lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.0.999.0710021410470.3579@woody.linux-foundation.org>
Date:	Tue, 2 Oct 2007 14:20:05 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Bill Davidsen <davidsen@....com>
cc:	Stephen Smalley <sds@...ho.nsa.gov>,
	James Morris <jmorris@...ei.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	casey@...aufler-ca.com, linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access
   Control Kernel



On Tue, 2 Oct 2007, Bill Davidsen wrote:
>
> And yet you can make the exact same case for schedulers as security, you can
> quantify the behavior, but if your only choice is A it doesn't help to know
> that B is better.

You snipped a key part of the argument. Namely:

  Another difference is that when it comes to schedulers, I feel like I
  actually can make an informed decision. Which means that I'm perfectly
  happy to just make that decision, and take the flak that I get for it. And
  I do (both decide, and get flak). That's my job.

which you seem to not have read or understood (neither did apparently 
anybody on slashdot).

> You say "performance" as if it had universal meaning.

Blah. Bogus and pointless argument removed.

When it comes to schedulers, "performance" *is* pretty damn well-defined, 
and has effectively universal meaning.

The arguments that "servers" have a different profile than "desktop" is 
pure and utter garbage, and is perpetuated by people who don't know what 
they are talking about. The whole notion of "server" and "desktop" 
scheduling being different is nothing but crap. 

I don't know who came up with it, or why people continue to feed the 
insane ideas. Why do people think that servers don't care about latency? 
Why do people believe that desktop doesn't have multiple processors or 
through-put intensive loads? Why are people continuing this *idiotic* 
scheduler discussion?

Really - not only is the whole "desktop scheduler" argument totally bogus 
to begin with (and only brought up by people who either don't know 
anything about it, or who just want to argue, regardless of whether the 
argumen is valid or not), quite frankly, when you say that it's the "same 
issue" as with security models, you're simply FULL OF SH*T.

The issue with LSM is that security people simply cannot even agree on the 
model. It has nothing to do with performance. It's about management, and 
it's about totally different models. Have you even *looked* at the 
differences between AppArmor and SELinux? Did you look at SMACK? They are 
all done by people who are interested in security, but have totally 
different notions of what "security" even *IS*ALL*ABOUT.

In contrast, anybody who claims that the CPU scheduler doesn't know what 
it's all about is just tripping. And anybody who claims that desktop 
workloads are so radically different from server workloads (or that the 
hardware is so different) is just totally out to lunch.

So next time, think five minutes before you start your argument.

			Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