Thread replies: 266
Thread images: 21
Thread images: 21
Anonymous
(((CVE-2016-10229))) 2017-04-13 11:59:14 Post No. 59870845
[Report] Image search: [Google]
(((CVE-2016-10229))) 2017-04-13 11:59:14 Post No. 59870845
[Report] Image search: [Google]
File: 1491541199765.jpg (45KB, 352x351px) Image search:
[Google]
45KB, 352x351px
https://nvd.nist.gov/vuln/detail/CVE-2016-10229
"udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag."
>>
File: 1467306174709.jpg (233KB, 503x662px) Image search:
[Google]
233KB, 503x662px
>>59870845
Once again, C has given us yet another security vulnerability in the kernel. It was the same with hearbleed. It was the same with cloudbleed. It was the same with Grub.
C has no concept of safety. Using C in 2017 is plain retarded. The language is 5 decades old and there is no practical use of C anymore. C is a malignant cancer that plagues the software industry.
>>
>>59870845
>4.5
So it's nothing
>>
>>59870845
I'd like to interject for a moment...
>>
>>59870865
Have fun rewriting the kernel in rust ;))
>>
>>59870879
He's talking about the kernel fuckface.
>>
>>59870885
I already finished writing half of the GNU coreutils in D. However, writing a Rust kernel is not impossible. It'd be more profitable in the long run as it will suffer from less security exploits than anything written in unsafe languages.
I wouldn't design a power supply chain or a banking system with C --no way. Ever.
>>
>>59870909
How are you going to provide defines and structures to userspace without a header system?
>>
>durr open sores can't have backdoorz! XDDDDDDD
Yet another freetard myth rebuked!
>>
>>59870885
I am having a lot of fun doing it actually.
http://www.redox-os.org/
>>
>>59870933
This is not a backdoor, are you illiterate?
>>59870930
The coreutils are not dependant on the kernel, for now it works on top of linux
>>
File: Der_ewige_C.png (339KB, 387x550px) Image search:
[Google]
339KB, 387x550px
Gee, I wonder who could be behind this vulnerability!
>>
>>59870933
It's not a fucking backdoor, you illiterate autist.
>>
>>59870885
i'll gladly do it and promote my Anux kernel for better purposes such as social justice, veganism and ecology
Anux will be safer by having no coreutils except a DE that won't give you ptsd for installing it, and Femiscape, a Firefox-Vivaldi hybrid web browser
Anux will become the leading alternative to Windows within the next five years. mark my word and screencap this
>>
File: unimpressed.jpg (249KB, 1023x843px) Image search:
[Google]
249KB, 1023x843px
>>59870959
>>59870968
Tell me, is it a front door then?
>>
The CIDF is afraid of this thread.
>>
>>59870885
I'm working on XOmB, it's written in D:
http://wiki.xomb.org/
>>
File: 1470391438191.png (245KB, 1855x577px) Image search:
[Google]
245KB, 1855x577px
>>59870845
>udp.c
>.c
>c
See the problem?
>>
>>59870865
Rewrite linux in Rust. Do it now. I dare you.
Oh, what's that? It can't be done? Awww poor you
>>
>>59871005
>It can't be done?
Who said this?
>>
>>59870959
>The coreutils are not dependant on the kernel, for now it works on top of linux
He wasn't talking about your coreutil bullshit, he was talking about kernel userspace API's
>>
>>59870865
fpbp
>>
>>59871005
If I were to rewrite an OS in Rust, I would try to rewrite a OS with a good architecture. Not Linux.
>>
>>59871015
>18 million lines of code
>Rewrite all of it
Good luck with that.
>>
>>59871020
And I was talking about coreutils. Are you dense? Re read >>59870909 carefully
>>
>>59870977
Yes.
>>
>>59871028
Explain how you would write the OS then Anon
>>
>>59871029
In fact if I was well versed in Rust I would translate NetBSD to Rust
>>
>>59871041
Microkernel.
