Linus Torvalds has labeled makers of the OpenBSD operating system a "bunch of masturbating monkeys,"

[Smilin]

Linux creator Linus Torvalds has labeled makers of the OpenBSD operating system a "bunch of masturbating monkeys," as part of a wider critique of what he said was self-centered behavior in the IT security industry.

http://news.cnet.com/2100-1007...3900.html?tag=nefd.top

Oh man, that's rich. Funny funny stuff.

I'm going to disagree and say security bugs are more important that other bugs. I do however agree with him on every other point regarding how the security industry behaves. They can be pretty self serving.

The Monkeys thing is a classic though.

 

[Canterwood]

Originally posted by: Smilin

Linux creator Linus Torvalds has labeled makers of the OpenBSD operating system a "bunch of masturbating monkeys,"

He probably right. Geeks don't get laid much.

 

[Nothinman]

I'm also gonna have to disagree and say that security bugs are more important, but there's not just two classes of bugs either. There's a lot more than just "security" and "normal". But all of the glorification and such that happens around security bugs is a bad thing IMO.

And I like how they focus on the OpenBSD statement when a bit later in the thread he says "I refuse to have anything to even _do_ with organizations like vendor-sec that I think is a corrupt cluster-fuck of people who just want to cover their own ass." which is a lot more inflammatory...

 

[JDMnAR1]

Originally posted by: Nothinman
And I like how they focus on the OpenBSD statement when a bit later in the thread he says "I refuse to have anything to even _do_ with organizations like vendor-sec that I think is a corrupt cluster-fuck of people who just want to cover their own ass." which is a lot more inflammatory...

Well there he is just being derogatory towards people, in the first quote he is insulting people AND monkeys.

 

[Markbnj]

"Boring normal bugs are way more important, just because there's a lot more of them," wrote Torvalds. "I don't think some spectacular security hole should be glorified or cared about as being any more 'special' than a random spectacular crash due to bad locking," he said.

That's a startling statement to me. Of course some bugs are more critical than others. We need to debate that? A bug that allows a bunch of machines to be compromised is more deserving of quick attention than a bug that causes a button to display the wrong background bitmap when in the mouse_down state. Is it more critical than a random crash? Uh, yeah.

 

[Sylvanas]

Originally posted by: Markbnj

"Boring normal bugs are way more important, just because there's a lot more of them," wrote Torvalds. "I don't think some spectacular security hole should be glorified or cared about as being any more 'special' than a random spectacular crash due to bad locking," he said.

That's a startling statement to me. Of course some bugs are more critical than others. We need to debate that? A bug that allows a bunch of machines to be compromised is more deserving of quick attention than a bug that causes a button to display the wrong background bitmap when in the mouse_down state. Is it more critical than a random crash? Uh, yeah.

I think it is more the train of thought that if your computer is going to become inoperable, there are plenty of 'normal' bugs out there that will do that- yet if a 'security' related bug does that it is somehow more important. The fact is if you experience data loss it doesn't matter how it happened, the fact is it happened- and since there are plenty more 'normal' bugs going round these should get more attention.

Torvalds wrote that disclosing the bug itself was enough, without having to label each individual security flaw. He added that taking the bugs to the "security circus" level only glorified the wrong kind of behavior. "It makes heroes out of security people, as if the people who...fix normal bugs aren't as important," wrote Torvalds.

Agree with this.

 

[Aluvus]

Originally posted by: Sylvanas

The fact is if you experience data loss it doesn't matter how it happened, the fact is it happened- and since there are plenty more 'normal' bugs going round these should get more attention.

I would submit to you that having your personal data disappear into the ether where no one can get to it is not the same as having your personal data disappear into the hands of a crime syndicate.


The basic point he is getting at (that non-security bugs, due to their volume, also need attention) has merit, but would do better without the sound-bites.