If linux is open-source wouldn't it make it more vulnerable

Whether open source or closed source means fuck all these days. What matters is how often your platform is used by people who are targets of hackers (Linux and BSD are niche operating systems, but the CIA has exploits for them because high value targets use them to try and protect their information), and how much the people who make the platform you use invest into security.

>>59354225
So how much does Linux invest into their security?

>>59354243
Enough. The userland on the other side...

Searching for exploits using source code is a pain...

just saying, linux kinda sucks, only when your using ubuntu, but kali is okay

If you can't read the source how can you be sure that there aren't any security holes?

>>59354283
>Running shit on root al the time and having a shitty repo is okay

You drunk m8?

File: YOURE_YOUD_UP_GET_IN_THERE.jpg (40KB, 500x456px)

40KB, 500x456px

>>59354283

You have to be 18+ to post here.

File: 1488848035314.jpg (70KB, 800x902px) Image search: [Google]

70KB, 800x902px

>>59354163
No, because if someone finds an exploit and keeps it to themselves then anyone else can find it too and it can be fixed as soon as its found

In closed source if someone finds an exploit then they can not tell anyone then unless the devs find it then its basically never going to be fixed
Look up any major Linux security bugs, no matter how long they actually existed they are patched as soon as they are found

Wintards will argue that because said bugs existed for so long that makes Linux bad, but in reality the same thing happens to Windows but you don't hear about it because the people who have found security bugs in Windows have kept quite and they still haven't been fixed

Security through obscurity doesn't actually work in the real world, so it doesn't matter if it's open-source or not.

>>59354163
Security through obscurity doesn't work

>>59354163
does your OS have something to hide?

>>59354430
Ask Intel

>>59354405
But how many people actually examine the source code for every update to their computer? I haven't had a single freetard say that they do. Most people just assume they are safe because they assume people with good intentions are checking the source code, but how often does that actually happen?

>>59354352
no escalation of privileges

>>59354163
Depends on community activity. If someone does end up hacking into the kernel you can check the vulnerability and then patch it before the official mantainers do and be labeled a contributor

>>59354163
Thanks to disassembler it doesn't really matter.

>>59354163
>If linux is open-source wouldn't it make it more vulnerable to security exploits?

You could make the counter argument that more people can give feedback on security flaws since they have source access as well.

The CIA knows lots of exploits for Linux according to the leaked hacks

>>59354484
Not every single person that uses the code has to look at it. But many people scan though the source code every so often and popular things like the Linux kernel itself probably has all of its code looked over at least twice a week by a group of people

With Windows after the code is written its probably looked at by about 2 people before its shipped out and its probably not looked at ever again until they want to update that part of the code

Look up some of the leaked conversations from MS employees. They said the reason Windows is so shit half the time is because the management doesn't allow the programmers to do anything that isn't considered absolutely necessary such as optimization or pen-testing

Security though obscurity does not work

Yeah, but it would also make it faster to find them, assuming anyone even cares and is looking

>>59354540
> No escelation of privileges

Of course no privileges will escalate if everything is already running at root privileges

>>59354589
FUD

>>59354604
>all of its code looked over at least twice a week by a group of people
Sadly not.

>>59354740
>FUD
What part of my post is FUD?

Nothing works all the time, security through obscurity not their model, their is is proprietary

Open source is better security for all stakeholders.

Security through obscurity is better for the developers at the expense of end users.

>>59354788
>What part of my post is FUD?
Kernel not affected, just userspace.

>>59354844
>Security through obscurity is better for the developers
So this is why OpenBSD don't implement HAMMER2 faster.
>better fs
>more users
In the end Google may use their software and try to find exploits in it and end their memesecurity.

>>59354740
>Sadly not.
You underestimate how many companies that depend on Linux pour thousands into pentesting Linux

>>59355031
:^)
Nice try.

>press backspace 28 times
>get past all Linux """"""""""""""""""""""""""""security""""""""""""""""""""""""""""

>>59354484
>But how many people actually examine the source code for every update to their computer?
You don't need for everyone to check the source code each update. Someone get's interested into improving a module or feature and checks only that parts and works on that, while working on it they can find flaws and propose patches and the patches are reviewed before being merged assuming they're managing the project properly.

>I haven't had a single freetard say that they do. Most people just assume they are safe because they assume people with good intentions are checking the source code, but how often does that actually happen?
That's easy to know most of the time because most version control systems provides statistics and there's external sites that analyzes repos and the record of the project.

Also, check the blogs of the developers, projects like KDE or Libreoffice has sites called "planets" that are agregators. There you can read about how different developers has contributed, about the quality assurance measures of the project like using different static analysis tools or using unit tests. One example:

https://scan.coverity.com/projects/211

Obviously an abandoned or mismanaged project has higher probabilities of having bugs or vulnerabilities so check by yourself the reputation of each project if in doubt.

Be critical by yourself and do your own research instead of putting all software in the same basket based on a label, perfect code doesn't exists but being open at least allows more people to improve and check it.

