Linked by Thom Holwerda on Thu 11th Jul 2013 21:35 UTC
Microsoft Documents released by Snowden show the extent to which Microsoft helped the NSA and other security agencies in the US. "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal; The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail; The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide; [...] Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio; Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport'." Wow. Just wow.
Thread beginning with comment 566964
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Now we know what happend.
by Valhalla on Fri 12th Jul 2013 21:46 UTC in reply to "RE: Now we know what happend."
Valhalla
Member since:
2006-01-24


There is no way you can keep up and audit all changes

Only code that is actually a candidate to make it into the kernel needs to be audited, are you saying code gets merged into a mainline release without being audited? Show me some proof.

HP spends millions of USD to keep up with the device drivers, because Linux upgrades frequently breaks the drivers.

Citation needed.


OpenBSD seems to be much rigorous with the code review and audit.

No argument here, OpenBSD is the most security oriented operating system I can think of, of course it leads to drawbacks like being very slowly developed.

Also OpenBSD's focus on security above (pretty much) all else doesn't mean that Linux has 'bad' security in any way.

Linux has a chaotic development process and all code is not reviewed nor understood, which makes Linux a haven for NSA and other malicious users.

Bullshit, how is Linux development chaotic?

People/companies submit code, code is audited by the maintainer/maintainers of the specific subsystem the code belongs to, then if it passes their audit it's put in staging where it will go through testing and more eyeballs as at this stage it's actually a candidate for mainline.

Then when the subsystem maintainer feels the code is mature enough he/she waits for the merge window to open and then sends a pull request to Linus.

Linus then has the final say on whether or not it will make it into the merge window, if it does it will go through further testing during the merge window, and if it passes it will finally make it into a mainline release.

How is this a chaotic development process?


“You know what I found? Right in the kernel, in the heart of the operating system, I found a developer’s comment that said, ‘Does this belong here?’ “Lok says. “What kind of confidence does that inspire? Right then I knew it was time to switch.”

This proves that Linux developers does not review all code, nor understand what the code does.

A 2005 quote from some 'Lok' about a comment he found in the Linux source code, without any context whatsoever as to what the comment even related to is something you claim to be proof of Linux developers not reviewing or understanding the code? Your trolling seems to know no bounds.

Now that you seem to have given up championing Solaris you've instead embarked on a anti-Linux crusade, I guess I shouldn't be surprised.

Du borde hitta något konstruktivare att tillbringa din tid med, istället för att hata och attackera Linux, varför inte fokusera på att lyfta fram egenskaper hos de operativsystem du gillar? Har aldrig förstått mig på din typ av beteende.

It is wildly chaotic with lots of contributions from everywhere, including from NSA.

How is getting code contributions chaotic?

These contributions, if they make it into the kernel mainline release at all, only make it in once they've been audited and tested.


http://www.kerneltrap.org/Linux/Active_Merge_Windows
"The [linux source code] tree breaks every day, and it's becomming an extremely non-fun environment to work in.
We need to slow down the merging, we need to review things more, we need people to test their f--king changes!"

You dig up a 5 year old e-mail where a developer states that they need to slow down the amount of merging during the merge window or make the merge window longer as proof of what exactly?

That five years ago they had a dialogue about the amount of code which should be merged during a merge window?

Reply Parent Score: 5

Kebabbert Member since:
2007-07-27

" There is no way you can keep up and audit all changes
Only code that is actually a candidate to make it into the kernel needs to be audited, are you saying code gets merged into a mainline release without being audited? Show me some proof. "
I am saying that the code audit and review process is crippled because of the high code turn over. No one can keep up with those amounts of new code that gets incorportaed in Linux. I showed you proof in the links. For instance, the last link says "we need to review things more". Read it.




"HP spends millions of USD to keep up with the device drivers, because Linux upgrades frequently breaks the drivers.
Citation needed. "
http://www.osnews.com/permalink?561866
http://www.osnews.com/permalink?561858
But this should not come as a surprise. You know that Linux upgrades breaks software and device drivers. You have experienced it yourself, if you have used Linux for some time.


" OpenBSD seems to be much rigorous with the code review and audit.
No argument here, OpenBSD is the most security oriented operating system I can think of, of course it leads to drawbacks like being very slowly developed. Also OpenBSD's focus on security above (pretty much) all else doesn't mean that Linux has 'bad' security in any way. "
I am not saying that Linux has bad security, I am saying that Linux has some problems in the code review and audit process. Just read my links. Much code gets accepted without anyone knowing what it really does. For instance, the link with "Does this belong here?"



