[conspire] (forw) Re: linux & viruses

Rick Moen rick at linuxmafia.com
Sun Jun 29 21:58:49 PDT 2003


In a markedly better mood!

----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----

Date: Sun, 29 Jun 2003 21:55:18 -0700
From: Rick Moen <rick at linuxmafia.com>
To: [same guy]
Subject: Re: linux & viruses

Quoting [name snipped]:

> Seriously, though, if you say something meaningful, people will react
> to it.

Honestly, I appreciate it.  If I've merely given people pause to think,
them not only done so but (as you have) have taken significant time to
send feedback, that is flattering and gratifying.

I'm less exhausted (and much less grouchy) than I was during the many long
hours when I wrote my earlier mail to you.  Apologies for having been
intemperate.

What I've considered doing is putting a section at the bottom of my "rants" 
page for links to any _dissenting_ essays people want to post to their own 
Web pages.

> If you are writing without intent to persuade and without desire for
> response, then for what purpose do you write? 

By asking this question, you're obliging me to repeat myself, since I've 
already explained the matter with what I thought was crystal clarity.
Moreover, the sentence at the very top of the page hints strongly at it:

   Economy of expression is a good thing. So, rather than have to repeat
   myself continually, I'm posting my top rants here, for ready reference. 

In any event, I will explain for the second time:

Occasionally, I will get really tired of going over some topic ad
nauseum on mailing lists or newsgroups, e.g. djbware licensing.
Sometimes but not always, it will be a topic considered noxious on such
fora, either because it's just too frequent with too low a S/N ratio
(e.g, "What's the best Linux distribution?") or because it tends to
cause flamewars (e.g., Reply-To munging).  In some cases, there is a
non-controversial but long and complex or tedious answer (e.g., "What
options are available for non-destructive repartitioning?").  In any
event, it will be a subject I want to "do" one more time as exhaustively
as I can manage, and store my answer for ready reference if/when it
comes up again.

In such cases, I write a draft answer, stating my perspective and trying
to cover all relevant angles likely to come up.  My aim is to leave
interested readers understanding my viewpoint clearly.  Then, I try to
rewrite it repeatedly, to refine and strengthen it, and eliminate
ambiguities, until it's good enough that I think it's my final word.

Why?  1.  To avoid getting sucked into a now-wearisome topic yet again.
2.  To revive the art of expository writing, which in the USA has been
tainted by advertising:  The reader has been conditioned to expect 
coaxing, flattery, persuasion.  By habit, he sets his mind to resist
being "sold" someone else's viewpoint.  (After all, why would the other
person be spending time if not to sell a product, a religion, a
political party, a philosophy?)

I therefore consider it refreshing to post writing that tries to cover a
viewpoint comprehensively but with a strong flavour of take it or leave
it.  If that's so uncommon in people's lives that it throws them
off-balance, then good.  It's about time, frankly.

> You surely undermine your intentions to make opinionated people "go
> away" by posting your opinions.

I don't want them to go away.  I just am tired of being subjected to
certain topics.  Haven't you ever gotten sick of a subject, but
considered it sufficiently interesting to cover it one more time, to
attempt to "do" it definitively so you can refer people to that in the
future?  If not, well, now you've met someone who does.

> Probably the best way to avoid communications from opinionated
> people....

I can't help noticing that you've changed the subject.  (I nowhere
indicated that I wished to "avoid communications from opinionated
people, and that rather lunatic characterisation has nothing to do with
my essays.)  Furthermore, it's extremely likely you're aware of this --
which leaves me wondering why the frell you tried it.

> So I'm baffled that someone who wants to be left in peace...

I didn't say I "want to be left in peace".  I just don't care to
re-argue tiresome topics that I have said my final word about (unless
someone actually defies my expectations and tells me something new about
them).

> ...would post so many strong opinions on his website. 

See, calling my rants "opinions" comes across as the usual sort of
California intellectual laziness.  I refer to them as "views":  It's not
my job to be a frelling encyclopaedia for random Net users, parceling
out reality into item A here is a fact, versus item B there that is an
opinion.  It's the _reader's_ job to decide what he encounters is
objective declarations (and of those, which have merit and which do
not), and what is debatable (and to what degree).

> It just doesn't follow. 

I'm sorry to hear about your sense of logic, then.  ;->

> As to the specific issues of Linux viruses, I'll be brief, since you 
> (clearly) aren't too thrilled about having an in-depth discussion.

I'm sorry, but, unless you have something _new_ to say, I'm not
interested.  

I've just read everything you wrote below the above, and -- except as
noted below -- all of it strikes me as either addressed in my essays or
rendered irrelevant by points within them.  (E.g., lack of contact with
the community ignores the point that the community's philosophy gets
strongly embedded _in_ the technology through the mutual reinforcement I
referred to earlier, e.g., all of the many ways the system makes it
non-trivial for novices to shoot themselves in the foot, goads them to
applying security fixes semi-automatically, etc.)

> You could have a short, sweet executive summary: "If you keep your
> system up-to-date, don't use insecure server programs (like sendmail,
> bind8, or wu-ftpd), and only log in as root when you need to, your
> system is safe....

