:: Re: [DNG] 1,000(?) eyes security Re…
Etusivu
Poista viesti
Vastaa
Lähettäjä: Antony Stone
Päiväys:  
Vastaanottaja: dng
Aihe: Re: [DNG] 1,000(?) eyes security Re: A Devuan kernel?
On Monday 09 July 2018 at 22:53:19, Fungal-net wrote:

> On July 9, 2018 11:35 PM, Antony Stone wrote:
> >
> >
> > Quite a number of security holes have been discovered in versions of MS
> > Windows over the years, and I'm pretty certain that the vast majority
> > were discovered by people with no access to the source code...


<snip>

> I don't think this mode of thinking helps, plenty of security holes are
> discovered in linux and unix-derivatives daily and people have been
> looking through this code for years, never realizing a weakness can be
> utilized by "evil doers" to manipulate this hole. Alpine is as simple and
> as security concerned as any linux, and someone proved recently how
> vulnerable they are. Whether ms-win is better or worse is no reason to
> relax about it.


I wasn't trying to compare or comment on whether Linux or Windows is better or
worse from a security perspective.

I was just using the examples of Linux (open source, low desktop usage, fairly
high server usage) versus Windows (closed source, very high desktop usage,
lower server usage) to point out that vulnerabilities can be found whether the
source code is available or not.

Give bad people enough machines to benefit from finding a weakness in, and
they'll put in the effort to find those weaknesses even without access to the
code the machines are running.

> But here we have not a bug, not a vulnerability, but a published addition
> to the code called speck (and it cousin coming soon). I don't think
> microsoft had included it yet. It is Linus vanguardism.


Hm, Speck is German for bacon. I like bacon.

> No one dare write a bug report about speck, it is perfect I tell ya! It is
> in your libre kernel.


Thanks for the tip :)


Antony.

--
90% of networking problems are routing problems.
9 of the remaining 10% are routing problems in the other direction.
The remaining 1% might be something else, but check the routing anyway.

                                                   Please reply to the list;
                                                         please *don't* CC me.