Tweet
Originally posted by chuckula
View Post
-
Seriously I smiled from ear to ear. I thought that was a great way to advertise freedom software... Especially since all the tech outlets are saying the sky is falling and LINUX AND APPLE os suck and using bash == pwned. Fucking pos media outlet Microsoft(Bill's genitals) sucking weasels. -
Couldn't they just writer something like: "A bug was discovered and because we are agile and cool and badass we fixed it already." instead of all these bullshit.
Comment
-
If by older you mean from a week ago before the bug was disclosed, yes.Originally posted by wagaf View Post
The argument has been "The bugs will be found because it is open source and peer reviewed". Now you have a critical bug that goes undetected for 25 years. Kinda blows a major hole in the argument, doesn't it?Comment
-
Code over ten years old is likely poorly reviewed whether opensource or not. Industry requirements are on average fairly high these daysOriginally posted by gamerk2 View PostComment
-
Yeah this is my feeling on this too. To be honest this is another reason I'm seriously evaluating BSD, I want to get away from the GNU userland because it was written by an ideologue (Richard Stallman) who couldn't care less about code quality as opposed to just serving his own personal ideology which means that crap like this is going to happen all the more often vs alternative software, and you get nonsense like his breaking how su is supposed to work because he wants anyone with root password to have full rights.Originally posted by chuckula View PostComment
-
Except that the bug was already fixed even before it's disclosure; and it was fixed this way for the very same reason; because it's opensource and reviewed. Kind of different when happens to other companies when the bug could also exist for years; but the patch is only issued when the bug has been already used in malicious ways and the damage is already done.Originally posted by gamerk2 View Post
And yeah, in whatever way you look it; it's a win for FSF. Because their software didn't even have a chance to be affected by the bug; more, they didn't even have to do the work. I can say that now even knowing they are blind in so many ways than I care to tell.Comment
-
When using a new *BSD system I and lot of people I talked to the first thing we do is install GNU tools and utils on the systems. GNU are of a much higher quality than the non portable and archaic BSD tools and utlis. GNU utils are a better fit cross platforms and operating systems, I love using the same command line tools across kernels and hardware something you cannot do with BSD.Originally posted by Luke_Wolf View PostComment
-
What's with all the 'bash-ing"
So, here goes a more technical question. Would it have helped in this situation to have BASH written on a higher level language, such as go, rust, or some of the 'better' alternatives to C? I have the feeling that a lot of the exploits we've seen in the past have to do with using C, which I understand for Kernel development, but userland tools could probably afford something slightly slower but safer. Anyways, might not be the case for this particular exploit ...Comment
-
Got a quote for that? I have seen lots of people claiming that bugs are less likely, but I have never heard anyone say open source software doesn't have bugs.Originally posted by gamerk2 View PostComment
-
So let me get this straight:
Developers have been feeding bash with external untested unchecked strings, while logged as root, for +20 years.
And it's bash's fault.
Yeah, right.
PS: The only vulnerable systems are those running software that directly feeds strings to bash.Last edited by elmerovingio; 26 September 2014, 04:59 PM.Comment
Comment