Announcement

Collapse
No announcement yet.

Linux Desktop Security Could Be A Whole Lot Better

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by Mike Frett View Post
    So a guy that uses Windows spreads news about some vulnerabilities in Linux. We all know there are Security holes that need to be plugged in Linux, but I find it difficult to fully trust a guy that uses Windows and then complains about Linux. Trusting an OS in which he has no access to the code to check for Security problems, and then pointing the dirty end of the stick at Linux.

    This hypocrite needs to crawl back in Microsoft's intestines and continue eating their FUD.
    So there is a guy who takes the time to look at linux from a security standpoint, finds a number of vulnerabilities and assists the devs to get them fixed. And all you have to offer as response is calling him hypocrite. Are you fcking serious?!

    Btw if you know some security holes, how about actually doing something to get them fixed, like this hypocrite did.... LOL

    Comment


    • #17
      its clear that he creates some bad reactions, when he shouts very undiffernciated statements about security.

      You cant just test ubuntu and think 99% what I found here, must be there in debian and fedora and so on. If he would said Ubuntu has many security problems and maybe some of this bugs also exist in other distries... it would be ok.

      But to say I tested Ubuntu but "LINUX Desktop" is unsecure or something like that is not very clever, if you want good response.


      As far as I know fedora uses selinux, that should look for file permissions or am I wrong here? Xorg problems, wayland is coming so of course xorg stinks and dies now. The question is, is as example most of that bugs in a stable Debian or in a stable Redhat distribution.

      Because most of the problems you have to have either hardware-access or at least a user account on the pc or maybe if you would directly use X network stack without ssh tunnel or something.


      Yes its ok to point out some bugs, but at least check first if stuff is deprecated or if bugs are known, but ok it does not hurt much I guess.

      Yes nearly forgot it, lightdm no major distro except ubuntu uses it. So basicly again a nearly Ubuntu only problem.


      So he should sort out what are ubuntu only rpoblems and what is then still left on generall problems. Then you could talk about it more serious.

      Its a bit like somebody calling linux bad because nvidia makes bad linux drivers. that break and are difficult to install because people cant fix abi problems in the driver except nvidia and stuff like that.
      Last edited by blackiwid; 05-24-2013, 07:04 AM.

      Comment


      • #18
        Good presentation. And shame on Qt for not fixing the bug - even disregarding security implications, that's a segfault, possibly affecting every Qt program.

        Not that I have a high image of Qt anyway (I tried developing a midly complex Qt GUI app half a year ago - I found 12 bugs in two weeks, and to top it off, when I went to report them, their bugtracker (Jira) was itself buggy...). The one bug I managed to report is still unfixed, despite having a test app and a bisect to the exact commit causing the bug.

        Comment


        • #19
          Originally posted by Mike Frett View Post
          So a guy that uses Windows spreads news about some vulnerabilities in Linux. We all know there are Security holes that need to be plugged in Linux, but I find it difficult to fully trust a guy that uses Windows and then complains about Linux. Trusting an OS in which he has no access to the code to check for Security problems, and then pointing the dirty end of the stick at Linux.

          This hypocrite needs to crawl back in Microsoft's intestines and continue eating their FUD.
          Sorry, but could you please read the article again?

          Originally posted by article
          Sprundel formerly used Linux full-time but for the past several years converted back to Windows for business reasons and has just been a sporadic Linux user until his recent evaluation atop Ubuntu Linux, among other distributions.
          Edit: after checking the ppt, this seems to be an error in the way it's written on Phoronix. Sorry about using it as an argument. In any case, it's still apparent that the guy has knowledge on both platforms, which is a good thing.

          Besides. If he were an MS advocate, wouldn't it be a better strategy to stay quiet about the problems so it takes longer for others to find and fix them?
          Last edited by DaVince; 05-24-2013, 09:18 AM. Reason: something wasn't quite right

          Comment


          • #20
            Anyone else find it a bit strange that so many security flaws managed to get past so many developers in the first place? This is just 1 guy and he found a lot of problems that really shouldn't have ever been there in the first place. Just imagine how much more he'd find if he were paid. I'm aware linux's relative unpopularity is in itself a form of security, but it doesn't make me feel good knowing that security apparently isn't a priority to a wide range of people in the linux world.

