a command-line to do the same ; )
Free software advocates often hate Microsoft, for their endless corruption. So does the co-founder of OSI. Torvalds hates corruption of other organizations-- what's the difference?