56 comments

[ 3.3 ms ] story [ 1558 ms ] thread
Where and when were this interview conducted?
May 3 9PM according to the headline, it's very recent.
I thought that was when the copy was submitted, not the date of the interview.

It has to be fairly recent, since it talks of the upcoming anniversary and the site considered it newsworthy, but ...

Almost all browsers will show a warning about the certificate… Link without https : http://linuxfr.org/nodes/85904/comments/1230981
Off-topic, but does anyone know why browsers go crazy about self signed certs?

It's not as good as one signed by an ostensibly trusted CA, but it's strictly better than plain HTTP (no sniffing, harder MITM, etc) - so why not present it to the user the same way that plain HTTP is?

The conspiracy theorist in me wonders if trusted CAs 'lobby' browser vendors to make it so?

It's explained on the Wikipedia entry : http://en.wikipedia.org/wiki/Self-signed_certificate

Basically, self-signed certificates can't be revoked in case of a security breach.

There's an excellent resume of the discussion of the subject at Mozilla : http://www.gerv.net/security/self-signed-certs/

Any attack I can think of that exploits that fact would work at least as easily on plain HTTP. And there are a large class of attacks that work on plain HTTP but not with a self signed cert.

Can you think of any counter examples? (Note: I'm a security noob - so I'm asking out of sincere curiosity).

I don't think there is any doubt that even with a self-signed certificate, HTTPS is more secure than HTTP. At the least, it makes interception/sniffing/modification a bit harder. Security, after all, is about making attacks more difficult and costly.

Still there is good reason that browsers rub it in the users face when a site tries to use a self-signed certificate. The user has to be really really sure that this is expected (it is like the SSH "the remote host key has changed" warnings).

Maybe I'm missing your answer there ... You just say:

Still there is good reason that browsers rub it in the users face when a site tries to use a self-signed certificate

but I don't see where you say what that good reason is.

If a self-signed cert is more secure than plain HTTP, why make a self-signed cert more painful to use than plain HTTP?

Because with HTTP, there is no assumption of security at the side of the user, or at least there shouldn't be. With HTTPS (and the "lock symbol") there is.

The people that really know what they're doing can click through the warnings and still do what they want. But casual users that assume https=safe have the chance to leave.

I'm all for deprecating HTTP the same way they did with TELNET, and warning the user for every HTTP site they go to, but that's a wholly different discussion :)

The browser could just not show the "secure" visuals, instead of making us click through another page.
Well, the warnings are only shown once. Once you import the self-signed certificate into your keystore, it never bothers you again (unless the certificate changes).

This is the right workflow you should follow with self-signed certificates, it is similar to SSH. You need to accept the certificate once. After manually verifying it is the right one, you're even more secure than trusting on a CA...

It's a usability problem. Firefox (at least 3.x) does a full-on freak-out if the cert is untrusted, despite the fact that the site is no more unsafe than an unencrypted website.

Your statements about what should happen are only true if you are requiring encryption for everything that you do. On the web, it's assumed (although most people don't actually know this) that your information is not secure unless you see the green bar or whatever the security visual is on your particular browser.

This brings me back to smanek's point. We have three levels of security: no SSL, untrusted cert, trusted cert. Nothing about the first level is superior to the second level, except for the possibility of a false sense of security. Therefore, a browser should not freak out more in the second situation.

Ah, but HTTPS with unsigned certs are less secure than plain old HTTP.

Or more accurately, for all intents and purposes they are exactly as secure, but carry an unearned sense of security. Unjustified senses of security are a very very dangerous thing.

That's exactly what I said. But if the browser doesn't show any indication that it's secure, the problem doesn't exist. The way some browsers behave, there's a very strong implication that a website with a self-signed cert is more likely to result in your information being stolen than a website with no encryption. And that's not true.
If the browser (or even the URL that got the user there) even so much as shows the string "https", that is a form of positive feedback. The only responsible way for a browser to act is to give a strong negative feedback, to more than offset any potential positive feedback.
Chrome (in some situations, I forget which) puts the "https" in red and strikes it through. The implied message: this is HTTPS, but it's broken or bad.

