Linked by Thom Holwerda on Tue 22nd Sep 2009 15:34 UTC, submitted by google_ninja
During the roundtable discussion at LinuxCon this year, Linus Torvalds made some pretty harsh remarks about the current state of the Linux kernel, calling it "huge and bloated", and that there is no plan in sight to solve the problem. At the same time, he also explained that he is very happy with the current development process of the kernel, and that his job has become much easier.
Thread beginning with comment 385671
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[6]: Theo de Raadt told it 5 years ago
by Francis Kuntz on Wed 23rd Sep 2009 11:30
in reply to "RE[5]: Theo de Raadt told it 5 years ago"
Member since:2006-09-23
Security, you mean the absence of a mandatory access control framework? Or even not a standardized kernel authorization framework like Linux and NetBSD (kauth) have had for years? I am a whole lot happier to use my webserver in a sandboxed SELinux or AppArmor environment, than on OpenBSD.
You know, security is not only about disabling every service in the default install and doing a proper audit. Those things help, but other UNIXes have far more preventive security measures. And companies like Red Hat have been pushing the envelope a lot.
Yes, thats why OpenBSD is used at Defcon for the network infrastructure, it's because Linux and NetBSD are so more secure ...
You can put all security features you want like MAC, if your os is full of security holes, it won't change anything. Anyway features like MAC are usually so hard to put in place that they are never used.
OpenBSD implement things that make the OS less vulnerable for attack by design.
You know, security is not only about adding some new crazy new security features that nobody use. Those things *can* help, but OpenBSD have far more preventive security measures like auditing, W^X, modified malloc, network stack using randomization, ProPolice etc. And project like OpenBSD and its security gurus have been pushing the envelope a lot.
Some reading for you http://kerneltrap.org/OpenBSD/SELinux_vs_OpenBSDs_Default_Security
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-11-18
Security, you mean the absence of a mandatory access control framework? Or even not a standardized kernel authorization framework like Linux and NetBSD (kauth) have had for years? I am a whole lot happier to use my webserver in a sandboxed SELinux or AppArmor environment, than on OpenBSD.
You know, security is not only about disabling every service in the default install and doing a proper audit. Those things help, but other UNIXes have far more preventive security measures. And companies like Red Hat have been pushing the envelope a lot.