>>
File: ppuf800X725.gif (293KB, 800x725px) Image search:
[Google]
293KB, 800x725px
>>59870845
Somebody needs to make a "Sweet Puff and Hella Tux" comic
"IT KEEPS HAPPENING"
"I told you about Linux dawg. I told you"
>>
>>59870933
It affects kernel versions before 4.5. Do you happen to be aware of which kernel version is the latest right now? Hint, it's very well past 4.5.
>>
>>59870999
>See the problem?
Yes. I see a dumb weeb.
>>
>>59871034
Why the fuck would he be talking about userspace in the context of coreutils?
>>
>>59871049
Translate what?
>>
>>59870959
I'm talking about a kernel in Rust.
Rust doesn't have headers, so how are you going to expose declarations and structs to userspace like what Linux does with /usr/include/linux/?
>>
>>59871060
C tard is mad, can't read what OP said lel
>>
>>59871057
aaaaaand guess what version your made in China IoT dildo is probably running.
>>
>>59871057
100% of Linux installations out there are running a version prior to 4.5 actually.
Linux takes about 4 to 5 years to get stable. Version 4.5 was released only one year ago, therefore it's not stable yet.
Just so you have an idea, Debian is currently running 3.5, which was released in 2012.
>>
>>59871092
what are LTS versions
>>
>>59871076
>yfw this guy just proved it's impossible to write an operating system kernel in Rust
RUST SHILLS BTFO!!!!!!11
>>
>>59871066
Ask him
>>59871071
NetBSD. Are you dumb?
>>59871076
Rust has modules, Unix like OS has been written in Rust already
>>
>>59871077
If Cisco gave the programming work to qualified software engineers instead of Indian fuckos who learnt to program with Java, there would be no problem.
Dumb weeb.
>>
>>59871106
I know what they are, what do they have to do with anything? Did you even read my post?
Go to the Debian mailing lists and suggest replacing 3.5 with 4.9 LTS on Wheezy and see what happens, retard!
Every Linux release takes at least 4 to get minimally stable. I'm not making this up, this is just common knowledge in the Linux community.
>>
>>59871056
Stop shilling your meme software only 5 people use.
>>
>>59871114
>Rust has modules
Can modules replace the functionality of C headers?
Can I share modules that contain declarations between kernel and userspace like what Linux does?
Honest question.
>>
>>59871111
Are you purposefully being retarded?
https://gist.github.com/DanielKeep/470f4e114d28cd0c8d43
https://doc.redox-os.org/book/
>>
>>59871114
Net what?
>>
>>59870865
Heartbleed was an OpenSSL vulnerability, not a kernel one. However, I do agree with you that C's flaws are catching up.
>>
>>59871092
Great. Now show us the percentage of vulnerabilities on proprietary operating systems and open source operating systems.
>>
>>59871134
>Can modules replace the functionality of C headers?
I don't see why not. Rust's modules are not C headers. However both of them can achieve the same goals. Rust's method is just different
>>
>>59871145
>security as a product
>>
>>59871132
Anybody who isn't a terminal brainlet has already moved over to BSD.
The only people who stick with Linux are ricers who want to watch 4k anime in their framebuffer on a mpv build from portage that only took 8 hours to build
>>
>>59871137
>>59871150
DAMAGE CONTROL
>>
>>59871126
Guess which kernel is the new lts?
>>
>>59871125
>qualified software engineers
Who are they? Never seen a competent C project in real life.
>>
>>59871132
Literally half the network appliance industry runs on OpenBSD, you fucktard.
>>
>>59871152
>CVE details
>>
>>59871161
>I got owned: the post
Clock work
>>
>>59871165
I'm not "guessing" anything irrelevant to the discussion. Quit with the red herrings.
>>
>>59871157
Stop trolling. You're not even funny.
>>
Is "Rust has no headers" a new meme?
Like whiteboards?
>>
>>59871161use core::ptr;
use core::sync::atomic::{AtomicBool, ATOMIC_BOOL_INIT, AtomicUsize, ATOMIC_USIZE_INIT, Ordering};
use acpi;
use allocator;
use device;
use gdt;
use idt;
use interrupt;
use memory;
use paging::{self, entry, Page, VirtualAddress};
use paging::mapper::MapperFlushAll;
/// Test of zero values in BSS.
static BSS_TEST_ZERO: usize = 0;
/// Test of non-zero values in data.
static DATA_TEST_NONZERO: usize = 0xFFFFFFFFFFFFFFFF;
/// Test of zero values in thread BSS
#[thread_local]
static mut TBSS_TEST_ZERO: usize = 0;
/// Test of non-zero values in thread data.
