Announcement

Collapse
No announcement yet.

Ubuntu 17.10 Enables PIE Across All Architectures, Improves Secure Boot

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by Frogging101 View Post
    This PIE stuff sounds like silly security theatre that just causes inconvenience for developers. What a waste of time.
    PIE is an important layered security feature and it stops or frustrates certain types of attack. GCC has supported it for a long time and Fedora has used it without any trouble for quite some time.

    Comment


    • #12
      Originally posted by starshipeleven View Post
      More likely to fade into oblivion. 60k lines of assembly is scary.

      In the meantime, VLC works fine by just disabling libmpeg2 (mpeg 1 and 2 decoding).

      https://trac.videolan.org/vlc/ticket/15502
      Indeed. I'd rather have hardened, portable, and futureproof packages than someone's spaghetti ASM nightmare that they will only live to regret at some point.

      I believe that every project that uses a ton of ASM is essentially declaring that it will be dead or too horrible to live with at some point so that it can gain some sort of win on current or older computers (which may even vanish vs something like C as compilers get better).

      Remember what happened to that Sega Genesis emulator, gens? Sure it could run Genesis ROMs on a Pentium II on Windows 98, but later on there was no way to port it to take advantage of 64-bit processors and operating systems. I also wonder how accurate it could be to run that fast on said hardware. Higan now has an experimental Genesis core with no audio support (as of yet). Hopefully it will mature and we will have something on par with its excellent SNES core.

      Comment


      • #13
        I don't think that whatever happens to ffmpeg is the scariest thing about Ubuntu.

        Ubuntu does a lot of things that are just downright stupid /and/or scary, but making the packages more secure by default isn't one of them.

        I use Fedora because Ubuntu has a disease of NIH and making worse implementations of existing stuff and then making you live with their weird Ubuntu-only bugs for years before finally chucking their homegrown disaster for what every sane distribution was doing anyway. I said several years ago that ayatana and Unity were a bad idea and would ultimately just end up wasting developer resources, time, and money, but since then, Ubuntu has also thrown away their own display server and their init daemon, and Snappy is probably next. I'd say certainly next looking at the state of support for it outside of Ubuntu. Ubuntu *also* supports Flatpak, but many other distributions only support Flatpak by default, so you can build a bloated Snap image and tell many of your users to add a repository and install Snap themselves or give them a Flatpak and it works everywhere.

        So, OMG Ubuntu! talked to Ken Vandine of Canonical, and apparently they're going to have to throw away "hundreds" of patches that are never going upstream.

        Comment


        • #14
          Originally posted by BaronHK View Post

          Indeed. I'd rather have hardened, portable, and futureproof packages than someone's spaghetti ASM nightmare that they will only live to regret at some point.

          I believe that every project that uses a ton of ASM is essentially declaring that it will be dead or too horrible to live with at some point so that it can gain some sort of win on current or older computers (which may even vanish vs something like C as compilers get better).

          Remember what happened to that Sega Genesis emulator, gens? Sure it could run Genesis ROMs on a Pentium II on Windows 98, but later on there was no way to port it to take advantage of 64-bit processors and operating systems. I also wonder how accurate it could be to run that fast on said hardware. Higan now has an experimental Genesis core with no audio support (as of yet). Hopefully it will mature and we will have something on par with its excellent SNES core.
          Well, you can build FFmpeg without assembly optimizations, it's "just" slower. Also ASM code for arm/arm64 is already PIC-compatible.

          Comment

          Working...
          X