[Cryptography] Use Linux for its security
Jerry Leichter
leichter at lrw.com
Wed Sep 28 12:39:15 EDT 2016
>> Not.
>
> Everyone who complains about this situation should have asked himself:
> "When did I last donate my time and effort to essential code review?"
> (including efforts to reduce complexity).
>
>> "Critical and high-severity security bugs in the upstream kernel have lifespans from 3.3 to 6.4 years between commit and discovery."
>>
>
> And what are the alternatives? Use Apple for its security?
It's worth reading the talks and articles linked to from the article I referred to
(http://arstechnica.com/security/2016/09/linux-kernel-security-needs-fixing/). The fundamental criticism is that Linux is way behind the times: It's still trying to squish one security bug at a time, rather than using more modern techniques that close off entire classes of attacks, even if no specific ones have been identified; or like ASLR that make exploits much more difficult even if attacks are found. None of these is perfect, but they raise the bar. And ... Linus has explicitly rejected them, because they cost you raw performance.
There are people I trust who say that Microsoft and Windows today - not the Microsoft and Windows of many years back - is at the leading edge of software and OS security. While it's not a choice for anything other than Apple products, I'd trust an iOS-based "iOT" device over one based on Linux.
-- Jerry
More information about the cryptography
mailing list