[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20210427145347.00003846@tesio.it>
Date: Tue, 27 Apr 2021 14:53:47 +0200
From: Giacomo Tesio <giacomo@...io.it>
To: Kangjie Lu <kjlu@....edu>
Cc: open list <linux-kernel@...r.kernel.org>,
Qiushi Wu <wu000273@....edu>, Aditya Pakki <pakki001@....edu>
Subject: Re: An open letter to the Linux community
"Damn kids, they're all alike"
http://phrack.org/issues/7/3.html
Dear Kangjie Lu, Qiushi Wu, and Aditya Pakki,
Since nobody is doing so, I want to thank you for your hacks.
All the livor and drama that followed your research proves that
the Linux Foundation failed to learn the lessons of Heartbleed.
At the end of the day, this is a valuable discovery for all of us.
You are the kids laughing loud that "the emperor has no clothes".
More precisely, that the emperor STILL has no clothes.
Ten year later.
The corporations behind the Linux kernel didn't take it well
(you wasted their time and money! you outsmarted them! how dare!),
but the hypocrisy in your commits is not the one you revealed.
Pretending that such kind of attack didn't succeded before,
pretending that the problem is you, is way worse.
I've read that
> The Linux Foundation's Technical Advisory Board submitted a letter
> on Friday to your University outlining the specific actions which
> need to happen in order for your group, and your University, to
> be able to work to regain the trust of the Linux kernel community.
But any programmer with a grain of salt, knows that they are just
tring to distract everybody from their own operational failures.
They blame you and your University just to avoid to be held accountable.
It's neither you nor your University that need to regain trust.
It's not you that proved to not deserve it.
Your crime is that of curiosity.
How sad it is to see a project born "just for fun", turned into this!
But since I care more about cyber-security than about OSS marketing,
I thank you for what you did. I hope that more of such kind of hacks
and experiments will happen in the future, both in the Linux Kernel
and in many other projects.
All without ANYBODY aware of them, because otherwise they would
prevent such epic failures to be discovered and publicly exposed,
again and again.
What you did was not just ethical, but noble and brave.
Thanks.
Giacomo
Powered by blists - more mailing lists