The important thing here is that a browser can do something like this without interrupting something that the user actually cares about with an annoying message. Annoying messages are bad.

Annoying messages are good when it is vital that the user be annoyed (read: informed).
I think the problem is with firefox warning annoyance, in chrome you get a good short explanation of what's going on and a button to continue (plus a graphical indication afterward that https is somehow not working), on firefox on the other hand you get a warning with a hidden section where there is a button to open a pop-up window that will then allow you to download/view the certificate and press "confirm security exception".

In summary, firefox exaggerated with their warning, I'm wondering if it is possible to do an addon to fix this.

Self-signed certificates don't prevent MITM attacks on connecting unless you've transmitted the certificate securely out-of-band and installed it in the client's browser. (which practically never happens with sites on the open internet) They only prevent tampering with the connection once it's established.

The browser should jump up and down when encountering such a certificate as it's exactly how an attempted MITM attack would look.

(comment deleted)
Granted, it doesn't provide as much protection as a cert signed by a trusted CA - but it's still far more protection than plain HTTP, right? e.g, Firesheep wouldn't work

I don't know if browsers do this, but in principle they could even notify the user on certificate change, so the MITM would have to be on the first connection to a site.

Introducing a "third state" for the SSL indicator, usability-wise, is very difficult. A lot of browser users don't understand SSL, and those that do have a binary understanding of the protocol: it can be used to either confirm or refute the identity of a website. It's very difficult to implement a UI for the regular users that says: "this might be a MITM attack since I cannot confirm the identity of the site but at least I can confirm that it's the same with the one that you connected with the first time".
(comment deleted)
It's a false sense of security, which is why they put the warning. You have no sense of security when visiting a plain http site.
Firesheep would work.

The attack is more involved than just openly sniffing packets. You need to poison the DNS cache on the victim's machine, so that facebook.com resolves to you. Or, you need to poison the ARP cache, so the victim machine thinks that you are the router. These are both easy to do, though, and once you've done that, then you are a man that's in the middle, and MITM attacks are easy under those circumstances.

"ettercap" is a program to automate this technique to spy on SSH, HTTPS, etc. Works quite well.

(comment deleted)
The CA system is broken and browser vendors try to deal with it. Deal with it = trade off between security and (in)convenience.
I think Linus's pragmatism has a lot to do with Linux's success. He's out to make Linux the best it can be, and he's not worried about what MS is doing or what BSD thinks or whatever. He doesn't have the political agenda of the FSF or the commercial agenda of say Apple or Sun. Hardware companies can open, or not open, their hardware - developers can build open, or closed, source programs on Linux.

His approach to licenses is the same - he uses what works for him, and lets others decide for themselves what works for them.

It makes Linux attractive as a platform at all levels because you never feel like you're making some grand statement, or locking into someone's master plan. I have Linux servers in the office, but also Windows desktops. I program code for embedded devices (running Linux). We use the right tool for the job, and if a better tool comes along we can switch. We're not married to the computers, we just use them.

To some extent this makes the whole "Linux on the desktop" issue a non-issue. Maybe it'll be on the desktop one day. Maybe it won't be. Either way it doesn't seem like this matters much to Linus - as he said Linux competes with itself.

I like pragmatism. It gets stuff done.

Because ethics are to me something private. Whenever you use it as an argument for why somebody_else should do something, you're no longer being ethical, you're just being a sanctimonious dick-head.

For someone who is not a native English speaker, Linus really has an awesome way with words.

At least it's clear what he's saying, but I was surprised at this -- it puts Linus well and truly in the postmodern camp. He says ethics are completely relative and personal. (Which of course is not the case: if I try to kill someone, the cops aren't being "sanctimonious dick-heads" when they stop me.) Anyway, all this is off topic, but I was just surprised at Linus's relativism when he seems so "absolutist" about many other things, for example, how much C++ sucks.