It's not a security tutorial.  It's an essay expressing my view about
Linux viruses.

Furthermore, I _do_ have an "executive summary" [bleah!]:  I have the
short answer, long answer format I often favour for long Q & A pieces.

> Having it be one huge, slow-loading page neither takes advantages of 
> hyperlinking above-cited, nor does it respect the vast majority of 
> Internet users on narrowband links. Just my $0.02.

Yes, I know.  It _started out_ small.  It got huge gradually.
I have a plan for how to divide it up and improve access to the
contents.  I just haven't done it yet.

> You keep on mentioning stat(2) where I think you mean to say file(1). 

It looked to me like file(1) calls stat(2) to retrieve the "magic" data,
when I skimmed the former's manpage while composing the mail.  But I was
really, really tired.  

> And yes, doing a bytewise inspection of a file is a very safe way to 
> determine its contents, if not very useful for the majority of folks, who 
> would have a very hard time telling an MP3 from a JPG. :) 

So, Don't Do That, Then.  You use _software_ to determine file type.

> file(1) seems a reasonable compromise, if this is indeed what you
> actually meant to say.
 
Basically that _is_ what I said.  file(1) or equivalent.

> You return again to your philosophy of "people will get burned a few
> times and then they'll learn" without recognizing that a hacked system
> harms many more people than just the person whose box got hacked.

Not relevant to the discussion.  To quote
http://linuxmafia.com/~rick/faq/#virus2 :

   It is simply not possible to create and run a piece of software
   sophisticated enough to prevent a root user from running scripts, system
   commands, interpreted programs, or any of myriad non-virus executables
   having destructive potential equal to or greater than that of any virus.
   Further, such a program would be hostile to the very idea of a root
   account, which is by design supposed to be able to carry out any
   possible action on the system.

   (And, by the way, what's going to protect you from subverted or just
   dangerously defective virus checkers, themselves wielding root
   authority? Hmm?) 

I'm not saying that I either approve or disapprove of people learning
from getting burned.  I'm merely saying that it happens, and that there
are no third alternatives to either learning to do it right or learning
from the _results_ of doing it wrong.

Clue:  That is not an "opinion".  That is observed fact.

> My point is that naive users will be exposing YOU to increased risk 
> and threat of damage / harrassment. 

1.  Don't try to teach your grandmother to suck eggs.  
    http://linuxmafia.com/~rick/essays/attacking-linux.html

2.  So what?  That has no bearing whatsoever on the merit of my virus
    essay.

> Your point is that people will get burned and will learn how to set up
> more secure boxes.

Actually, I did not say that.  I said:

   ...sysadmins resistant to learning this message via such avenues
   inevitably learn it the hard way, by destroying or crippling their
   systems repeatedly -- until they learn.

For all I know, some of these people may require _geologic time_ to
learn.  I didn't mean to imply that everyone is educable.  Honestly, do
I _really_ need to state so explicitly?  

I did _not_ state that slow learners are harmless to the rest of
humanity.  In your current e-mail, you appear to be assuming I did.
Honestly, do my essays need to disclaim what I'm _not_ saying, in
addition to clarifying what I _am_ saying?

> The point is generally that a single user, either acting maliciously or 
> via accidentally executing an insecure program, even as a user other than 
> root, could bring down most organizations. 

You asserted that LindowsOS makes this possible (under the mistaken
impression that LindowsOS inevitably does everything with root
authority).  It does not.

A user doesn't need LindowsOS to bring down a typical organisation's
computing infrastructure.  He doesn't need root authority.  He doesn't
need Linux or other Unixes, actually.  (Probably, he strictly speaking
wouldn't really need a computer.)

So, you would seem to have no point here relevant to my virus essays.

> (Incidentally, you claim me to be new to the scene, but I've been using 
> Linux since 1994.)

I did not say new to Linux.  Quoting:

   What, do you _actually_ think nobody's been thinking about this, and
   freakin' well thinking it over in great detail for decades, [name snipped]?  
   Because we have, and it merely seems like you're new to the party 
   and are presuming to raise alarms over _elementary_ aspects of
   matters we've been working hard on nailing down tight when you were 
   not paying attention.

I meant it _seems_ like you're new to serious contemplation of
prophylatic *ix security issues.  (This would not state as a claim of 
fact that you _are_ new to that topic, merely that you come across that
way.)

> Fuck you, Rick.

Well, OK.  I'm sorry I was a grouch.

> I guess you treat everyone who disagrees with you like that.

Not at all.  But after I go to extreme care to use all my powers of
expression to be extremely clear on a topic, and then see someone
misread what I wrote as carelessly as you did -- and then presume to
offhandedly lecture me as if *I* were not bothering to think carefully
is pretty galling.

And, for God's sake, man:  The page is called "Rick's Rants", and
there's a Dennis Miller quotation at the top!  Would you grab Miller by
the lapel on the sidewalk and tell _him_ that you disagreed with his
latest rant, as if this ought to be of keen interest to him?

Oh well.

-- 
Cheers,           find / -user your -name base -print | xargs chown us:us
Rick Moen
rick at linuxmafia.com

----- End forwarded message -----



More information about the conspire mailing list