#[thread_local]
static mut TDATA_TEST_NONZERO: usize = 0xFFFFFFFFFFFFFFFF;
pub static CPU_COUNT: AtomicUsize = ATOMIC_USIZE_INIT;
pub static AP_READY: AtomicBool = ATOMIC_BOOL_INIT;
static BSP_READY: AtomicBool = ATOMIC_BOOL_INIT;
extern {
/// Kernel main function
fn kmain(cpus: usize) -> !;
/// Kernel main for APs
fn kmain_ap(id: usize) -> !;
}
/// The entry to Rust, all things must be initialized
#[no_mangle]
pub unsafe extern fn kstart() -> ! {
{
extern {
/// The starting byte of the _.bss_ (uninitialized data) segment.
static mut __bss_start: u8;
/// The ending byte of the _.bss_ (uninitialized data) segment.
static mut __bss_end: u8;
/// The end of the kernel
static mut __end: u8;
}
// Zero BSS, this initializes statics that are set to 0
{
let start_ptr = &mut __bss_start as *mut u8;
let end_ptr = & __bss_end as *const u8 as usize;
if start_ptr as usize <= end_ptr {
let size = end_ptr - start_ptr as usize;
ptr::write_bytes(start_ptr, 0, size);
}
assert_eq!(BSS_TEST_ZERO, 0);
assert_eq!(DATA_TEST_NONZERO, 0xFFFFFFFFFFFFFFFF);
}
// Initialize memory management
memory::init(0, &__end as *const u8 as usize - ::KERNEL_OFFSET);
....
>>
>>59871168
Never looking up what language the software you used was written in is not an argument.
>>
>>59871195
>Like whiteboards
Yes, both of them appeals to high school dropouts
>>
>>59871181
It's 4.5
Do you know when debian plans on a new release?
>>
>>59871185
you're right
the only laughable thing ITT is Linux's security
>>
>>59871219
It's not Linux's fault completely. It's just C being C.
>>
>>59871207
>debian is going to release a new version with a two year old kernel
So?
Same happened with wheezy.
Doesn't mean anything.
Wanna know why?
BECAUSE JUST RELEASED DEBIAN VERSIONS AREN'T STABLE YET!
Retard.
>>
How serious is this? Does any Udp listener lead to RCE? Bind for example?
>>
Comment 3 Wade Mealing 2017-04-10 20:50:22 EDT
Statement:
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, Red Hat Enterprise MRG 2, and realtime kernels as the code that introduced the flaw is not present in these products.
>>
>>59871240
OpenBSD is written in C and doesn't suffer from these problems.
You're correct that C allows bad programmers to create big problems, but it's not like a properly-written program is inherently insecure.
>>
>>59870845
Fugggg my router runs linux
Any workarounds?
>>
>>59871291
Install OpenBSD
>>
>>59871266
Whew I was about to panic
>This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6,7, MRG-2 and realtime kernels
https://access.redhat.com/security/cve/cve-2016-10229
>>
>>59871280
https://bugzilla.redhat.com/show_bug.cgi?id=1439740
>>
>>59871284
OpenBSD doesn't have these problems because no one but OpenBSD's security team formally reviewed it.
I remember FreeBSD fags boasting about how their system is well written in comparison to Linux before 57 security vulnerabilities found in FreeBSD in an incomplete third party review.
>>
>>59871197
>// Zero BSS
The bootloader or executable image loader is supposed to do this.
>>
>>59871284
Oh wow, it's almost as if, hold on guys, I'm on to something here...
It's almost as if bad code is the problem and not the language. Who would have guessed?
>>
>>59871057
CentOS 7 runs 3.10
Openwrt alsu uses 3.10 or something
My router with tomato has 2.6.36.4
>>
>>59871311
Thanks for responding to >>59871145.
The reason Windows and other proprietary systems get more CVE alerts is because they are more widespread and therefore more strongly scrutinized.