Edit: OTOH, Linus is talking in the context of software licenses -- I agree with him that it can get holier-than-thou the way some folks push the GPL (not least its original author).

To reiterate, even if murder is universally considered as being wrong, other issues such as property, copyright, profit and a lot of other things are treated extremely differently in different cultures.

So it's as easy to find something we all mostly agree on (murder) than something we all mostly disagree on (property).

Also taking the murder example is quite dishonest. Linus wasn't talking about murder issues. He was talking about intellectual property issues. Do you claim there is objective right and wrong in this domain ? Do you claim to know what it is ?

EDIT : Didn't see your edit, so correction about the "dishonest argument" part :)

He's a US citizen now so it's called targeted killing when it's not wrong :)
FWIW, even killing people is/was considered acceptable: if the victims have property X where X varies between having the wrong race, being the firs born girl, being physically impaired, being sentenced to death, being a sacrificial offer and plenty more.
He says ethics are completely relative and personal.

No. He did say ethics were personal but ethical relativism was not even hinted at. Those two ideas are not interchangeable.

And the cops aren't there to stop you based on ethics. In fact, they have no right to stop you on ethics.

EDIT(oops accidentally pressed send), anyway...

They're there to stop you based on applicable laws, the minute you start to base such things on ethics is the minute you become vigilante.

(comment deleted)
He doesn't have a way with words unless "being rude" now means "having a way with words". Furthermore, his statement is logically incorrect (the best kind of incorrect): the sense of right and wrong is a general human trait, independent of race or culture. It can be altered by nurture, but it transcends it.

One can very well use it as an argument for why somebody else should or should not do something. e.g: One should not throw a hard-disk at Linus Torvalds because they might hurt him and that's just wrong...

> the sense of right and wrong is a general human trait, independent of race or culture.

If you're talking about the fact that every culture has notions of right and wrong, yeah sure.

If you're saying that what is right and what is wrong is universal and not cultural ... Well where to begin

Some of thoses traits are shared amongst most cultures (Murder is wrong, incest is wrong), but even there there are exceptions (ritual murder ?). For anything more complicated than that, this position is simply impossible to hold.

Most precisely, about property, intellectual or physical, and things like profit, the sense of right and wrong varies so wildly amongst cultures that i can't really think you're making this argument seriously.

I'm saying that the notions of right and wrong come firstly from our human nature, secondly from our society and so on. Last in this list is ethics as personal preference or "something private" as Linus likes to call it.

And even if it does vary wildly in current cultures, there is such a thing as a sense of morals that we can combine with rational thought to reach a fair solution. The fact that culture A considers ritual murder ok fails this morals + rational though test.

Even within a single culture, it varies widely. Just in the US, look at the opposing views toward capital punishment.
Well, by Linus' definition I would say this sort of attitude falls directly under "sanctimonious dick-head".
You are being downvoted only because you are criticizing the god-like-status Linus Torvalds.
No, he is being downvoted for calling people who disagree with the following logically incorrect: The sense of right and wrong is a general human trait, independent of race or culture. It can be altered by nurture, but it transcends it.

That sounds a lot like most theology I've heard, and I suspect that the HN crowd is not one that puts a whole lot of stock in theology.

If I understood right, he is just saying that moral capacity is innate. This seems to me pretty obvious.
"Dick" is a common nickname for people named "Richard". Considering who is most well known for making ethics arguments in the FLOSS world, could Linus be perpetrating a pun here?
The interviewer states, citing Lennart Poettering:

"Linux is the focal point of all Free Software development"

...which is of course bullshit (pardonnez-le-mot ;-). Look at all the open source applications and servers that are developed nowadays. Look at the BSD projects! Free (as in Freedom) Software is not confined to the linuxsphere.

So the first and the very negative answer is that I absolutely despise the people who try to push the GPL as being about "ethics". I think that's absolute bullshit. Why? Because ethics are to me something private. Whenever you use it as an argument for why somebody_else should do something, you're no longer being ethical, you're just being a sanctimonious dick-head.

