Originally posted by kpedersen
View Post
Announcement
Collapse
No announcement yet.
FreeBSD Considers Making Use Of Rust Within Its Base System
Collapse
X
-
Last edited by cj.wijtmans; 24 January 2024, 08:23 AM.
-
Originally posted by cj.wijtmans View PostAnd terry davis was correct about HolyC, when your OS is running code on the fly you can veryify and patch your code in real time.
The issue is that runtime patching gives you more opportunities for what's running to diverge from your records of what should be running.
Comment
-
Originally posted by ssokolow View Post
Windows is source-available. "Open source" has a definition and a body behind it that gives the thumbs up or thumbs down on whether a license is "officially an open-source license" and Microsoft's shared source program doesn't meet the requirements.
1) Who died and ;left OSI the final arbiter of what is and isn't open source? I don't remember there being an election them King of Open Source.
2) More importantly, who cares what they classify as open source?
Comment
-
Originally posted by kpedersen View Post
That was a dumb argument. Yes, it becomes less secure. For three reasons:- Even just the building up of their own infrastructure to support a closed clone is very likely to introduce security hazards.
- As soon as a security fix comes up on the upstream open-source kernel; you have no idea if their clone has it implemented.
- The only reason they would make a closed source clone is to slip in some dodgy insecure crap to their binaries.
How many bugs and vulnerabilities does XOrg have that were only found about 20+ years?
How many bugs and vulnerabilities does WINE have that were only found about 13 years?
How about the memory leak that Gnome had for 10 years?
How about the vulnerability that curl had for 2+ years?
But i can end this argument very easily by pointing to Metasploit:
Metasploit is used fir penetration testing and in fact is also on the test when going for the Security+ Certification.
Exploit modules are used to leverage vulnerabilities in a manner that allows the framework to execute arbitrary code. The arbitrary code that is executed is referred to as the payload.
Under MacOS there are 40 exploits.
Under Linux? 456.
Under Windows? 1179.
In the context of Metasploit exploit modules, payload modules encapsulate the arbitrary code (shellcode) that is executed as the result of an exploit succeeding. This normally involves the creation of a Metasploit session, but may instead execute code such as adding user accounts, or executing a simple pingback command that verifies that code execution was successful against a vulnerable target.
Payload modules can also be used individually to generate standalone executables, or shellcode for use within exploits:
These modules are useful after a machine has been compromised and a Metasploit session has been opened. They perform useful tasks such as gathering, collecting, or enumerating data from a session.
For Post modules we find 1 for FBSD, 45 for Linux, 23 for Max OS and 237 for Windows.
These numbers are indisputable and can be verified by installing Metasploit on a "attacker" system and then setting up a "victim" system on a VM or using the Hack Me website.
The Windows numbers tend to be skewed because they encompass all Windows versions and Windows has a much larger attack surface thanks to the greater functionality it has.
People can spin this anyway they want.
Comment
-
Originally posted by sophisticles View PostTwo things:
1) Who died and ;left OSI the final arbiter of what is and isn't open source? I don't remember there being an election them King of Open Source.
"Open source" began as "Netscape is receptive to the idea of releasing the source to their Netscape Communicator rewrite, but calling it Free Software is too political/ideological for them to be comfortable with and English gives too much ambiguity in what kind of "free" is being talked about (libre vs gratuit, in French). Let's coin a new new term, create a list of guidelines that's like the Debian Free Software Guidelines but phrased in an apolitical way, and start a foundation".
What you're saying Is akin to "Who died and left Microsoft the final arbiter of what does and doesn't get Windows Logo Certification?"
Originally posted by sophisticles View Post2) More importantly, who cares what they classify as open source?
This sort of thing is also why Creative Commons releases the text of their licenses into the public domain, but only allows you to use their trademarks (eg. the name "Creative Commons", shorthands like CC-BY, etc.) if you don't muddy the waters by trying to slap on additional restrictions like "must not redistribute the original icon collection as-is". (GNU also has GPL as a trademark with restrictions on its use, doesn't release the text of the GPL under a license that allows you to modify it, and all GPL version have some mechanism to deal with additional restrictions. The GPLv2 becomes "You can use this code when X = 1 and X = 2 simultaneously" unsatisfiable if you apply additional restrictions and the GPLv3 grants you permission to ignore any additional terms layered on downstream.)Last edited by ssokolow; 24 January 2024, 10:26 PM.
Comment
-
Originally posted by ssokolow View Post
They literally created the term and, if not for the whims of the USPTO, they'd have registered it as their trademark.