>>
>>59871284
>a properly-written program
You cannot write a C program that takes two numbers from the user and prints out the total along with the proper type in C.
Prove me wrong if you can
>>
>>59871296
/thread
>>
>>59871349
And the source is not even out, that's how shitty NT's codes are. However we need to ditch C all together before these keep happening
>>
>>59870845
https://security-tracker.debian.org/tracker/CVE-2016-10229
>2016
Are you fucking retarded?
It's old as fuck. Kill yourself
>>
File: 1477657645147.png (97KB, 1934x1069px) Image search:
[Google]
97KB, 1934x1069px
>>59871331
>not the language.
Not when you got 50 Million undefined behaviors baked into the compilers and the language itself
>>
>>59870992
>http://wiki.xomb.org/
>read wiki
>read what an exokernel is
>read that it is like a benevolent communist dictatorship
Dropped.
>>
>>59871381
God damn it op.
>>
>>59871092
Debian has security updates for that reason
>>
>>59870865
>let's fix holes with abstractions :----DDDDD
>>
>>59871397
>oh know I do something retarded that shouldn't work and the computer does it anways
You are a moron.
Programming is like riding a bike, if you lean too far to the side you will fall of, so don't do that.
Besides undefined behavior is not "baked into" either the language or the compiler. The exact opposite actually.
>>
>>59871431
No, let's fix holes by not using a language full of undefined behaviors
>>
File: 1485705199518.jpg (2MB, 2000x4000px) Image search:
[Google]
2MB, 2000x4000px
>>59871397
>1 1 1 GO!!!
Classic C kek
>>
>>59871439
>oh know I do something retarded
It's not retarded, idiot. See how non trash language has properly defined sequence while C(ancer) does not.
>>
>>59871461
You are a moron if you didn't immediately realize why that wouldn't work.
>>
>>59871356
Can't do it in Rust either.
>>
>>59871411
I was just about to disconnect all my servers and perform upgrades, and then I realized OP is a faggot.
What a relief.
>>
File: 1471105575656.png (139KB, 228x260px) Image search:
[Google]
139KB, 228x260px
>>59871484
Oh I didn't realize calling unary operatored variables can cause undefined behavior in C
>>
>>59871049
Just you.
By yourself.
Yeah good luck m8. Even the most productive, autistic attention to detail and knows the language spec backwards guys I know couldn't do this.
>>
File: 1465559101817.jpg (62KB, 960x864px) Image search:
[Google]
62KB, 960x864px
>>59871397
>mfw not even Java has this problem
>>
>>59871501
>He didn't know that
And you call yourself a programmer?
>>
>>59871501
>>59871397
Undefined behavior is why C is so fast.
It's either strictly defined behavior or performance. Can't have both.
>>
>>59870845
>kernel 4.5
It's ancient, nobody uses it.
>>
File: 1481093962532.jpg (56KB, 945x482px) Image search:
[Google]
56KB, 945x482px
>>59871518
I don't bother with C(ancer), it's not relevant anymore
>>
>>59871481
>use a prefix assignment operator
>it does that
>hurr durr fuck the language
That's assuming that it wasn't undefined behavior.
>>59871501
It has nothing to do with the prefix you fucking mong it's to do with the fact that you are modifying the variable twice in the same expression. If you can't see why that's dumb then you shouldn't be allowed to use a computer.
>>
>>59871538
Rust is both strictly defined and fast. It's the perfect balance.
>>
>>59871142
If you don't want execute C code then prepare to slow as fuck rust.
>>
File: 1491961649972.jpg (61KB, 331x315px) Image search:
[Google]
61KB, 331x315px
>>59871555
>this mad
say it with me:
C(ancer): 1 1 1 GO!!!
Non shit language: 3 2 1 GO!!!
>>
>>59871558
HAHAHAHAHAHAHA
>>
>>59871573
>Rust is slow as fuck
Do you happen to be a chronic illiterate retard freetard C tard?
>>
>>59871356
You can write it. use long long double.
>>
>>59871555
>Damage status
>CONTROLLED
>>
>>59871575
At least make an argument.