"Linux has a chaotic development process and all code is not reviewed nor understood, which makes Linux a haven for NSA and other malicious users.
Bullshit, how is Linux development chaotic? "
Maybe "chaotic" was not the correct word. But fact is that the code review process is too sloppy, just read the links to Linux devs who complain that they need to review things more. So much Linux code gets accepted from anyone that no one can review all the new code. Just read my links.



" “You know what I found? Right in the kernel, in the heart of the operating system, I found a developer’s comment that said, ‘Does this belong here?’ “Lok says. “What kind of confidence does that inspire? Right then I knew it was time to switch.” This proves that Linux developers does not review all code, nor understand what the code does.
A 2005 quote from some 'Lok' about a comment he found in the Linux source code, without any context whatsoever as to what the comment even related to is something you claim to be proof of Linux developers not reviewing or understanding the code? "
I doubt OpenBSD devs does accept that much code that they dont know what all code does. This link is an example of Linux devs accepting code that they dont know what it does. It does not give confidence to the Linux code review process, does it?


Your trolling seems to know no bounds. Now that you seem to have given up championing Solaris you've instead embarked on a anti-Linux crusade, I guess I shouldn't be surprised.

-I have not given up Solaris. The thing is, when we talk about security then OpenBSD has the best reputation, so I advocate OpenBSD.
-When we talk about innovative Unix, I advocate Solaris because it is best (everybody talks about ZFS (BTRFS), DTrace (Systemtap), SMF (systemd), Crossbow (openVswitch), Containers (Linux has copied this as well), etc. Linux has copied everything that Solaris has.
-And if we talk about stable OSes, then I advocate OpenVMS (OpenVMS clusters are brutal, and best in the world, with uptime surpassing Mainframes, measuring in decades).
-When we talk about innovative OS, I advocate Plan9 (my favourite OS).
-Best realtime Unix, I advocate QNX.
etc

Maybe you missed all my posts where I say that compared to OpenVMS, all Unix are unstable and can not compare? It seems that you believe I claim Solaris is best in every way? Secure, uptime, performance, realtime, etc? Well I dont. Solaris is the most innovative Unix, that is a fact (everybody tries to mimic Solaris - why if Solaris is bad?).

The thing is, Linux supporters believe Linux is best in every way, when in fact, it is terrible. It has bad scalability (show me any 32 cpu Linux servers for sale? There are none for sale, because Linux does not scale to 32 cpus), Linux has bad stability, it has bad security, The code is bad (according to Linux kernel devs, I can show you numerous links on this), etc

I would have no problems with Linux being bad, if Linux did not attack everyone, including OpenBSD (m*sturbating monkeys because they focus on security), Solairs (wished it was dead), etc. So my question is to you: why are you attacking everybody and every OS? Why not leave them be? Then we would not have to defend ourself. It is Linus Torvlads who has attitude problems with his big Ego, and he attacks everyone, including his own developers. Are you surprised other OS supporters gets upset when they are attacked? Why?



How is getting code contributions chaotic? These contributions, if they make it into the kernel mainline release at all, only make it in once they've been audited and tested.

But no one has time to audit everything. Just read my links "we need to review more". It is too much code accepted all the time. Too much is rewritten all the time. I have many links to Linux kernel devs, where they say that the Linux code quality is not good, and bad. You want to read all my links? I can post them for you if you wish.

Sure some links are a few years old, but I doubt the process is better today, because Linux is larger than ever and more bloated and more code than ever gets accepted every day. In the earlier days, less code was accepted. Today too much code is accepted, which no one has time to review thoroughly, so the review process is worse today.

Reply Parent Score: 1

Valhalla Member since:
2006-01-24

No one can keep up with those amounts of new code that gets incorportaed in Linux. I showed you proof in the links. For instance, the last link says "we need to review things more". Read it.

A link from 5 years ago where a developer says that they need to review code more before it enters the merge window so as to minimize the breakage that occurs during the merge window does NOT mean that code gets incorporated into Linux without review.

It's proof of absolutely nothing of the sort.

Code that breaks during the merge window is either reviewed and fixed or it doesn't make it into a mainline release at all, so your bullshit about untested code getting into mainline is just that, bullshit.


But this should not come as a surprise. You know that Linux upgrades breaks software and device drivers. You have experienced it yourself, if you have used Linux for some time.

Your links doesn't show one shred of fact to support your claim of HP spending millions of us dollars to keep up with drivers due to linux changes.

All you've done is link to well known linux hater bassbeast/hairyfeet's unsubstantiated attacks on Linux with nothing to back it up.

