linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Giacomo Tesio <giacomo@tesio.it>
To: Kangjie Lu <kjlu@umn.edu>
Cc: open list <linux-kernel@vger.kernel.org>,
	Qiushi Wu <wu000273@umn.edu>, Aditya Pakki <pakki001@umn.edu>
Subject: Re: An open letter to the Linux community
Date: Tue, 27 Apr 2021 14:53:47 +0200	[thread overview]
Message-ID: <20210427145347.00003846@tesio.it> (raw)
In-Reply-To: <CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com>

"Damn kids, they're all alike"
http://phrack.org/issues/7/3.html


Dear Kangjie Lu, Qiushi Wu, and Aditya Pakki,

Since nobody is doing so, I want to thank you for your hacks.


All the livor and drama that followed your research proves that
the Linux Foundation failed to learn the lessons of Heartbleed.

At the end of the day, this is a valuable discovery for all of us.


You are the kids laughing loud that "the emperor has no clothes".
More precisely, that the emperor STILL has no clothes.
Ten year later.

The corporations behind the Linux kernel didn't take it well
(you wasted their time and money! you outsmarted them! how dare!),
but the hypocrisy in your commits is not the one you revealed.


Pretending that such kind of attack didn't succeded before, 
pretending that the problem is you, is way worse.


I've read that 

> The Linux Foundation's Technical Advisory Board submitted a letter 
> on Friday to your University outlining the specific actions which
> need to happen in order for your group, and your University, to 
> be able to work to regain the trust of the Linux kernel community.

But any programmer with a grain of salt, knows that they are just
tring to distract everybody from their own operational failures.

They blame you and your University just to avoid to be held accountable.

It's neither you nor your University that need to regain trust.
It's not you that proved to not deserve it.

Your crime is that of curiosity.


How sad it is to see a project born "just for fun", turned into this!


But since I care more about cyber-security than about OSS marketing,
I thank you for what you did. I hope that more of such kind of hacks
and experiments will happen in the future, both in the Linux Kernel
and in many other projects.

All without ANYBODY aware of them, because otherwise they would 
prevent such epic failures to be discovered and publicly exposed,
again and again.


What you did was not just ethical, but noble and brave.


Thanks.


Giacomo

  parent reply	other threads:[~2021-04-27 16:30 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-24 22:30 Kangjie Lu
2021-04-25 14:37 ` Greg KH
2021-04-27 12:53 ` Giacomo Tesio [this message]
2021-04-27 17:09   ` Willy Tarreau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210427145347.00003846@tesio.it \
    --to=giacomo@tesio.it \
    --cc=kjlu@umn.edu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pakki001@umn.edu \
    --cc=wu000273@umn.edu \
    --subject='Re: An open letter to the Linux community' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).