Literally the only arguments you rust shills make are
>hur durr c tard
>hur duir c(ancer)
>>
>>59871332
Don't all those have security updates just like debian?
>>
>>59871592
>double
>Add two integers
>returns double
So this is the power of C
>>59871602
That's not even Rust in the picture you illiterate swine
>>
>>59871581
>Do you happen to be a chronic illiterate retard freetard C tard?
Yes.
>>59871575
>writing code in pajeet-style
>oh it's don't works!
>>
File: roll-safe.jpg (39KB, 1200x784px) Image search:
[Google]
39KB, 1200x784px
>>59871431
You don't have to fix holes if you don't have any holes.
>>
>>59871613
The original post said "2 numbers"
This is the literacy of people that can't into C. Explains a lot
>>
>>59871602
>At least make an argument.
see >>59871501
>>59871616
>le parjeet boogeyman style code
Never took a dumb freetard seriously. I'm not surprised you happen to be a C tard as well
>>
>>59871613
>implying there is any difference in the tactics used by d faggots and rust shills
>>
>>59871618
>implying your meme language doesn't have any holes
>>
>>59871092
why just spew all that uninformed shit? Do you actively want to misinform people?
>>
>>59871613
But it works, you can print out double.
If it can be double you must use double.
>>
>>59871623
>The original post said "2 numbers"
And all numbers are doubles?
So this is the power of C tards
>>
>>59870909
Why S? Why not a modern more popular language?
>>
>>59871092
and just for you: https://security-tracker.debian.org/tracker/CVE-2016-10229
>>
>>59871639
What kind of retardation is this?
>>
>>59871633
>it workzzz
You can fuck off if you cannot create a proper and correct function for it in your language.
>>
>>59871627
>++i
>++i
>print out same variable 3 times
So?
>>
>>59871631
It has fewer holes than your grandpa language.
>>
>>59871648
*why D?
>>
>>59871652
I except your defeat
>>
>>59871654
I can.
>>
>>59871655
let i = 3
i++
i is now 4
i++
i is now 5
>same variable
Yes but the values are different
>>
>>59871667
>except
Oh no it's retarded.
It's not amount the type nigger it's about the storage space.
>>
>>59871672
Post your code then, freetard
>>
What's so great about D?
>>
why don't we write a new OS from scratch in python ? at least it would be memorysafe
>>
>>59871694
It's not C. Less security exploits
>>
>>59870845
should have used openbsd
>>
>>59871546
>Second most popular language
>Not relevant anymore
k
>>
File: 1471498589554.png (100KB, 1244x1024px) Image search:
[Google]
100KB, 1244x1024px
>>59871694
See what happens when you write anything with C? See OP
>>
>>59871707
Nobody uses it and never have
>>
>>59871397
undefined?
this is exactly what i'd expect
whoever write code like that is retarded anyway
>>
>>59871727
That's where things went wrong
>>
>>59871727
Facebook is using D, retard.
>>
>>
C apologists are NSA shills plain and simple. Rust makes it harder to produce vulnerable programs as it actually implements safety precautions like Bounds checking, dangling pointer prevention, data race prevention, lifetimes etc. This is against the interest of the NSA and so they are shilling C so that people continue to produce exploit prone, unsafe and vulnerable programs.
Ignore the NSA/C shills. Programming in C should be banned and outlawed.
Say no to security exploits, say no to the NSA. Your data and your privacy is worth preserving.
>>
>>59871747
>guy behind D starts working for Facebook
>they allow him to check in 200 lines of code or something
>guy leaves Facebook
>probably have removed his D crap by now
Yet it remains the biggest success in the 20 year long history of the D programming language. PATHETIC.
>>
>>59871639
You do realize that every integer can be represented as floating point and actually also fits the type?
Since nobody ever mentioned the best fitting type
Or what types we can choose
since this retarded example requires infinite memory and apropriate types (which aren't in the standard) to work anyways
>>
>>59871397
>>59871724
delet
>>
>>59871679
printf first calculates the values and then prints it.
In case of variable it vill be same chunk of memory.
You don't need increment it. Here is solution:
puts("3 2 1 GO!");
>>
>>59871679
Asigning and reading the same variable in a single expression. Sure sounds sane.
