This series will be based on the news reports involving the OpenSourceInsecurity.pdf paper – On the Feasibility of Stealthily IntroducingVulnerabilities in Open-Source Software via Hypocrite Commits – published by two University of Minnesota students, Qiushi Wu and Kangjie Lu.
Am just a Linux Newbie blogger, so I can only imagine what went thru the Linux ‘Prima Donnas’ minds when they saw that –> “OpenSourceInsecurity.pdf” term (I have highlighted in the red rectangle).
I finally started noticing security issues with Linux after starting this blog, and eventually created the *Linux Security Issues* page to track them; however, the Linux security issues were too numerous to keep up with – without dedicating the entire blog to that subject. Had spent years believing the ‘Linux Lies’ that were falsely claiming that Linux is the most secure OS, e.g. “It’s safe and reliable” and requires “no antivirus, no anti-spyware” software:
That’s from Part VIII: Third Year Begins – Linux ‘n its “Holy Inquisition” post pointing to the Linux Mint fixes screensaver bypass discovered by two kids article.
Linux Mint’s ‘Grand Inquisitor’ Clement Lefebvre “Clem” (Overall project and development team leader) popped-a-fuse when he saw that article, and still hasn’t recovered. Clem is a BIG-TIME Linux ‘Prima Donna’ who has steadily promoted ‘Password Dependent’ users thru the annoying “Authenticate” popup or other ‘Pesky Passwords’ requirements forced onto a majority of Linux Distros.
How insecure is Linux and the Linux Kernel? Many main Distros have turned to Microsoft for help with security issues. Linux and the Linux Kernel are so insecure that major companies like Google, Amazon ‘n Microsoft had to create their own Linux versions to actually secure their projects and/or sites.
Without knowing everything involved in this news story on the GitHub’s ‘Da Paper’ I am still going to side with the two clearly innocent University of Minnesota students here. Linux has serious security issues, amongst many other ISSUES, and it’s time for The Linux Foundation, The Linux Kernel Archives, Greg Kroah-Hartman, etcetera etcetera etcetera to start recognizing them and/or stop “covering up security flaws” – under Security:
I personally consider security bugs to be just “normal bugs”. I don’t cover them up, but I also don’t have any reason what-so-ever to think it’s a good idea to track them and announce them as something special…one reason I refuse to bother with the whole security circus is that I think it glorifies—and thus encourages—the wrong behavior. It makes “heroes” out of security people, as if the people who don’t just fix normal bugs aren’t as important. In fact, all the boring normal bugs are way more important, just because there’s[sic] a lot more of them. I don’t think some spectacular security hole should be glorified or cared about as being any more “special” than a random spectacular crash due to bad locking.
That was a 2008 quote by Linus Torvalds. One thing I have noticed from Linux news writers over the past couple of years, is that they *ALWAYS* try cover for Linux and/or qualify their reports by adding that “kernel developers” have fixed the problem (after how long before spotting it?!?). Running a search on “linux security issues” will bring up new reports all the time. BTW, the infamous ‘Linux Hack’ Jack Wallen had this to say on what the two students did – University of Minnesota Researchers Tried to Poison the Linux Kernel.
- Note: If this series goes over 500 posts I may need to start a Page for them all… 😉 Update: Have added this new series to the *Linux Security Issues* page.
LINUX IS LIKE A BOX OF CHOCOLATES – you never know what you’re gonna get!