Torvalds dubs security people insane
UBER geek Linus Torvalds is on track to win this year's Dr Spinola cudmugeon of the year award after dubbing people who disagreed with him as "wanking around".
Torvalds waded into the another handbags at dawn fight with security experts over the latest inclusion in the forthcoming 2.6.24 Linux kernal.
The plan is to merge a lump of code called Smack into the kernal which has upset those who view OS security as their number one focus in life.
They fear that Smack will mean that Linux will be locked into the LSM API and would prefer that SELinux would be the sole security architecture.
However Torvalds has put his paw down and said that LSM stays in. He added that "security people are insane" and he was tired of them saying "only my version is correct crap".
The big idea of adapting LSM was to get away from that point of view and he would have to merge AppArmor and SMACK just to get this "disease" off the table, he ranted.
Torvalds said the security people were acting like string theorists claiming that there was no other viable theory out there.
He added the discussion on security never got down to real numbers and is just "people wanking around with their opinions".
Read the full rant here. ยต
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
... Most security folks I know in IT are officious, callous, superstitious and incompetent control freaks: the Vogons of IT.

OTOH, developers tend to be self-absorbed, arrogant asses who are more than happy to slam crap buggy code into production.

Both are the bane of sysadmins.
Bullseye, Linus.
The only people more arrogant than the security guys are the jerks who manage to break into your stuff. Suddenly the security guys seem a lot more reasonable.
Honestly, I don't understand most of the details on the actual security systems being discussed here. But I *can* understand being locked into a frustrating system that is unreasonably hard to use, despite the benefits. Reviewing the thread, Linus speaks crystal clear common sense and still leaves a wide opening for hard data to initiate changes, rather than the current analogy and opinion.

I'm glad he's in the leadership position he's in.
Most people in the computer industry already know that "security people" are an insane bunch. You pretty much have to be. No sane person can possibly lock down every possible attack vector to a complicated system, as it requires a great amount of understanding of each attack vector and affected subsystem. 

Sane people of any discipline apply "best practices", which is synonymous with "I don't have the knowledge, resources, or ability to do this... so I'll use a bullet list I found on the internet". Security workers actually come close to having the maddeningly huge foundation to apply real security, and end up having to dumb it down into said checklists so that us normal people can get a good nights sleep.

Anytime you find a combination of perfectionist and apathetic qualities in the same place, you find insanity. Security encompasses this to the extreme.

Frank