>>
>>59871801
>. Here is solution:
>puts("3 2 1 GO!");
I bet you write your expert C fizzbuzz like that as well, dumb freetard
>>
>>59871727
So what, nobody uses Linux either...
>>
>>59871779
This
>>
File: 170401szknqdvxbvom.jpg (46KB, 500x546px) Image search:
[Google]
46KB, 500x546px
>>59871820
It works 5 times faster than pythou doing the same thing, you stupid CIA-nigger.
>>
>>59871779
I can't believe your're talking about marginalized C programmers like this. Literally shaking. Wait until Steve finds out, xe'll remove your Rust membership.
>>
>>59871254
The kernel will not be 4-5 years old like you were trying to claim.
>>
>>59871870
Have fun having to rewrite for a different i you dumb fuck weebshit basement dweller. Do C toddlers have the concept of code re-usability at all?
>>
>>59871827
And with this the rust shill reveals his true colors.
>>59871679
>oh no I did something utterly retarded and my language doesn't stop me from being retarded better blame the language.
>>
>>59871873
Get out C(IA)
>>
>>59870865
>t. Rust fag
>>
>>59871779
DELET THIS
>>
>>59871892
>d my language doesn't stop me
Because it's not trash. Who are you quoting in the first place?
>>
>>59871884
Code written in C is more re-usable than everything else.
Everything works with C code. ( stdlibc,linux,curses,gtk) Every program uses c code in one way or another.
>>
>>59871892
>Replies to a D fag
>Calls him a rust shill
C tards deluded af
>>59871927
>Everything works with C code
Debatable
>>
>>59871927
>stdlibc,linux,curses,gtk
Ironically, all of those are hot garbage
>>
>>59871137
written by SJWs
>>
>>59871984
How does it feel to be less knowledgeable than SJWs, anon? Can your fizzbuzz projects compete?
>>
>>59871947
>implying you aren't false flagging
>>
>>59872007
feels real fucking bad bro. they're going to take over free software.
>>
Doesn't rust compile to C anyway? Can't they start doing modules in C and little by little take over the whole Kernel?
Fuck Linus if he doesn't want it, just keep it as a side project until it becomes big enough.
And fuck you if you don't use it because SJW. Software should be valued based on its own merits, not who wrote it.
>>
>>59872052
>Doesn't rust compile to C anyway
No. It compiles primarily to LLVM IR
>>
>>59872052
> And fuck you if you don't use it because SJW. Software should be valued based on its own merits, not who wrote it.
keep repeating that while everybody around you is exiled for being a "nazi".
>>
>>59872052
GNOME and RedHat seems to like Rust very much.
>>
>https://source.android.com/security/bulletin/2017-04-01
>Most affected system is Android
>>
>>59872077
I heard that they are adding first class support for GObject and Rust.
Are they ditching Vala for Rust?
>>
>>59872067
Then join them and destroy them from inside
>>
>>59871877
And no one will be migrating to stretch for a good 3 years until it matures.
>>
>>59870865
No other systems language can even compete with it. Until Rust gets usable C is the only reasonable choice for systems programming.
>>
>>59872077
GNOME is just trying to milk the hype to get fresh developers... shouldn't have blown their money on a completely unsuccesfull """""womens outreach program""""" that nearly bankrupted them
>>
>>59872091
The GNOME hackfest 2017 spent all their resources in integrating Rust in GNOME builder and writing a GOBject introspection module for Rust.
I think GTK-rs is going to be officially supported by GNOME foundation.
>>
>>59870977
There is no backdoor since everything is auditable, so it's just a bug... And terrible QAS
>>
>>59872101
https://security-tracker.debian.org/tracker/CVE-2016-10229
>>
>>59871020
Anon, I...
https://github.com/nix-rust/nix
>>
>>59872091
And golang is getting qt support. Choices!
>>
>>59872137
It is a door, the question is: is it a front door or a back door? I say it's a back door, you seem to be implying it's a front door, which makes no sense.
>>
>>59871111
Eh, one of my friends did it in pascal. It's just a matter of how hard you try and what do you consider an operating system.