            Comment


            • #21
              Originally posted by schmidtbag View Post
              Anyone else find it a bit strange that so many security flaws managed to get past so many developers in the first place? This is just 1 guy and he found a lot of problems that really shouldn't have ever been there in the first place. Just imagine how much more he'd find if he were paid. I'm aware linux's relative unpopularity is in itself a form of security, but it doesn't make me feel good knowing that security apparently isn't a priority to a wide range of people in the linux world.
              he is talking about the desktop, so there is security of course not the most important thing, especialy if you are just rewriting the complete X stack over the last years. On the desktop site, as developer you maybe think how do create a desktop or a backend that in the end brings more people to the linux desktop... because a developer that only codes for him self, or a developer that audience shrinks in extreme case is very frustrating, and you will quit that job at some time.


              Again its no networkstack security stuff, and I am not shure if the enterprise linux systems have this bugs, and in many cases you can depend on that the users you gave a useraccount and have access to your intranet, are not attacking you. As example I had a job interview on a university, ok they use ubuntu so worst case it seems, but there only have pre-doctors access you can basicly think that they are not attackers. they have better stuff to do, and even if, if they attack stuff when they logged in with their accounts it is probably easy to find out who did damage stuff.


              So there is maybe a reason for distries like debian and enterprise linuxes, if you have to update all 2 months to a new distri in a production environment you should maybe not hope this distros are multiuser-secure... I mean they should be secure for single-user systems... thats what desktop is primary, at thats the main target for systems like ubuntu.

              And maybe offices where the users are no hackers but "moorhuhn" gamers.


              I heared even from admins that they use systems (windows as clients in this case) that all 24 hours completly format the harddisks of the clients and copy over a windows image. So it seems at least windows is not (much) better in this sphere, it shure has a reason that they do that. not just for fun...
              Last edited by blackiwid; 05-24-2013, 09:55 AM.

              Comment


              • #22
                Originally posted by BO$$ View Post
                Again people, linux is invulnerable. That guy is probably a Microsoft paid evil monster paid to divide and conquer us! But we shall not fall for the faith is strong in us! Linux cannot be broken! Do not listen to this Judas!
                Where *do* trolls come from? Is it a genetic mutation? Or do you need to have trolls for parents?

                Just imagine how many vulnerabilities microscrap has that are hidden and unknown to the general public. These published vulnerabilities can (and will) be *fixed*. Unpublished flaws in binary crap *can't*.

                Good luck with your microscrap.

                Comment


                • #23
                  Originally posted by DaVince View Post
                  Besides. If he were an MS advocate, wouldn't it be a better strategy to stay quiet about the problems so it takes longer for others to find and fix them?
                  Not really. At least, not in the way MS sees it. To corporate closed-source software vendors, it's all about image and PR. That's why microsoft spends so much money on astroturfing and spreading FUD about open source. They keep quiet about their own vulnerabilities, because you see, they don't care about the actual security of either OS (theirs, or Linux), they care about the public impression. Out of sight, out of mind, sadly.

                  Comment


                  • #24
                    Originally posted by dee. View Post
                    Not really. At least, not in the way MS sees it. To corporate closed-source software vendors, it's all about image and PR. That's why microsoft spends so much money on astroturfing and spreading FUD about open source. They keep quiet about their own vulnerabilities, because you see, they don't care about the actual security of either OS (theirs, or Linux), they care about the public impression. Out of sight, out of mind, sadly.
                    They even sue people to keep their own vulnerabilities out of the public eye. Its frightening dealing with that crap. They'll go after you with the reverse engineering clause of their license, which is why MS vulnerabilities are kept close by those who find them, and exploited by people in places where MS has no legal recourse.... like China. Even if you can win against MS, it isn't worth the fight because they have virtually unlimited resources and WILL bankrupt you in the process.

                    What this does, is it creates a totally different hacker culture. The MS side is dark and goes for the attack/damage aspects of hacking, because you can't be public about it. The Linux hacker culture is a bright and sunny place, full of happy nerds who have never been laid, eager to get their *real* name onto the discovery and/or the fix, hoping (unreasonably) that some *girl* will see it, be impressed, and put out.

