No Next Item No Next Conference Can't Favor Can't Forget Item List Conference Home Entrance    Help
View Responses

Grex Systems Item 100: Linus Torvalds on OpenBSD
Entered by remmers on Thu Jul 17 14:18:15 UTC 2008: 

Ran across this today at
http://article.gmane.org/gmane.linux.kernel/706950

-----------------------------------------------------------------------
From: Linus Torvalds <torvalds <at> linux-foundation.org>
Subject: Re: [stable] Linux 2.6.25.10
Newsgroups: gmane.linux.kernel
Date: 2008-07-15 16:13:03 GMT (1 day, 21 hours and 12 minutes ago)

On Tue, 15 Jul 2008, Linus Torvalds wrote:
> 
> So as far as I'm concerned, "disclosing" is the fixing of the bug.
> It's the "look at the source" approach.

Btw, and you may not like this, since you are so focused on security,
one reason I refuse to bother with the whole security circus is that I
think it glorifies - and thus encourages - the wrong behavior.

It makes "heroes" out of security people, as if the people who don't
just fix normal bugs aren't as important.

In fact, all the boring normal bugs are _way_ more important, just
because there's a lot more of them. I don't think some spectacular
security hole should be glorified or cared about as being any more
"special" than a random spectacular crash due to bad locking.

Security people are often the black-and-white kind of people that I
can't stand. I think the OpenBSD crowd is a bunch of masturbating
monkeys, in that they make such a big deal about concentrating on
security to the point where they pretty much admit that nothing else
matters to them.

To me, security is important. But it's no less [sic] important than
everything *else* that is also important!

                        Linus
-----------------------------------------------------------------------

(I think Torvalds intended "more", not "less", in the last paragraph.)

7 responses total.


#1 of 7 by nharmon on Thu Jul 17 15:33:38 2008: 

Oh, were you the adding [sic], I thought maybe Linus added [sic] which
made me go, "WOAH, wtf???"

I actually feel performance bugs are the most important because without
performance you can't really have any of the rest.

#2 of 7 by remmers on Thu Jul 17 15:55:25 2008: 

Right, I added the "[sic]".

#3 of 7 by gull on Thu Jul 17 21:58:28 2008: 

I've run OpenBSD in the past, and I think they do some good work, but I
sure do steer a wide berth around all of the politics involved.  I kind
of agree that their focus is a bit too narrow.  When it comes to the BSD
world, I think FreeBSD is sort of the best of both worlds.  They're more
interested in supporting new hardware and improving performance, and the
fixes for security holes that the OpenBSD folks find usually get ported
over.

One thing to keep in mind when comparing the BSD security model to
Linux's, though, is that the various BSD distributions make no claims at
all about the security of anything that isn't in the base system.  They
don't do security notifications about problems in other software (the
"ports tree"); you're expected to keep track of those packages yourself.
 Linux distributions tend to take a more supervisory role where they
track the security status of everything they make available.

#4 of 7 by cross on Fri Jul 18 01:37:37 2008: 

[Interesting note: this is the 100th item in b/i/t/s....]

I'm not sure I really care about Linus's opinion, other than I mostly find
it annoying.  Mostly because I find him kind of annoying.  Mostly because I
find him about as arrogant as Theo Deraddt.  Which is pretty annoying.  The
guy wrote a kernel, that doesn't make him da Vinci.  But I digress....

The issue with security bugs is that they allow other people to influence
your system with malicious intent.  Thus, I disagree that they aren't more
important, because history has shown that there are people who can, and
will, exercise malicious intent and exploit those bugs to destroy or corrupt
your data.  That's bad.  Sure, it's bad when a buggy disk or application
crashes my machine, but there's nothing overtly malicious about it.

resp:3 I sort of disagree, as for a while, one of the BSDs (I think it
might have been OpenBSD) was releasing security advisories about ported
applications.  Maybe it was FreeBSD; I honestly cannot remember.  FreeBSD
certainly seems like the premier distribution in the BSD Unix world.

#5 of 7 by gull on Fri Jul 18 16:57:01 2008: 

Re resp:4: If FreeBSD does release them, I'd really like to know where
to find them, because that'd be extremely useful to me.  It's possible I
missed them.  They're not on the website's security advisories page, though.

#6 of 7 by arthurp on Wed Jan 7 06:31:04 2009: 

I inherited this freebsd mail server.  It seemed really slow so I got
and ran iozone.  It was able to produce something like 600 k bytes/ sec
sustained IO.  The same hardware in the adjacent rack slot running linux
and iozone was able to sustain about 55 M bytes/ sec.  So I migrated the
server functions and loaded linux to the freebsd hardware.  It was then
able to match the first linux system in performance.

To me a factor of 100 performance is a pretty important bug.  This
server was barely able to handle 5 simultaneous deliveries under qmail.
 Now it handles 50 simultaneous deliveries and acts like it is doing
zero.  Maybe freebsd should back off a notch on the security thing until
they get the basics working.

Other than things like that security is very important.  But then I'm
not a fair judge on that topic.  ;)

#7 of 7 by cross on Wed Jan 7 13:19:48 2009: 

FreeBSD aren't the security gestapo, that's OpenBSD.

My guess is that your performance problems were related to filesystem
configuration.  Most places see similar performance between FreeBSD or
Linux, with the former often outperforming the latter.

Response not possible - You must register and login before posting.

No Next Item No Next Conference Can't Favor Can't Forget Item List Conference Home Entrance    Help

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss