Linus Torvalds called out for rude conduct?

http://arstechnica.com/information-technology/2013/07/linus-torvalds-defends-his-right-to-shame-linux-kernel-developers/

"nixonismyhero, promoted user comment on ArsTechnica" wrote:

This seems less about being "professional" and more about being "courteous". ... While he might be correct in advocating a more direct management style within the Linux development community, he doesn't have to be rude, arrogant, or obnoxious to do that.

Now that is a good one, thanks :-)


Well, his style has enthused and powered one of the greatest developments of all time in the IT world. For the passions that have been poured into that, a little jest and and a few harsh words are very much in order to my mind.

Note that the examples given are some good journalistic juicy bits for some right royal clangers of code that were withheld, done in adversity, or simply shouldn't have been tried to be sneaked in. All were then done properly or just didn't make it.

Is abuse justified?... Not really. However, such jocular abuse does seem to be very much a part of the development world. A certain creative pride with words as is used for creative code... It's also all very far removed from the sort of stuff of play and jest on such as construction sites. I doubt Ms Sharp could cut through all that fun!


Note there is a LOT of aggressive history from nVidia that lead up to their example of a very public chastisement. That clanger does seem to have cleared the impasse where years of diplomacy failed as they were forced to explain themselves...

I wonder what the back-story is for why this particular piece of lack-luster code was being rushed in too soon to be very publicly stopped?


Myself personally, I very much prefer the rants from Linus than suffer mediocrity in the kernel. It also cautions to do proper testing rather than sabotage the rest of the world with proprietary-style rushed shoddy code! (Must bear that in mind for my present attempt at a filesystem patch...)


IT is what and how we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Myself personally, I very much prefer the rants from Linus than suffer mediocrity in the kernel.

Is it an "either/or" proposition?

---

I think you'll find it's a bit more complicated than that ...

Myself personally, I very much prefer the rants from Linus than suffer mediocrity in the kernel.

Is it an "either/or" proposition?

Yes, I think so.


It's utterly amazing the half-hearted rushed crap that you can get foisted with unless the sender knows that they will get some suitable feedback/comeback.

It's all a question of whether you have time available for others to waste your time fixing their problems for them. In the proprietary world, it's amazing for the tricks done to 'delegate work' onto others... The whole game is hugely time wasting all round and kills development.

I think it is very much better to know that "honest crap" gets a "very honest rebuke". The colourful language can give an effective and humorous splash to drive home the message to all.

There is a lot passion that goes into good code. There's also with that pride and the occasional dented feelings.


For the Ms Sharp example, from quickly reading around it's possible that a game was being played to try to circumvent the features freeze for that kernel version to try to rush in code one kernel version too early to then do the proprietary rush trick of "keep all the bugs quiet to fix later when already sold to the users". I would hope and expect Linus to go thermonuclear ballistic plus added fireworks if that trick was attempted...

(Perhaps the lashing out by Ms Sharp is precisely because that was attempted and publicly caught dead?)



Also note there is something of a self-effacing humour in open development. For just one example I'm following for example:

>> +#define list_del_each_entry(pos, head, member) \
>> + while (list_empty(head) && (pos = list_first_entry((head), \
>> + typeof(*pos), member), list_del((head)->next), 1))
>> +
> Shouldn't it be while (!list_empty(head) ... ?
> (not operator addition)
Obviously! Now where is that brown paperbag...

Will resend in a few days, ...

Those hiding behind proprietary secrecy are just not used to working with their work being so naked to peer review. You learn very quickly to learn and care to be good with your code. You also get helpful help to learn quickly. That encourages good passion for good development.

Also, that is all very different to the proprietary world where there is tremendous pressure to get product "out-the-door" in a rush and usually not fully working. You then rely upon in-the-field updates to rush-fix things before too many people notice to complain... (You may well also be pressured to rush the manufacture lead time too much and then you have to make updates specially to work around production cock-ups.)


IT is what we make it,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

More malware?

http://arstechnica.com/security/2013/07/android-malware-that-gives-hackers-remote-control-is-on-rise/

"Sean Gallagher@ArsTechnica.com" wrote:

The app can grab call logs, contact data, and all SMS messages on the device, as well as capture messages as they come in. It can provide live monitoring of call activity, take pictures with the phone’s camera, and stream audio from the phone’s microphone back to its server. It can also post “toasts” (application messages) on the screen, place phone calls, send text messages, and open websites in the phone’s browser. If it is launched as an application (or “activity”), it can even stream video from the camera back to the server.

More malware?

http://arstechnica.com/security/2013/07/android-malware-that-gives-hackers-remote-control-is-on-rise/

"Sean Gallagher@ArsTechnica.com" wrote:

The app can grab call logs, contact data, and all SMS messages on the device, as well as capture messages as they come in. It can provide live monitoring of call activity, take pictures with the phone’s camera, and stream audio from the phone’s microphone back to its server. It can also post “toasts” (application messages) on the screen, place phone calls, send text messages, and open websites in the phone’s browser. If it is launched as an application (or “activity”), it can even stream video from the camera back to the server.

