It is an architecture problem

The big news today (that got my attention!) is the Washington post about Linus’ thoughts on security, especially in the linux kernel.You probably do not know but today, Linux is one of the most used kernel in the world. Every Android device rely on it – most of non-critical embedded devices use it. You are probably not aware of it but you are probably using more Linux-powered devices than Windows or Mac.

The article is well written and explain most of the issues to a non-technical people. Great. But sometimes, it messes things up. For example, when the article reports that the ashley madison data breach, it is totally unrelated: the article focuses on the kernel, not the userspace. This is just not accurate to connect this attack with the linux kernel, it could happen with the same software running on a different kernel.

What users must understand is that security comes at a cost and while this is an important requirement for us, this is not the most critical and people do not pay attention to it until a big attack appears. Achieving high security impact other requirements and characteristics, such as performance. At the end, the question is: are you willing to have your system running slower to protect yourself against a potential security attack against your contact list that has not been discovered yet and would be fixed as soon as it is discovered?

Are you willing to pay the cost of security without affecting other attributes?

It totally depends on your objective and priorities: if your system is a smartphone, you probably do not care because once discovered, the attack will be fixed and your phone will be automatically upgraded. But if you design a nuclear power plant, there is no room for a second chance, millions of people are already dead. So, you do not want that to happen at any cost.

Linus made a good point on that as well: if you are running a safety-critical system, you just do not use Linux. If you are concerned about the security of Linux, solutions exists (e.g. selinux, grsecurity). And if tomorrow the kernel needs more security, the community will work the existing kernel and add the necessary layers – this is just that it has not been the focus so far or has been done through individual efforts. But at the end, if you really want to isolate software according to their criticality, this is no longer a matter of code but an architecture concern: you have to design your system and isolate components according to their security levels. Many existing approaches address that issue (for example, MILS) and there are many solutions to such design: gatekeepers (filtering insecure data before they are forwarded to the secure components), physical or logical separation, etc.

This is also what has been shown by the attack on the Jeep by Miller and Valasek: the entertainment system is connect to several networks connecting critical and non-critical devices without any filtering. By attacking the entertainment system, attackers were able to control a car from their couch. Great. Some will argue this is a software issue but I am still convinced this is an architecture issue: the entertainment system should not be connected to critical equipment without any filtering or protection mechanism.

The Washington post article is interesting but the whole discussion on the Linux kernel is just too much. Rather than putting the fault of an insecure Internet on linux developers, it would rather be more interesting to understand the real architecture defects of the network. And why people choose such insecure software: if Linux is so bad, why is it still soused? There are still many open questions but this article demonstrates how cybersecurity is not understood and addressed today, in our now over-connected world.

It is an architecture problem

Disabling Win + hotkeys

If you are a Linux dude, using Windows only in a virtualbox environment (using Windows is like going to crowded events: even you do not like it but sometimes, you have to do it), and have all your window manager shortcut defined with the win key, you might be totally pissed by the windows shortcuts. Sure, shortcuts are convenient but when using two different operating systems, it can be confusing. One example is when you are using the WIN key to switch desktop in your window manager and then, virtualbox will grab the focus so that instead of switching desktop, it starts whatever application associated with the shortcut. Very frustrating. Because of that, instead of switching my environment to desktop 1 (which has basically my main terminal with several tabs), the windows instance running in virtualbox opens internet explorer on with a very shitty headline (the same kind of articles you can read on

So, today was the day, it was time to put this to an end. After some hours searching how to disable the WIN+ keys shortcuts, I found the magic solution that basically use voodoo spells windows registry edition.

In a nutshell:

  1. open your registry
  2. follow the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  3. create a new DWORD NoWinKeys and set its value to 1
  4. restart and voila!

Hopefully, if you are in the happy fews running windows in virtualbox and have most of your window manager shortcuts associated with the win+ key, this might save your time, your mental health and avoid reading junk articles on You’re welcome.

Disabling Win + hotkeys

Debian/Ubuntu on Chromebook: how to install linux on linux

Recently bought a Chromebook. Quite good hardware at a reasonable price. You can get rid of the chrome os and install linux. Two options:

  1. Install the full Ubuntu. Require an external SD card. Independent OS, you do what you want with your hardware. Some configuration stuff might be painful.
  2. Chroot over the chrome os. Also, no clue about what the linux-patched chrome kernel do in your back. Simple, easy, convenient to use.

geek guy, choose your weapon !

Debian/Ubuntu on Chromebook: how to install linux on linux