>>59355139
Already patched pajeet. Meanwhile on windows you need .net 3.5 to install .net 3.5

File: 1489107680371.gif (3MB, 300x236px)

3MB, 300x236px

>>59355139
>A bug with GRUB is a kernel issue

File: 1468660938642.png (78KB, 800x700px) Image search: [Google]

78KB, 800x700px

>>59355139
That was fixed immediately after disclosure. In contrast this one still works:
http://bitsandbogies.blogspot.mx/2013/04/beware-pingsend-and-bsod.html

File: lcposter.jpg (80KB, 600x802px) Image search: [Google]

80KB, 600x802px

>>59355200
>It's another "open sores" fanboy pretends the Linux community isn't just as infested with Pajeets episode

>>59355219
Irrelevant group that contributes nothing to the kernel, pajeet. The grub2 exploit was grub2 only, the kernel is good.

File: img_ec016f650bb520b3b76db3bc1ea736c5_1481966999695_resized_1000.jpg (33KB, 620x330px) Image search: [Google]

33KB, 620x330px

>>59355236
India has their own NATIONAL Linux distribution. The Linux community is just as brown as Apple or Microsoft.

>>59355219
>It's another "open sores" fanboy pretends the Linux community isn't just as infested with Pajeets episode
Not him but i don't have a problem with Indians. If you were intelligent (or not pretending to be stupid) you would have already grasped he's calling you shill. Name calling is cheap and this comes from windows users calling names like neckbeard, virgin, neet or nerd first. A lot of microsoft workers are from india and it's easier to hire cheap shills to manipulate social media from poor countries and the fact it's a country with a lot of public defecation just made name calling easier. That's all, name calling.

>>59355258
Anyone can make their own distro, pajeet. Stormfront made apartheid linux so that means Linux is 1488, get the fuck off my OS shitskin.

File: 3318623507_38f3e8d587_m.jpg (23KB, 240x180px) Image search: [Google]

23KB, 240x180px

>>59355292
:^)

>>59355289
Nobody said I was using Windows.

>>59355292
>Stormfront made apartheid linux
This is a joke, right?

File: google.jpg (55KB, 651x386px) Image search: [Google]

55KB, 651x386px

>>59355219
>its another closed source fanboy pretends Microsoft and Google aren't designated shitting streets episode

>>59355364
No
https://www.stormfront.org/forum/t786671/

File: Pajeets.jpg (258KB, 1600x1200px) Image search: [Google]

258KB, 1600x1200px

>>59355383

>>59355409
>NSAhat is all of linux

File: dsc00068_800x6001.jpg (68KB, 800x600px) Image search: [Google]

68KB, 800x600px

>>59355454
Even the inventor of Linux is surrounded by Pajeets.

>>59355409
>Literally from the Indian office of Red Hat
Meanwhile the actual CEOs of Google and MS are Pajeets living in burgerland

>>59355445
A shitty SJW distro, try again.

>>59355462
You're not even trying anymore pajeet

File: drupalcamp-london-2015-from-consumption-to-contribution-lessons-from-india-9-638.jpg (59KB, 638x479px) Image search: [Google]

59KB, 638x479px

>>59355467

>>59355481
Linux is the product of whites, made by a fin.

https://en.wikipedia.org/wiki/Gentoo_(slang)
>Gentoo, also spelledGentueorJentue, was a term used byEuropeansfor thenative inhabitantsofIndia

How will /g/ ever recover from this?

>>59355213
>GNU software is insecure
>uses GNU software anyway

https://en.wikipedia.org/wiki/The_Gentoo_Code

>>59355462
wtf stallman take care of yourself

ITT: Gadzooks/Lunatix users getting BTFO by Prajeet facts.

>>59354540
Oh no, it's retarded.

>>59355549
>A single piece of GNU software has an issue
>Therefore all GNU software should not be used
By that logic you should NEVER use Microsoft or Google software because they've had major security bugs before too

I can't see why all the hate towards Indians. If I see an intelligent, contributing programmer, idgaf what color he is. Is it some /g/ complex cuz Indian code-monkeys take their jobs?
>inb4 rajesh
no, I'm a proud white male..

>>59355695
What's hysterical is that the thread went completely quiet after multiple posters demonstrated to them how their "Rajeesh Free" operating system is anything but. Is this what /pol/ refers to as "redpilling"?

>>59355695
>Is it some /g/ complex cuz Indian code-monkeys take their jobs?
Yes

>>59355139
It gives a root shell that literally useless as the data still encrypted (if it matters). Grub is optional anyway.

File: ksgroup.jpg (1MB, 3199x1815px) Image search: [Google]

1MB, 3199x1815px

>>59355219
meanwhile at kernel summit...

>>59354163
>If linux is open-source wouldn't it make it more vulnerable to security exploits?
Why would it? Do you have evidence that would suggest that might be true?

>>59355856
>blue haired SJW
>Batman
>several non whites
Meanwhile, http://www.apple.com/pr/bios/
Has a single non white (who isn't even in charge of engineering or software or anything important) and they're all dressed like professionals.

