Re: 8 year old New Linux exploit

and this went unnoticed until now?

how is that even possible?

Re: 8 year old New Linux exploit

Because maybe those that espouse the wonderfulness of opensource and reading every line of code failed to do that?

Re: 8 year old New Linux exploit


I totally agree about the OSS fan boys. I subscribe to my local LUG, and the message base usually consists of Linux is wonderful - I want to have Linus Torvalds baby, Microsoft and Apple are evil for wanting to make money, and therefore suck, and whiny complaints about wireless and other stuff people can't get to work on their bleeding edge distro. The mere suggestion that perhaps you should use Redhat or Novell Suse brings out a chorus of disdain.

xor

Re: 8 year old New Linux exploit

That macro is pretty gnarly. But given it's taken 8 years for someone to find and exploit it (as far as we know) , then couldn't feel too bad about this particular pecadillo.

Re: 8 year old New Linux exploit

How dare companies attempt to make money from products and services they provide!

In all seriousness, that, as the article states is pretty much as trivial as it can get to exploit, and I'd imagine that since it's out in the wild, it'll get used and probably moreso by the same OSS fanboys that would love nothing more than to beat off on Gates' future grave while still trying to get all their PCI devices functional. And come on kids, if you can't get your wifi card working, contribute to making it happen, don't just bitch and whine.

Re: 8 year old New Linux exploit

About 10 years ago I was talking to one of those fanbois and he was going off on how he reads all the source code for all the stuff that he installs just to make sure it's ok, and that MS should never be trusted. I told him about something that I was using in Linux and he got interested in it and went home from work that night and tried to install it.

He came in the next day and did nothing but bitch because he couldn't get it to compile. I knew it was kind of a bitch to get installed, but I had done it a few times and normally didn't have a problem with it. He kept on bitching to me about it, and when I asked him if he actually read the source code before he attempted to install it, he said he didn't. So much for his previous day's talk that he always reads the source code.

Re: 8 year old New Linux exploit

Even reading all of the source code , if possible, doesn't help. You have to understand it, see all the possible failures including structure and compiler problems, unrelated memory trashing bugs etc.

Even the most sophisticated lint like tools don't catch everything.

If the saying that the best programmers in the world only produce 2-3 lines of fully debugged, fully working code a day, then it'd be pretty unlikely you'd be able to scan source code of any decent size application and best that.

Re: 8 year old New Linux exploit

I agree, and understand, that's why the argument that open source is better because you able to read the source is a bit silly. Yes, you can, but without knowing all the subtleties of the program, chances are you're going to miss something. Not everyone programs the same way, and many times there are multiple ways to do the same thing.

I think it's more of anti-capitalist rants than anything else, and there aren't opensource solutions to every single thing that needs to be done either. I

Re: 8 year old New Linux exploit

For me an OS is a tool. The right tool for the right job. I refuse to hitch by wagon to just one and forsake all others. Yes say it, I'm an OS whore. That's right, I'll sleep with anyone if the moneys right; heck I'll do it for free I have commitment issues!!!!!!!

No really, I'm always suspicious of anyone who can't see the worth in say another OS. Especially if these people are developers themselves.

xor

Re: 8 year old New Linux exploit

Thats usually my answer too, use the tool thats right for the job, if you can't get the exact tool , then get the closest. doesn't matter if its closed or open source, in all the years of developing products i can't think of one single instance where it was held up significantly or at all for lack of source code, generally different solutions will appear.

I don't (typically) demand the gerber/source files for hardware so i can fix bugs in it either, again work around.

My preferred OS is windows, it has nearly all the tools and features i'd ever need or want, i like MSVC (with boundschecker, intel c) over gcc/eclipse or etc. So that'd be my first choice, but with a lot of the embedded work its either no os at all(well a thin layer), custom os or a linux derivative. Usually i'll just keep a VM of linux/OSX around for when i need it, but i very rarely develop under either, except for apple work which usually typically requires XCode/OSX.

But if a coder told me they were sitting reading every line of source for the tools/os for a project first, i'd be pretty wary about working with them,, even code reviews i've found to be mostly venting grounds for ego and skirmshes, one time we ended up at , its baseball bats in the car park, whomever is left standing picks the curly bracket style. Heaven help us had it been editor choice ;) (emacs ftw)

Same goes for them saying which OS they demanded oss/closed, since sometimes we just don't have a choice and i just want to get on with it.

Re: 8 year old New Linux exploit

Right on the head, good sir.

Re: 8 year old New Linux exploit

I don't think a more true statement has been ever said about WinME.