I've used Linux as my day-to-day OS for 6 years now, most of that time on a bleeding edge distro (Arch) and I've had to downgrade the kernel twice in those 6 years, once because of a unstable network driver during a large network rewrite, and once when I had just recently switched to Nouveau, where it became unstable against a new kernel upgrade.

I also had my Wacom Bamboo functionality fail with an upgrade of the xf86-input-wacom package which led me to downgrade said package while waiting for a fix.

That's three problems where I had to downgrade in 6 years, and these where all fixed within one to two weeks and allow me to upgrade with full funcitonality/stability.

Again this is on a bleeding edge distro, stable distros won't use the bleeding edge packages, they will wait until they've gone through lots of more testing and regression/bug fixing. So if I'd been using a stable distro I wouldn't have been bitten by any of the above.

So no, if you actually used Linux for 'some time' you'd know that the whole 'kernel upgrades continously crash drivers' is nonsense coming from people who doesn't even use Linux, just like you.

Not even proprietary drivers are a problem in practice, as while they do break between kernel upgrades, the proprietary hardware vendors like NVidia and AMD continously recompile their drivers against the new kernel versions.

Just read my links. Much code gets accepted without anyone knowing what it really does. For instance, the link with "Does this belong here?"

Stop lying, you have shown absolutely zero evidence of any code being accepted without anyone 'knowing what it really does', it's nothing but your own fabrication.

The link with 'does this belong here' means absolutely nothing, there's no context whatsoever, you'll find questions like this in any large code base where many developers collaborates, one developer new to a part of code questions a piece of code or a function and other developers who know the code responds.

You trying to pose this unsubstantiated quote by some guy named 'Lok' as some proof of 'code getting accepted without anyone knowing what it really does' only shows how desperate you are to downright lie in order to push your agenda.

But fact is that the code review process is too sloppy, just read the links to Linux devs who complain that they need to review things more.

You've shown no fact to support your claims at all, developers complaining that code needs more review before it enters certain stages doesn't mean that any unreviewed or sloppily reviewed code ever gets into the linux mainline releases. And there's ALWAYS going to be complaints about 'more code review' in ALL large projects, it proves nothing except.


So much Linux code gets accepted from anyone that no one can review all the new code. Just read my links.

I've read your links, they say nothing of the sort. Any code that gets into Linux mainline release will have had extensive review and bug/regression tests during several stages. Stop lying.

The thing is, Linux supporters believe Linux is best in every way,

I'm a Linux supporter and I certainly don't claim it is best in 'every way', as an example I prefer Haiku OS for desktop purposes.

when in fact, it is terrible.


Linux has bad stability, it has bad security, The code is bad (according to Linux kernel devs, I can show you numerous links on this), etc

More links? More quotes from a mailing list post 5 years ago where a developer is unhappy with some part of the development?

Bad stability and security? Based upon what? Compared to what?

If Linux was anywhere near as 'bad' as you try to portray it, it would have been abandoned ages ago instead of being used practically everywhere. You've offered nothing even remotely fact-like to support your claims. It's dominating supercomputers and HPC, it's vastly used in everything from mobile to fridges to servers to desktops to embedded. It did not get there by being bad at stability and or security.

That doesn't mean that it's the best in all these areas, but it sure as hell isn't 'terrible' in any of them.

So my question is to you: why are you attacking everybody and every OS? Why not leave them be?

What? Where am I attacking everybody and every OS, I'm not attacking ANY OS, you on the other hand are.

Then we would not have to defend ourself.

You are attacking Linux because you are angry at Linus for saying bad things about your favourite OS'es, this pretty much explains your mentality and how you can resort to such desperate fabrications.

I don't agree with Linus statements on OpenBSD and Solaris, but I don't use Linux because I adore Linus, I use Linux because it works for me.

Unlike you however, I don't hate Solaris just because a Solaris-fanboy like you attack Linux. That's just crazy, which sadly seems to apply to you.

But no one has time to audit everything. Just read my links "we need to review more".

Again stop lying, saying they need to review more doesn't mean the code that actually gets into linux mainline releases isn't properly reviewed. The link you posted was a 5 year old post where a developer wanted better reviewed code before it enters the merge window to minimize merge window breakage, the code in question won't make it into mainline release until it actually has been properly reviewed.

In the earlier days, less code was accepted. Today too much code is accepted, which no one has time to review thoroughly, so the review process is worse today.

You fail to understand (or more likely you simply ignore in order to perpetuate your lies) that just because code is accepted to the Linux project it doesn't mean that it ever makes it into mainline releases. And if it does, it does so after having gone through several stages, each with testing and review.

Reply Parent Score: 5