Yes, as in not much more than proof-of-concept stuff. Have you seen the numbers and what's required?

Thanks for that and a bit of a curious one. All a bit of a business-advertisement planted article? Headline news for that??


From the article:

... When a user downloads what appears to be a harmless app that has been bound to Androrat, the RAT gets installed along with the app without requiring additional user input, sneaking past Android’s security model. Symantec reports that analysts have found 23 instances of legitimate apps that have been turned into carriers for Androrat. The code has also been incorporated into other “commercial” malware, such as Adwind—a Java-based RAT that can be used against multiple operating systems.

Lelli said that Symantec has detected “several hundred” cases of Androrat-based malware infections on Android devices, mostly in the US and Turkey.

... So, if that's the best that an anti-virus company can drum up to scare the populace with!


The main notes are that it can be done for the moment, and that it cannot spread of its own accord, and you need to download a booby-trapped app from whatever non-mainstream site.

You can bet that one soon gets stopped dead and with nothing like the ripples from the NSA and PRISM...


Next? (Is this now admitting that Android Linux is dominant? ;-) )

IT is what we make it,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Wow. Head in sand.

As the android fruit ripens it will soon attract the same attention as the windows fruit and begin to be eaten with the same intensity as the windows fruit was consumed.

Since it can dial the phone, how long before some crime syndicate sets up a premium phone number and starts calling it? Wouldn't have to be a large charge, in fact small is better as it is more likely to not be noticed on a phone bill. And most phone bills don't show call detail anyway. Say how about a "free" android anti-virus from Syndicate Labs to carry it? Oh it works as an anti because they don't want the competition, but it isn't free!

---

Wow. Head in sand.

Was wondering when you might jump in...

As the android fruit ripens it will soon attract the same attention as the windows fruit and begin to be eaten with the same intensity as the windows fruit was consumed.

Take a good read of my next post as to why that likely will not happen... And certainly not in the same way... All by design.

Since it can dial the phone, how long before some crime syndicate sets up a premium phone number and starts calling it? Wouldn't have to be a large charge...

There's been various scams for that already. No smartphone needed.

For any device that has the flexibility to download new software to execute new features, you always have the potential that the new software doesn't do what you want or expect. Google is protecting its apps store by vetting apps and blocking known obvious malware. FLOSS projects very carefully guard their code with digital signing and peer review.

That as always still leaves determined foolhardy people to download malware from untrusted random sources if they really want to. So far, there is still none of the no-user-interaction-needed virus silliness of the type often seen with one certain OS. By design.


IT is what we make it,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

There's occasional mention of OS design and how that is important for security and other aspects. A good summary of that is given on

Operating-System Comparisons

That's a little dated now but still very informative for the systems we use today and for why we have the good and the bad that we have today. Also note that the comparison covers Apple for before their switch to their BSD-unix based 'OS-X'.

Myself, I think Apple's move to OS-X was a very good jump that has helped them.

However, shame how most big companies as they get 'too big' seem to go rotten at the core :-(

IT is what we make it,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Google is protecting its apps store by vetting apps and blocking known obvious malware.

You keep saying that but offer no evidence it occurs. Do they require submission of source code?
If they only block "obvious" malware, then not-obvious malware will rule the roost.

---

http://arstechnica.com/security/2013/07/hack-exposes-e-mail-addresses-password-data-for-2-million-ubuntu-forum-users/

Using the standard Linux distro hash I see, MD5 + salt. Considered insecure.

---

http://arstechnica.com/security/2013/07/hack-exposes-e-mail-addresses-password-data-for-2-million-ubuntu-forum-users/

Using the standard Linux distro hash I see, MD5 + salt. Considered insecure.

Since the advent of GPU-based brute-force attacks, indeed so. Indeed any "fast-encryption" method is now considered insecure to brute-force methods.

Note also that the "MD5 + salt" method is 'industry standard' and widely used. More scary yet is that many websites STILL do not encrypt passwords at all, or casually just use plain MD5 as done from many years ago.


Ubuntu responded very quickly to take the site offline and warn everyone that their encrypted passwords had been lifted. At least that should give time for people to change their passwords before the MD5 encryption can be broken (unless they have used something too obvious which wouldn't require decrypting to be guessed anyway).


Aside: This excellent little comic gives the best advice fro how to construct your passwords:

Password Strength

And don't use any one passphrase (password) more than once!


IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Here's an interesting alternative approach on an ambitious scale:


Ubuntu Edge smartphone seeks $32m of crowdfunded cash

The developer of the Ubuntu operating system has turned to a crowdfunding site in an attempt to launch a handset pre-installed with its software...