"Open source" began as "Netscape is receptive to the idea of releasing the source to their Netscape Communicator rewrite, but calling it Free Software is too political/ideological for them to be comfortable with and English gives too much ambiguity in what kind of "free" is being talked about (libre vs gratuit, in French). Let's coin a new new term, create a list of guidelines that's like the Debian Free Software Guidelines but phrased in an apolitical way, and start a foundation".
What you're saying Is akin to "Who died and left Microsoft the final arbiter of what does and doesn't get Windows Logo Certification?"
A ton of people who only care about "open source" because it's functionally equivalent to having debian-legal agree that a license satisfies the Debian Free Software Guidelines, except better known and more respected. Reinterpreting the word won't voodoo-doll people into agreeing with you, it'll just cause them to abandon the term in favour of something else that still aligns with their intent.
This sort of thing is also why Creative Commons releases the text of their licenses into the public domain, but only allows you to use their trademarks (eg. the name "Creative Commons", shorthands like CC-BY, etc.) if you don't muddy the waters by trying to slap on additional restrictions like "must not redistribute the original icon collection as-is". (GNU also has GPL as a trademark with restrictions on its use, doesn't release the text of the GPL under a license that allows you to modify it, and all GPL version have some mechanism to deal with additional restrictions. The GPLv2 becomes "You can use this code when X = 1 and X = 2 simultaneously" unsatisfiable if you apply additional restrictions and the GPLv3 grants you permission to ignore any additional terms layered on downstream.)
OSI did not create shit.
The Open Source initiative Foundation is a scam that was founded in 1998. Open source as a concept has existed since at least 1911 and as it relates to software since the 1950's:
Long before these self righteous assholes anointed themselves as the final say of what is and isn't open source, universities and scientists were sharing the source code to various Unix based OSes.
More importantly, the Open Source initiative Foundation is listed as a 501 charted under California state law yet the principle officer is a guy living in England that pulled in over $550,000 in 2018 and after "expenses" netted about 280 grand:
Since 2013, the IRS has released data culled from millions of nonprofit tax filings. Use this database to find organizations and see details like their executive compensation, revenue and expenses, as well as download tax filings going back as far as 2001.
Half a million bucks in donations for him to tell us what is and isn't open source.
Open source advocates really are suckers,
Comment
-
Originally posted by sophisticles View PostLong before these self righteous assholes anointed themselves as the final say of what is and isn't open source, universities and scientists were sharing the source code to various Unix based OSes.
More importantly, the Open Source initiative Foundation is listed as a 501 charted under California state law yet the principle officer is a guy living in England that pulled in over $550,000 in 2018 and after "expenses" netted about 280 grand:
Since 2013, the IRS has released data culled from millions of nonprofit tax filings. Use this database to find organizations and see details like their executive compensation, revenue and expenses, as well as download tax filings going back as far as 2001.
Half a million bucks in donations for him to tell us what is and isn't open source.
Open source advocates really are suckers,
Also, in case you missed it, I said that I don't give a damn what you call it because I am using "open source" as a rough equivalent to "approved for DFSG-compliance by debian-legal", which Windows doesn't satisfy either.
Stop playing into Microsoft's attempts to spin-doctor. There's a reason that, if the OSI had gotten the trademark on Open Source, the legal concept of "trademark dilution" would be relevant.
The concept people are referring to is a more equitable power dynamic which Microsoft very definitely doesn't want to give them, no matter what words they use.Last edited by ssokolow; 24 January 2024, 11:07 PM.
- Likes 1
Comment
-
Originally posted by sophisticles View PostHow many bugs and vulnerabilities does XOrg have that were only found about 20+ years?
Originally posted by sophisticles View PostHow many bugs and vulnerabilities does WINE have that were only found about 13 years?
Originally posted by sophisticles View PostHow about the memory leak that Gnome had for 10 years?
Originally posted by sophisticles View PostHow about the vulnerability that curl had for 2+ years?
Originally posted by sophisticles View PostBut i can end this argument very easily by pointing to Metasploit:
Under Windows? 1179.
Once Windows is open-sourced, I hope you revisit this thread and admit you were a little naive.
- Likes 3
Comment
-
Originally posted by kpedersen View Post1179 is clear evidence that bugs are not easily found when full source is not available. The academic source is a version of the 2003 kernel with a lot (including ACPI) stripped out.
Once Windows is open-sourced, I hope you revisit this thread and admit you were a little naive.
I also see that you ignore the 1 that FreeBSD has.
If you care about security and open source, stop using Linux and switch to a BSD based OS.
Comment
Comment