>>
>>59872137
>i-it's just a bug, goy! w-who knows how i-it got there?!? heh...
>>
>>59872176
QML,not the whole Qt.
>>
Buy what of all the code analysis tools C had to avoid these things?
>>
>>59872189
We whole Qt now
https://github.com/therecipe/qt
>>
>>59872188
Are you having a mental breakdown?
>>59872216
That's nice
>>
>>59872227
>bugs can't be planted
>>
>>59871076
You import the modules and work with them. Like literally every other language out there other than C and C++ (until it gets it in c++17).
>>
>>59872085
Good thing GNU is not so affected.
>>
>>59872216
I wish Go had
1. Generics (which they will get soon)
2. Optional GC (Which they won't)
I used to like go before I read this blog
http://nomad.so/2015/03/why-gos-design-is-a-disservice-to-intelligent-programmers/
It's slower than Java in some instances which really bothers me. However if Google makes Go a viable option for Android development I may start using Go again.
>>
CentOS/Redhat is not affected: https://access.redhat.com/security/cve/cve-2016-10229
Every other half decent non LTS distro is already way past Kernel 4.5.
>>
>>59872268
Even JavaScript is a viable option for Android development nowadays. It will get there.
>>
>>59871092
You don't know what you're talking about. The Debian security team constantly makes security fixes.
>>
>>59872188
>>i-it's just a bug, goy! w-who knows how i-it got there?!? heh...
>>i-it's just a bug, goy!
>>goy!
Go back to /pol/ you goofy fuck.
>>
>>59872323
If a 5 year old kernel needs constant security fixes, just imagine what a fresh out one requires.
>>
>>59872342
Hello, rabbi! Why are you providing weapons to Pajeet?
http://therealnews.com/t2/story:18846:India-and-Israel-Sign-Unprecedented-%242-Billion-Arms-Deal
>>
>>59871605
Yes he's just an actual idiot
>>
what's the big deal tho
>>
>>59870845
> 4.5
Wow too bad even LTS ubuntu has a newer kernel
>>
>>59872443
4.4
>>
File: 696493-fs8.png (41KB, 400x380px) Image search:
[Google]
41KB, 400x380px
Excuses are like assholes, every Linux user has at least two.
>>
>>59872448
None of the distros with fixed stable releases use a vanilla kernel they all backport security updates when necessary. The version number is only relevant for knowing what features a particular kernel supports.
>>
>>59872443
Too bad for you desktop Linux is completely irrelevant, the only niches where Linux has a non-negligible marketshare are the glorified calculaters you call "supercomputers", web servers and mobile devices, and there, most of the devices run old versions.
>>
>>59872497
This!
How will Linux ever recover?
>>
>>59872443
No? Ubuntu 16.04 (current LTS) is at 4.4.0-72
Fucking hate the current state of Linux kernels, they went all Chrome-tier with it and shit.
>>
>>59872496
This. OP's a trickster to say it happens for all pre-4.5 kernels.
>>
>>59872268
GC is optional baka
>>
>>59872540
Go's GC is optional?
>>
>>59872929
I don't know if optional is the right term but you can certainly disable it although I doubt anyone would recommend it.
https://golang.org/pkg/runtime/
>>
>>59870878
> not using the -git version on production servers
GET A LOAD OF THESE PLEBES
>>
Reminder that the linux kernel will always be in C because linus insists on making GCC a mandatory compiler.
>>
>>59874314
Why the fuck did you reply to me you dumbshit?
>>
>>59874370
I am pretty sure you are the dumbshit here...
>>
>>59870845
Can someone show me one instance of this being exploited?
>>
>>59874387
When did I ever imply anything about or about not using -git versions you fucking retard?
I was just simply fucking implying that kernel 4.5 is outdated trash.
How the fuck do you know I don't use git versions huh?
Go suck a fucking dick you retarded nigger.
>>
>>59871538
what is stopping these fuckups from being checked at compile time? or do you factor that into "performance" because being able to write garbage code fast is more important than writing safe code at a more moderate pace?
>>
>>59875122
I mean runtime performance you dufus.
Checking things that have to be checked at runtime hurts performance.