>>59354275
Still better than searching for exploits with no sourcecode at all.

>>59355930
Apple caters to fags and degenerates like mentally ill trannies

File: indian-computer-100598000-primary.idge.jpg (95KB, 620x413px)

95KB, 620x413px

>>59355994
And Linux doesn't? Why are there always ten threads in the catalog complaining about SJWs in the open source community then?

>>59355930
>comparing a group photo of a summit to profile portraits
You are a fucking idiot.

>>59354163
Need a source for tbat picture op

File: linuxchixgroupphoto.jpg (394KB, 800x600px) Image search: [Google]

394KB, 800x600px

>>59356022
Linux is decentralized, you cannot make a 1:1 comparison between a company and the Linux community. However, you can show that the Linux community is just as infested with Pajeets and SJWs as closed source companies are.

At least closed source developers look like they don't let their mothers dress them.

>>59356079
Ok. I don't care.

File: 1489023454558.jpg (101KB, 600x389px)

101KB, 600x389px

>>59356121
Sure thing.

>>59356079
>At least closed source developers look like they don't let their mothers dress them.
Confirmed for jobless basement-dweller.

>>59356146
t. Triggered Linux developer who dresses like shit

>>59356183
Anon said most IT company don't have dresscode. Ergo they dress is normcore or worse.

>>59355320
>Nobody said I was using Windows.
Read again my post, i never said you're using windows or that i think you're using windows, what i said is:
- What does being called indian means in this board.
- Where the "indians are shills" meme comes from.
- That i think >>59355200 is calling you shill, most probably a microsoft shill due to the reasons explained and because microsoft has a record on hiring people to manipulate opinions and spreading FUD on linux.

>>59354335
This is a myth.

Almost everybody except a select few (Debian) is compiling software without doing a deterministic build, or just using prebuilt binaries. So open source is meaningless as way as 'security against backdoors'.

It's also meaningless because every single reverse engineer in the world can tell you exactly what a program does without needing to ever look at the source. They can plainly see any backdoors. Stuff like Windows 8 or 10 has been reverse engineered thousands of times and will continue to be reverse engineered for various economic and security reasons.

I suggest anybody repeating that bullshit mantra of 'but we can't check the source!' get reverse engineering books, Hopper App or IDAPro and try it themselves.

>>59354225
Based on vault7 the leaks were minimal, very little amount of people use it and Linux has a vast community of people working on it with financial support from the US military itself, making it a much harder and pointless target.

>>59354352
ignore him, he's whoring for attention by posting dumb shit, notice obvious bait and ignore.

>>59354163
Also, being open source doesn't make it necessarily more vulnerable. For example the vast majority of exploits is caused by users/companies not patching their software fast enough.

So Bob T Hacker comes along a buglist, discovers a patch, and then exploits that old bug on the vast amounts of unpatched systems. Bob T Hacker can also take a proprietary closed source binary that's been patched, and run Bindiff in IDA pro in order to discover what the patch was and again exploit all the unpatched systems.

>>59356252
Default linux kernel is the most insecure kernel these days. It's worse than XP levels of insecurity.

If your distro has all of the exploit mitigations turned on in the default kernel then you have protection but usually this doesn't exist, usually X is run with root privs still to this day, and even basic protections need to be hand enabled on distros like Fedora who at least are rolling SELinux sandboxes and Wayland by default.

File: Ccc4a6BUAAARZlt.jpg (48KB, 600x450px) Image search: [Google]

48KB, 600x450px

>>59356244
I'm not a shill and I don't actually care about closed vs open source software. I'm just here to trigger /g/ because you tards can never not give someone (you)s.

>>59356315
How does it feel to be literally cancer?

File: india-s-first-ubuntu-hackathon-offers-an-ubuntu-dell-laptop-bq-aquaris-e5-hd-phones-493757-2.jpg (19KB, 700x250px) Image search: [Google]

19KB, 700x250px

>>59356340
I only do it because /g/ is such shit anyways. And it's fun.

>59356358

You are the poo in the loo.

>>59354377
Stop posting then.

>>59355031
Not that guy but full software audits are so rare that they're actually newsworthy if and when they do happen on larger projects.
>But backdoors would be caught before being put into the mainstream!
Afraid not. Any exploit could potentially be snuck in in multiple parts, rendering the exploit undetectable unless you're looking at a whole which as previously discussed is fairly rare.

>>59354163
>>59354225
>CIA leaks happen
>fa/g/g/ots STILL talk about Linux instead of OpenBSD (protip: zero vulnerabilities contained in the vault7 leak aka entire CIA army)
Why aren't you using the hardenedest operating system known to man?

>>59357327
They've only released a small fraction of the vault 7 documents. There could very well be some dirt on *BSD yet to be released.

>>59357348
>There could very well be some dirt on *BSD yet to be released.
FreeBSD, NetBSD etc. There is not any dirt on OpenBSD. OpenBSD is the hardest operating system known to man, if we were to compare it to metal, it would be diamond.

Dumb fucking weeb asking retarded questions.

As expected from weebs.