Good lord, so we're supposed to take an interest in ethics privately but never speak about it publicly? Almost everything I believe about ethics comes from processing other people's ethical ideas, and the same is true for Linus, I'm sure. I personally don't think less of anybody who uses an MIT or BSD license instead of the GPL, but I do think less of Linus for declaring ethics to be an unsuitable topic for public conversation, simply because he can't stand to hear people disagree with him or disapprove of him.

Not to mention he is a brazen hypocrite. He broadcasts his opinions about other people's behavior, calls them dickheads, and says he despises them, because it's inappropriate for them to talk about how other people should behave. Sorry, Linus, it's hard to be more of a sanctimonious dickhead than when you're calling someone else a sanctimonious dickhead.

Has Linus ever claimed to not be a dickhead? Quite the opposite I believe....

Gotta say though, I do agree with his point. People who cram their ethical systems down other peoples throats are dickheads. Am I automatically a dickhead myself for calling people out on this? So be it, I can live with being a dickhead to that degree.

The perception of "cramming" is Linus's problem. The concrete complaint he makes (before his blanket statement that ethics should never be discussed publicly) is that people "push" the GPL as being "about 'ethics.'" Well, that is nothing about Linus, it is about the GPL, so he can't even claim it's personal. Plus, it's a reasonable opinion to have, especially since the person wrote the GPL did so to promote certain ethical considerations. It is Linus's fault that he is so sensitive that he can't abide somebody having an opinion that the GPL has an ethical side to it.

Then he goes on to say, "I really want to point out that it's not that the license is somehow ethical per se." So it's okay for him to have and express an opinion on that question. The hypocrisy is really thick there.

And here's the question that prompted that response: "Do you agree that there is an ethical content in the GPL?" Hardly a pushy question, and the interviewer practically apologizes before he asks the question. So no, there is no cramming, there is just a person who is extremely sensitive on an issue and responds to a polite question with an insulting rant about civility. There is nothing cool about that. He isn't dropping his brilliant technical judgment on an unsuspecting noob who will be better for it in the long run. It's just unpleasant behavior to no useful end.

There are undeniably people who do what can only be realisticly described as "cramming" their ethics systems. I'm guilty of it myself on occasion (with regards to the GPL even!) and I'm sure that if you honestly look at yourself, you'll find you are too.

All this said, he's literally just saying that people who cram the GPL onto other people because it's more "ethical" are dickheads. As far as I can tell, he's not doing that himself, and he's not attempting to imply that the questioner was doing it either. Rather, he just isn't kidding himself, and recognizes that the reason the question is being asked is because there are certain "high profile" people who have made it a full time hobby to do such cramming. He wishes to make it clear that his reasons for using the GPL are purely pragmatic, not quasi-religious.

To be honest, at this point it really just seems like you are attempting to be contrarian.

Not, not really, I just accept that there are people out there expressing opinions about how I should live and that there's no way for me to shut them up. "How many times do I have to express my opinion before those dickheads stop expressing theirs?" is a natural feeling when a controversy drags on longer than one feels it should, but it is counterproductive to express that feeling as if it were an argument. (Also, personally, I don't think the free software ethic is something that ought to go away, even if I don't follow it myself.)

There are undeniably people who do what can only be realisticly described as "cramming" their ethics systems.

Most controversies include some number of unpleasant people. If we let that affect how we respond to polite questions from polite people, we become part of the problem. If you said something to me about the U.S. occupation in Iraq, would it be constructive for me to respond by complaining about the conduct of various people who have expressed similar opinions?

I'm always struck by how down-to-earth and pragmatic Linus is, compared to a lot of the Linux peanut gallery. One thing in particular made me very happy: He sees Linux as a Unix, and not some "Unix-like" operating system.

(Yes, let the lawyers and marketing droids point out that "UNIX" is a trademark of the Open System Group and that no Linux distribution has been registered as comformant to the Single Unix Specification, but that doesn't change the reality that Linux is a Unix.)