>>
>>59870933
>myth rebuked
lolwat, who ever said open source software can't have backdoors? It's just harder to intentionally put them in.
>>
>>59870865
ITT fags saying the Linux kernel should be rewritten from scratch in rust. My sides.
>>
>>59875622
>harder
No, it's much easier. Anyone can edit open source software.
>>
Internet was a mistake.
>>
>>59870865
>>59871023
t. pajeet
>>
>>59875677
yeah because no one reviews your changes right?
>>
>>59875740
Whoever reviewed this >>59870845 change missed a backdoor.
>>
>>59871168
Go fuck yourself.
>>
>>59875818
of course you won't catch everything. That's no different from proprietary software though.
>>
>>59875818
right, and it has been fixed.
>>
>>59875910
the difference between it and propriety software is that anyone can (((review))) it, find the flaw, and choose not to report it
in propriety software only a select few can
>>
>>59875920
After many years.
>>
>>59875965
yep... someone has to find it... that's how things work.
>>
>>59870865
nice b8
>>
I didn't update anything for 2 years now.
A-a-am I s-safe desu?
>>
>>59876156
You sound too calm for someone who just found out his systems' have been backdoored for ages.
>>
>>59874314
The latest LTS is 4.9 dumbass
>>
>>59871197
This looks like a bad mix of C++, Perl, and Haskell
>>
File: libreboot.jpg (115KB, 500x491px) Image search:
[Google]
115KB, 500x491px
>>59872016
>>
>>59870865
Kernels by their nature require certain features that lead to vulnerabilities. Even Redox has numerous unsafe blocks, and not all vulnerabilities are related to memory access anyways.
>>59876377
Actually your machine is chock full of vulnerabilities because you're a retard who doesn't update.
>>
File: yeb_only_reads_twilight.gif (4MB, 500x279px) Image search:
[Google]
4MB, 500x279px
>>59870845
>mfw linux mint ships with 4.4
>>
>>59876416
Why do you keep calling it a backdoor? A backdoor implies that someone intentionally placed it there, when really, it's just a bug.
>>
>>59876904
>A backdoor implies that someone intentionally placed it there
Can you prove nobody did?
And, most importantly, can you prove nobody knew of this before and hasn't exploited it?
>>
File: lrn2filter.png (37KB, 863x411px) Image search:
[Google]
37KB, 863x411px
>>59876946
DON'T REPLY TO TRIPFAGS!
>>
>>59871397
You even get a warning if you compile with -Wall -Wextra
>>
>>59875677
>Anyone can edit open source software
So you haven't contributed to any project. Open source doesn't mean open development especially when it's used for ecosystem.
>>59876946
It's not like you can prove anything.
>>
>>59877081
>It's not like you can prove anything.
That's the beauty of it: I don't have to.
In security-related matters, if one can't tell what went down, one's to assume the worst. Always.
>>
>>59876416
Why would I worry about a bug being fixed? If anything it validates my trust in open source.
>>
>>59872448
If you would install 16.04.2 LTS today you'd get 4.8.
However if you update a 16.04.1 you'll stay with 4.4 if you don't actively enroll into the hardware enablement stack:
https://wiki.ubuntu.com/Kernel/LTSEnablementStack
>>
>>59870845
>muh open source
lol linuxfags suck at auditing their shit. you can't trust them to keep you secure.
>>
>>59877175
>everything is botnet
very original
>>
>>59877306
If you choose not to assume the worst, you simply have no argument against encryption backdoors.
>>
>>59877334
This argument is pretty funny on a shitty site like this.
>>
>>59877334
Fuck off, encryptard!
>>
>>59870845
Thx OP. Installed 4.9. Done
>>
>>59871170
lol
>>
>>59870865
/thread
>>
>>59870865
NSA/C shills find this post problematic
>>
>>59872247
There still are no modules in C++17. MAYBE the next version. Nobody knows.
>Maybe in 2x10^326 years when reflection lands :DDD
>>
>>59871052
>not an exokernel
>>
>>59871076
you can create C interfaces for your rust code, no?
>>
>>59877250
>in a thread about a fixed vulnerability
wintoddlers are cute
Thread posts: 266
Thread images: 21
Thread images: 21