[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: Is Linux creating a new breed of Hackers ?



Suvendra has posted some useful comments in the past.  So I am giving him
the benefit of the doubt by not classifying this post as a flame bait.

"Chakrabarti, Suvendra (CTS)" proclaimed:
> Before Linus and his team of hackers threw open the source of the kernel
> to the world, the kernel had always been a mystery, known only to a select
> group of people (Remember mode X and the game programmers efforts to
> keep it a secret ?). There had been a few books describing the kernel, and
> also some went on giving codes for a small working kernel. That's all.
> Nothing of anything as serious in nature as the Linux kernel.

Sorry.  You have your facts wrong.  I can name at least two kernels whose
source code was widely available: The original AT&T unix (there were even
books documenting the source code.  Lions Commentary, for example.  See
http://www.amazon.com/exec/obidos/ASIN/1573980137/ref=sim_books/002-6087848-5031444)
and BSD.

> Anyone with an active knowledge of C, and a good
> knowledge of Assembler, internals could easily manipulate the code, and
> hack it down. And of course find the bugs in the code which can be
> manipulated.

You also seem to be confused about the terms hack and crack.  

* Meaning of hack - http://www.tuxedo.org/~esr/jargon/html/entry/hack.html 
* Meaning of cracker -
http://www.tuxedo.org/~esr/jargon/html/entry/cracker.html


> If this manipulation is for gaining knowledge, and not harming any remote
> systems, it would do a hell lot of good to the Linux itself, which really
> it did. But few chose the other way, and well today Linux is the most
> hacked system, maybe in some cases causing harm.

I don't know what statistics you have to support your claim that Linux is
the most broken into system.

You are under the false belief that software whose source code is not
freely available is more secure.  This is termed as 'security by obscurity'
in the security consultants circle.  Years of experience has to shown that
security by obscurity does not work.  The more eyeballs you have looking at
your code, the faster bugs get isolated and fixed.

When the SYN cookie attack exploit was dicovered a couple of years ago
Linux was the first OS which fixed it.  The commercial OSes came out with a
patch in about a month or so.  That is a long time to wait for a fix to a
vulnerability.

Thaths
- -- 
"Don't go easy on each other just because you're brother and sister.  I
      want to see you both fighting for your parent's love." 
                     -- Homer J. Simpson
Sudhakar C13n http://people.netscape.com/thaths/ Lead Indentured Slave

- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/
The Linux India mailing list does not accept postings in HTML format.

------------------------------