Author: Not specified Language: text
Description: Not specified Timestamp: 2017-06-24 16:54:10 +0000
View raw paste Reply
  1. Over several hours of conversation, Torvalds, 45, disputed suggestions that security is not important to him or to Linux, but he acknowledged being “at odds” with some security experts. His broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities — such as speed, flexibility and ease of use — in a series of inherently nuanced trade-offs. This is a pro­cess, Torvalds suggested, poorly understood by his critics.
  3. “The people who care most about this stuff are completely crazy. They are very black and white,” he said, speaking with a slight Nordic accent from his native Finland. “Security in itself is useless. .?.?. The upside is always somewhere else. The security is never the thing that you really care about.”
  5. When the interviewer asked whether Linux — designed in an era before hacking had become a major criminal enterprise, a tool of war and constant threat to the privacy of billions of people — was due for a security overhaul after 24 years, Torvalds replied, “You’re making sense, and you may even be right.”
  7. But what followed was a bracing example of why Torvalds said the interviewer was wrong: Imagine, Torvalds said, that terrorists exploited a flaw in the Linux kernel to cause a meltdown at a nuclear power plant, killing millions of people.
  9. “There is no way in hell the problem there is the kernel,” Torvalds said. “If you run a nuclear power plant that can kill millions of people, you don’t connect it to the Internet.”
  11. Or if you do, he continued, you build robust defenses such as firewalls and other protections beyond the operating system so that a bug in the Linux kernel is not enough to create a catastrophe.
  13. “If I have to worry about that kind of scenario happening,” Torvalds added with a wry grin, “I won’t get any work done.”
View raw paste Reply