Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Linux-ng (github.com/torvalds)
86 points by namarkiv on Dec 1, 2013 | hide | past | favorite | 57 comments


Here is the original Linux announcement:

http://www.thelinuxdaily.com/2010/04/the-first-linux-announc...

Here's a diff between the two: http://paste.ubuntu.com/6504013/


Thanks! I clearly can't tell the differences between and m and l, as I just assumed this was from 199!


Hi, this is a small security issue I found. I have already reported this to github.


http://vikraman.org/posts/2013/12/1/linux-ng.html

I shouldn't disclose how this was done until it is fixed. It seems github is unhappy with how this turned out, but I hope they fix it soon. I have already written a personal apology to Linus, and also, apologies if I have offended anyone else.


GitHub has its own responsible disclosure policy (which they setup after their last hack)[1]. This is what they say about it:

>We consider correspondence sent to security@github.com our highest priority, and work to address any issues that arise as quickly as possible.

[1]: https://help.github.com/articles/responsible-disclosure-of-s...


Why not just disclose it responsibly to github without using it on other people's accounts?


It seems he did but they didn't show interest (according to the comment of zaph0d on this page).


"Look, I can create a commit with someone elses e-mail address, and GitHub will think it was actually theirs!"

Of course, the question is: is there any way to prevent this in a simple way? Given anyone can push the final commit, you would need some sort of commit signing, but that sounds more pain than it's really worth.


Oh true. What kind of issue, XSS or something else? (just generically, not specifics)


Not XSS. I will disclose more once it is fixed.


Maybe was just deleted: https://github.com/torvalds/linux-ng gives me 404s now.


It appears to have been deleted at 13:28.

I was browsing Linus's repositories at the time and it disappeared mid-load.


Ah man, I was just working on a pull request. Not that he accepts pull requests, he apparently hates them..

https://github.com/d-snp/linux-ng/commit/b71ef5e3b1caa61dac0...

edit: I accept PR's though, let's make a big list of likes/dislikes and slap him with it ;)


> Not that he accepts pull requests

Of course he does. He does not accept github pull requests, for reasons he's explained at length in, amongst others, https://github.com/torvalds/linux/pull/17


Yesh! Same here.


The repository was not created by Linus. It was a Github security exploit discovered by a friend of mine. Apparently he had contacted Github before exploiting but they didn't show any interest in fixing the issue. There should be a clarification from him soon.


> Apparently he had contacted Github before exploiting but they didn't show any interest in fixing the issue.

If this is true... sounds like business as usual at github. I don't get it, it's not the first time they refused to do jack shit and proactively fix reported security issues before they were used in a high-profile demo exploit.

Then again, it doesn't impact their bottom line since nobody switches or cares when that happens aside from a few days of noise, so why would they?


> Apparently he had contacted Github before exploiting

Apparently not:

"I shouldn’t have exploited it before reporting, so apologies if I have offended anyone."

http://vikraman.org/posts/2013/12/1/linux-ng.html


It's Linux, written entirely in Angular directives.


Haha nice, this was my first thought as well!


Prepare yourselves for a heavy dose of http://en.wikipedia.org/wiki/Second-system_effect


Or a github security vulnerability.


Appears so, the page is already gone.

Or maybe they stole linus' key? Anyone cloned the repository before it was deleted? If so, i think the repo could help in figuring out how it was done.


I don't think you can create a github repo over ssh. _If_ linus' key was stolen, he has bigger problems than just a fake github repo.


> I don't think you can create a github repo over ssh.

Oops, docs say you're right, i didn't think of that.


Certainly a possibility. I couldn't find any references to linux-ng on the lkml or on https://git.kernel.org


Indeed it is an open security hole. See my other comment.


I know this isn't a very constructive comment, but

WTF?


Is this a new kernel, or a new OS (yes, I'm aware the original Linux announcement called it a 'new OS').

Most of the things I dislike about 'Linux' are OS-level inconsistencies, particularly that most user-land tools implement their own config file formats rather than using an existing one.

systemd is a notable exception, as it re-used the .desktop format for .service.


The repo has been deleted. (for late comers, it contained a README with the original Linux announcement.)


Not completely. s/minix/linux/ on the original announcement


Will a micro-kernel architecture make sense now, given computation resources is no longer a bottleneck?


Linus knows how to troll people :D


Trolling sequence done.


Oh no, another free software project on github without software license.

Good thing someone thought to fix it: https://github.com/torvalds/linux-ng/pull/4


Um, what's this all about?


This isn't the same guy that discovered the last Github issue and committed to Rails, is it? The similarities of how this is being handled by the discoverer are pretty eerie.


I committed for a different reason, to fix long waiting issue in rails. Not to fix it on Github.


I wonder if this has something to do with Linux 4.0.

Even though it seems like Torvalds is starting a new project, he might as well be just teasing and later pull in the Linux 3.13-14 tree.


"Linux-ng" as in "Linux Next Generation"?


https://news.ycombinator.com/item?id=6827111


Or perhaps "Not GNU".


Or "Linux written in Angular.js"

Heh.


"Linux in 30 lines of Angular.js" FTFY


It turns out Linus has gone fully mad. While eschewing microkernels, Torvalds will make linux-ng exokernel based.


Ng for next generation I guess?


-ng suffix is somewhat common in in the OSS world.


Only a readme with the famous original Linux announcement... but MODIFIED!!!!

Are we getting trolled?


Benevolent account highjack imo.


Huh? I get a 404 and can't seem to google anything interesting...


Given enough eyeballs, all jokes are shallow.


http://geekz.co.uk/lovesraymond/archive/an-actual-woman


And there I was, thinking I had an original thought.

Then again, this just moves it from clever joke to irony. I'll take it.


A new linux ?


Wow! rewrite?


Good job lol


wow!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: