If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
You have less control over who creates open source and oversees it. So in addition to the NSA, government hacking groups from various countries as well as private hacking groups that make money from vulnerabilities are interested in this topic.
yeah, being able to hire your own developers working on the entire product lifecycle gives you waaaay less control of the product lifecycle than relying on what bill gates wrote 30 years ago.
You have less control over who creates open source and oversees it. So in addition to the NSA, government hacking groups from various countries as well as private hacking groups that make money from vulnerabilities are interested in this topic.
And you also have more control over discovering the backdoors in open source so I guess they're even?
Actually scratch that it's much easier for open source. Because when a scandal erupts you can trace all commits and such (like from specific author such as in this case).
What do you get in closed source? Oh right, a promise you can't even verify. "Trust" you said huh?
writing to registry keys that are not your own could also be part of the heuristic, hard to be certain since MS is for obvious reasons not open with exactly which heuristics they use (DLL injection is definitely there though which is why I mentioned it).
how exactly should w10privacy work without writing to registry keys that is not owned by w10privacy ???
because thats the complete point of this software to manipulate the wndows registry...
As there are no Linux developers in the market you have to hire macOS develoers and convert them. You confirm that Linux is a total niche without developers.
And I wrote about typical backed/fronted development - not system dependent development. I work in a large company and lots of developers working on Linux have converted to MacOS. Even some working on Windows have switched to macOS.
I'm not fond of macOS either, but these are facts.
linux is a niche with developers or to be more precise its the developers niche...
linux never had the problem that they did not have developers they always had the problem that they had no users/marketshare in the end-user space
also thats the reason why there is a lag of payment for the linux develiopers because they do not have enough users to pay the developers.
Interesting that 23 pages of comments and nobody mentioned that the person who found the malicious code is a resercher from Microsoft and he found it just because he notice some functionality is a little bit slower than it should be. The hack is so clever made that it wouldn't be found maybe for years. The person who did it invested a lot of time to gain trust in open source and updates were accepted in Debian and Fedora with almost no check. But at the end is that Microsoft saved Linux
how exactly should w10privacy work without writing to registry keys that is not owned by w10privacy ???
because thats the complete point of this software to manipulate the wndows registry...
that is not the point, the point being that such behaviour (or rather that a random app is writing to the system part of the registry) is what triggers their heuristics check.
Interesting that 23 pages of comments and nobody mentioned that the person who found the malicious code is a resercher from Microsoft and he found it just because he notice some functionality is a little bit slower than it should be.
Interesting that 23 pages of comments and nobody mentioned that the person who found the malicious code is a resercher from Microsoft and he found it just because he notice some functionality is a little bit slower than it should be. The hack is so clever made that it wouldn't be found maybe for years. The person who did it invested a lot of time to gain trust in open source and updates were accepted in Debian and Fedora with almost no check. But at the end is that Microsoft saved Linux
he is not though. He is a PostgreSQL developer that also happens to be a "Partner Software Engineer" at Microsoft what ever that now means. He found the issue due to having issues with PostgreSQL. Or to quote himself:
I didn't even notice it during logging in with ssh or such. I was doing some micro-benchmarking at the time and was looking to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd. Which showed lots of cpu time in code with perf unable to attribute it to a symbol, with the dso showing as liblzma. Got suspicious. Then recalled that I had seen an odd valgrind complaint in my automated testing of postgres, a few weeks earlier, after some package updates were installed. Really required a lot of coincidences.
As there are no Linux developers in the market you have to hire macOS develoers and convert them. You confirm that Linux is a total niche without developers.
And I wrote about typical backed/fronted development - not system dependent development. I work in a large company and lots of developers working on Linux have converted to MacOS. Even some working on Windows have switched to macOS.
I'm not fond of macOS either, but these are facts.
That's news to me, we hire several Linux developers (and I'm one of them) and none of us have any prior macOS experience.
Michael is wrong. Go read the original sources. There is no such update for "Fedora 41" because it hasn't branched for development yet. The only update linked in the Red Hat blog is for Fedora 40.
I've now offered three people on these forums to hack my patched Windows 10 installation. Unfortunately no one has replied/agreed. Maybe I should offer a reward, I don't know.
Windows is choke full of backdoors made/enforced by NSA until people here cannot prove anything or even cite recent incidents of people getting hacked.
With literally tens of nations being the archenemies of the US why is it not happening? Why?
Myths, egregious lies, and conspiracies, that's why.
When you know the history of the product and the current Us laws, why wouldn't you be wary of it especially if you're not a US citizen/corp/gov ?
When you know that linux dev were put under pressure to look somewhere else and let some shitty stuff go into the kernel, why wouldn't you assume that a billions dollars company wouldn't be subject to such pressures ?
Your points are somewhat valid, but man... I don't do unicorns.
Comment