... Canonical says Linux-based Ubuntu is different to other smartphone operating systems because it can run the same desktop applications as a PC installed with its software.

Programs look like a standard mobile app when the handset is being used as a standalone device, and then change their user interfaces to that of a desktop application when the phone is docked with a monitor. In addition the OS supports apps written in the HTML5 web language...


Here's wishing them good success!

IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Aside: This excellent little comic gives the best advice fro how to construct your passwords:

Password Strength

And don't use any one passphrase (password) more than once!

Actually, this ArsTechnica article outlines why the XKCD comic is no longer an ideal way of constructing a password (again, thanks to brute-force GPU password hacking).

Because password hacking has been made so easy thanks to GPUs, the only safe way to handle passwords now is to use a password manager.

Aside: This excellent little comic gives the best advice fro how to construct your passwords:

Password Strength

And don't use any one passphrase (password) more than once!

Actually, this ArsTechnica article outlines why the XKCD comic is no longer an ideal way of constructing a password (again, thanks to brute-force GPU password hacking).

Because password hacking has been made so easy thanks to GPUs, the only safe way to handle passwords now is to use a password manager.

Thanks for that very good link. That shows well how our old passwords system no longer can be relied upon. Worse still, unless you have some mechanism to limit the rate at which guesses can be tested, you suffer a dangerous false sense of security.

Hence the move to using cryptographically more expensive hashing/encryption so that even with GPU power, the rate of tests is kept slow and expensive.

(Websites can limit the number and rate of attempts for a web connection. Hence, in that respect it doesn't matter what encryption if any is used internally provided the web connection is strongly encrypted for communicating the password details. However, once a passwords list has been lifted, whatever crackers having the list on their own machine they can then work to discover the passwords as fast as they can... Also, there are still many websites that use no encryption at all for their web connections, not even for passwords!)


Meanwhile in the poorly secured real web world, that's all no reassurance at all! (How many websites have your credit/debit card details?)

IT is what we make it...
Martin


This is going Off-Topic... Further discussion over on "NSA collecting phone records of millions of Americans daily - revealed"

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Google has already issued updates to prevent attackers from using the exploits to tamper with legitimate apps found in the official Play Marketplace. The company has also released updates to handset manufacturers and carriers. But given the track record of millions of Android phones that never, or only rarely, receive updates to patch dangerous security vulnerabilities, it's a fair bet that many handsets will remain vulnerable. Readers are strongly encouraged to obtain apps only from the Google Play marketplace and to think long and hard before changing default settings preventing the "side loading" of apps from alternative sources.

http://arstechnica.com/security/2013/07/first-malicious-apps-to-exploit-critical-android-bug-found-in-the-wild/

A brief snippet possibly of interest for those who wish for the familiarity of Windows but without various of the pitfalls:


First look at Zorin OS 7 "Lite"

Running a Linux-based operating system can be a wonderful experience. Linux distributions have relatively few security problems, are typically stable and are set up to have convenient access to massive amounts of gratis software. Perhaps I'm preaching to the choir here, but I feel Linux distributions offer some of the best desktop solutions available today. The problem, as I see it, is that many people either aren't aware that Linux-based solutions exist or are not comfortable transitioning from their current desktop operating system to something different. I understand the transition can be a difficult one, I made it myself and it wasn't entirely smooth -- there was definitely a learning curve going from Windows to Slackware. Fortunately there are developers out there who recognize that a lack of familiarity is one of the big hurdles to entering the Linux community and they have tackled the task of making Linux distributions that will be feel familiar to new users. One of these distributions is Zorin OS.

Zorin is a project which attempts to bridge the divide between the Windows world and Linux desktop distributions. It does this by...



IT is what we make it...
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

I understand the transition can be a difficult one, I made it myself and it wasn't entirely smooth -- there was definitely a learning curve going from Windows to Slackware. Fortunately there are developers out there who recognize that a lack of familiarity is one of the big hurdles to entering the Linux community and they have tackled the task of making Linux distributions that will be feel familiar to new users. One of these distributions is Zorin OS.

My problem still is the fact that I have my handy Windows apps that work well in Windows. Particularly with games, finding Linux alternatives or Linux support is practically nill and searching online forums is a PITA to put it nicely. I've tried to get my apps to run with WINE and PlayOnLinux but only met with failure. I shouldn't have to try hard to get my apps to run, particularly when I'm switching from an environment which they do simply run and they run well.

I still fail to see the benefits of switching (as a desktop OS anyway, but I do enjoy my Android OS phone), and dual-booting makes even less sense when I'm happy with the way things are in Windows.

