Translation of that German reply about LinuxTag

Wed Jul 18 08:59:43 UTC 2001

E L Tonkin wrote:

> Guys: here's a vague sort of translation of that mail sent from a 'core
> FSFE member' in such charming German, re. LinuxTag. Granted that my German
> is only slightly better than my Maltese, you'll have to excuse the
> random nature of it

In fact, your translation is perfect AFIACT. :-)

> The reporters' incompetence is boundless.
> Quotation from the Deutschlandfunk article:
>
> " Already the first viruses and security holes in Linux have been sought
> out and also abused."

This statement is certainly true. We shouldn't ignore it, but rather
try to tell people the difference between windoze and Linux viruses
(which is also to include trojans, worms and other kinds of exploits
here -- most people can't be bothered to understand the difference
between them, anyway; remember how many even called the y2k problem
a virus).

Linux "viruses" exploit unintentional holes in the system which,
when they become publicly known, will be fixed very soon. OTOH, many
windoze viruses exploit intentional "features" of the system which
will be closed, if at all, only very reluctantly and hesitantly. As
a result, while windoze users have to run virus scanners that search
for known (and probably often many years old) viruses and every
kiddy can create the next "major threat to the world" using some
virus kits or slightly modifying existing viruses, a Linux admin can
fix a security hole once and won't have to worry about viruses that
exploit this particular hole ever again, so creating a new virus
requires finding a new security hole which the typical kiddies can't
do.

I think that's what we should try to get accross to people (in a
form simple to understand and remember -- I'm not good at this),
rather than saying "There are no viruses on Linux." which is easy to
disprove.

> " because practically every programmer has access to the source code
>  aimed back doors and weak points can be added. "
> (this quotation is indirectly attributed to Georg Greve). 

The German "Linux Magazin" had an AFJ to this effect this year, and
it took a closer look to discern it as a joke (like, actually
reading it to the end and noticing some clear hints, or trying the
given "exploit"). It made some people (mostly admins) quite scared
and then angry.

My opinion is that it might be possible to introduce a back door,
but it would take quite some resources to hide it so good that
nobody will detect it in the public sources (like if the NSA was
making a version of Linux -- hmm, the NSA *is* making a version of
Linux ... ;-).

But actually such back doors are much like security holes (i.e., as
long as only one malicious guy knows about them, they can exploit
it, but once it becomes known, it will be fixed soon.

Now I don't know if they appear to attribute this statement to Georg
(it doesn't seem to be contained in the online version) or if Georg
said something like this ...

> The Focus article disqualifies itself at once by the heading " commerce
> instead of community". The remainder can also be read on the Web. They've
> understood nothing about Free Software.

"Disqualifies itself at once" by writing "instead of" instead of
"and"!? I'd agree agree with Georg, they've understood quite some
things, e.g. that the opposite of free is not commercial which even
some regulars of this list sometime confuse (and they might be
saying it in such words that business people will understand,
without calling free software open source or so). So we shouldn't
condemn them, but rather let them know about their mistakes in an
objective way as Georg said he was going to. (And I'm saying this
being no big fan of this magazine in general.)

> It's really bitter... Also, that the virus scanners introduced on the
> LinuxTag were there for WINDOWS VIRUSES has been quietly forgotten.

That's probably true and giving people a wrong impression (see
above).

Frank

-- 
Frank Heckenbach, frank at g-n-u.de
http://fjf.gnu.de/
PGP and GPG keys: http://fjf.gnu.de/plan