
Feds pin brazen kernel.org intrusion on 27-year-old programmer - ryanlol
http://arstechnica.com/tech-policy/2016/09/feds-pin-brazen-kernel-org-intrusion-on-27-year-old-programmer/
======
nickpsecurity
Obligatory post on SCM security that these people still haven't learned from:

[http://www.dwheeler.com/essays/scm-
security.html](http://www.dwheeler.com/essays/scm-security.html)

Since then, researchers have also made compilers for memory-safe C, many forms
of append-only storage, parser generators for secure configs, secure web
interfaces, etc. Mainstream proprietary and FOSS havent adopted or tried to
build on about any of it outside one or two outliers. And random people can
still achieve compromises like this with ease.

Hard to make fun of the Russians for bringing typewritters back given the
situation. I also know people moving stuff through high-assurance guards
consisting of real-time FSM's on 8-bit CPU's a few bytes at a time
specifically because an exploit couldn't fit in the RAM or overwrite the ROM.
Muphy's Law says if it's stupid and works then it aint stupid. I'll spare you
what Murphy's Law says about Linux kernel or SCM security. Murphy's too
profane sometimes.

------
belovedeagle
> Linux officials

... wat.

Anyways, besides this bizarre bit of---I don't know what to call it, the
childlike need to set apart some authority figure as greater-than-ourselves
even when those people claim no such privilege; or the need to be subject to a
paternalistic or authoritarian system---I was surprised to learn that the
promised postmortem was never released. On the other hand, I'm also surprised
that the feds care one jot about the breach.