This is the uphill battle that Linux evangelists refuse to acknowledge. When I tell any Linux guru these points, they either attempt to argue that Linux is superior and I just don't know it because "I'm not familiar with it" or "I'm just too engrained in the Windows environment to know of a better solution", but both arguments fail to acknowledge perception. Those suggestions are somewhat offensive to even suggest without considering what a user has to go through just to make the switch.


TL;DR People will switch when the pain of staying the same is greater than the pain of switching. Trying to tell them that they're experiencing pain when they do not share that perception is not a proper sell. This seems to be the main caveat that Linux pushers don't seem to understand. It isn't about marketing, its about a smooth experience and a need to switch.

Myself personally, I very much prefer the rants from Linus than suffer mediocrity in the kernel.

Is it an "either/or" proposition?

Yes, I think so.


It's utterly amazing the half-hearted rushed crap that you can get foisted with unless the sender knows that they will get some suitable feedback/comeback.

It's all a question of whether you have time available for others to waste your time fixing their problems for them.

[...]

Those hiding behind proprietary secrecy are just not used to working with their work being so naked to peer review. You learn very quickly to learn and care to be good with your code. You also get helpful help to learn quickly. That encourages good passion for good development. ...

A very good summary and good comment has been given over on LWN.net as the dust steadily settles:

On kernel mailing list behavior

As has been widely reported, the topic of conduct on kernel-related mailing lists has, itself, been the topic of a heated discussion on the linux-kernel mailing list. While numerous development communities have established codes of conduct over the years, the kernel has never followed suit. Might that situation be about to change? ...

What was said

The setting was an extensive discussion on policies for the management of the stable kernel series and, in particular, the selection of patches for stable updates. It was an interesting discussion in its own right (which will be covered here separately), and it was generally polite. Even so, there came a point where Sarah Sharp couldn't take it anymore: ...

... So efforts like Sarah's to make things better should be welcomed; they deserve full consideration on the part of the community's leaders. But this kind of effort will be working against some constraints that make this kind of social engineering harder.

One of them is that the kernel absolutely depends on the community's unwillingness to accept substandard code. ...

... So it must be possible for developers to speak out against code that they see as being unsuitable for merging into the kernel. And the sad fact is that, sometimes, this message must be conveyed forcefully. Some developers are either unwilling to listen or they fail to receive the full message; as Rusty Russell put it:

You have to be harsh with code: People mistake politeness for uncertainty. Whenever I said 'I prefer if you XYZ' some proportion didn't realize I meant 'Don't argue unless you have new facts: do XYZ or go away.' This wastes my time, so I started being explicit.

The size of the community, the fact that some developers are unwilling to toss aside code they have put a lot of time into, and pressure from employers can all lead to a refusal to hear the message and, as a consequence, [there is] the need to be explicit. ...


Also, each community does evolve to have a 'unique' way with words for that group that can be alien or be seen to be hostile to those not familiar with the group. All the old game of jargon?


IT is what we make it,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)

Linux brings tears to Steve Ballmer's eyes?


Microsoft pledges Linux boost for Windows Server and Center R2 duo

Oh, the things we'll do to be your cloud partner

Microsoft has vowed Windows Server 2012 R2 and System Center 2012 R2 will be the “best” platform for running Linux in the cloud.

Microsoft shops departing from the faith and running Linux will get a “consistent” experience on a par with its beloved Windows, Redmond promised.

The software giant made the pledge to persuade cloud-building Linux lovers to use Windows and Hyper-V, rather than go all in on Linux with Canonical or host Linux using VMware. ...

... Elsewhere, the blog rehashed past work that the Microsoft’s Server and Tools team has done to improve the performance of open-source software, such as supporting the PHP on Windows project and working with the Linux community on Hyper-V drivers.

OK, you can't be loyal. But can you sit down and talk to us?

Support for Linux and open-source Windows server and management suites has been a long path for Microsoft, a path it started down reluctantly but has become realistic about needing to complete.

From the late nineties to the start of the 2000s, Microsoft campaigned vigorously against Linux and open source, with a “get the facts” campaign that lobbed TCO and a fair amount of FUD at the growing competition. But customers didn’t respond - quite the contrary - loyal Windows shops started running Linux...

... The company's conversion started in 2005, with a demonstration of Red Hat Enterprise Advanced Server 3 running on Windows Virtual Server SP1 beta ... A jocular chief executive Steve Ballmer on hand during the MMS demmo remarked: “As much as that hurts my eyes, I know that's an important capability for the virtual server technology...


And the cutting comment is:

Oh really?

How to make money off Linux for Remondians:

1) Make Linux run as well on Hyper-V as Windows does.

2) Charge a licensing fee for each VM.

3) Wonder why no one is using Hyper-V to run Linux.




Perhaps that is why I avoid Windows servers like the plague wherever possible? (OK, so those anachronistic minimally few things also get relegated to their own very chatty 'insecure' LAN! :-( )

IT is what we make it,
Martin

---

See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)