                    This situation couldn't be better for Linux, or worse for wondoze. Linux grows stronger and more secure BECAUSE of the hacker culture, BECAUSE the vulnerabilities are exposed in public!!! wondoze is a stagnant cesspool of vulnerabilities and failure, constantly under attack, and always failing to stand up to the attack.... and then who saves them? Not their coders for sure, the internet saves them, the internet that runs on Linux and can filter out the attacks. All they need to do is sue everybody between them and the source of the attack.

                    Comment


                    • #25
                      Originally posted by blackiwid View Post

                      Its a bit like somebody calling linux bad because nvidia makes bad linux drivers. that break and are difficult to install because people cant fix abi problems in the driver except nvidia and stuff like that.
                      NVIDIA's drivers are great... The best drivers you can get on Linux for gaming/3D-stuff/rendering. Even Optimus support is comming "soon"... Yes, they are not open-source, but that's not a reason to call them bad. ATI/AMD's blob drivers are bad on Linux (FGLRX). I can't agree more on that.

                      Comment


                      • #26
                        Originally posted by Sverro2 View Post
                        NVIDIA's drivers are great... The best drivers you can get on Linux for gaming/3D-stuff/rendering. Even Optimus support is comming "soon"... Yes, they are not open-source, but that's not a reason to call them bad. ATI/AMD's blob drivers are bad on Linux (FGLRX). I can't agree more on that.
                        I did not even say that they are bad, I did not the opposite too ^^ I just said it would be like somebody would say linux is bad because there are problems with this drivers, and there are problems with this drivers, you can say you think that they are not that big, but thats just a oppinion... and there are people bitching around why linux is so bad and breaks abi and stuff... so they basicly say linux is bad because linux developlment model isnt good.

                        Yesterday I watched a youtube linux vs windows video, where somebody said there are problems with closed source drivers so linux would have not so good driver support than windows or something like that... and the point is if you think that this driver problems with closed source drivers (installation... ) are problems... if you see that that way... you have to blame nvidia not linux.

                        If you say thats all wonderful go ahead... but dont blame linux for problems that are caused by closed source drivers.

                        Comment


                        • #27
                          http://www.x.org/wiki/Development/Se...ory-2013-05-23

                          how many patch days or better years would microsoft have needed to fix at least most of so much bugs? Its fast... Xorg has a bit the problem that there are many many lines of code but way less developers as example the kernel has. hopefully that will be better with wayland
                          Last edited by blackiwid; 05-24-2013, 03:48 PM.

                          Comment


                          • #28
                            Originally posted by schmidtbag View Post
                            Anyone else find it a bit strange that so many security flaws managed to get past so many developers in the first place? This is just 1 guy and he found a lot of problems that really shouldn't have ever been there in the first place. Just imagine how much more he'd find if he were paid. I'm aware linux's relative unpopularity is in itself a form of security, but it doesn't make me feel good knowing that security apparently isn't a priority to a wide range of people in the linux world.
                            I'm not surprised - I've been reading Google Chrome security fixes, and they've been finding a ton of issues in their code with AddressSanitizer, plus have been paying out a lot of money for each release on security fixes. And these are top-notch Google coders, working on 1 program.

                            Comment


                            • #29
                              Originally posted by Sverro2 View Post
                              NVIDIA's drivers are great... The best drivers you can get on Linux for gaming/3D-stuff/rendering. Even Optimus support is comming "soon"... Yes, they are not open-source, but that's not a reason to call them bad. ATI/AMD's blob drivers are bad on Linux (FGLRX). I can't agree more on that.

                              wooohoo how i love being drunk - go nv \o/ /o\

                              Comment


                              • #30
                                Originally posted by Vadi View Post
                                I'm not surprised - I've been reading Google Chrome security fixes, and they've been finding a ton of issues in their code with AddressSanitizer, plus have been paying out a lot of money for each release on security fixes. And these are top-notch Google coders, working on 1 program.
                                Does Google actually have any top-notch coders?

                                Comment

                                Working...
                                X