>he fell for the "Linux is secure" meme
http://arstechnica.com/security/2016/02/extremely-severe-bug-leaves-dizzying-number-of-apps-and-devices-vulnerable/
http://dankaminsky.com/2016/02/20/skeleton/
https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7547
>>53553295
LET THE SHITPOSTING COMMENCE!!!
>>53553295
They*
Pls use proper pronouns.
Already been patched lol
>>53553295
Reminder to thank Ritchie for his gift to the world!
>Maintainers of glibc, as the open source library is called, released an update that patches the vulnerability. Anyone responsible for Linux-based software or hardware that performs domain name lookups should install it as soon as possible
micococks don't even read the clickbait articles they post
>>53553295
That has been patched for over a month you cuck.
>>53553295
>root
kill yourself
>>53553377
>triple dubs
OBSERVED
>>53553295
>sudo bash
>durr it has been patched
Yeah, but it's been around since 2008. You were exposed for literally 8 years.
Stay mad, GNUcucks.
>>53554161
yet in those 8 years, literally nothing happened.
>micro$ embed malware now
>applel are like 'what virus?'
>linux admit, log and fix
>somehow bad
heres your reply
>>53553295
That's a NSA backdoor. They monitor linux code discussions and silence anyone who talks about their exploits. Doesn't always work out, like in this case.
>>53554193
>what is 0day
>>53554285
Never happened and never will since it got patched.
Go home kid
>>53553365
>glibc
>GNUfags will defend this
Why do we allow Linux to be dragged down by a Frankenstein GNU project created by the king of autists himself, RMS?
>>53554193
How do you know?
>>53554298
>never happened
How do you know?
>>53554305
Because literally nothing is better. GNU shit is shit because of deprecated programming practices that cause incredible amounts of bugs to go unnoticed, combined with the use of C instead of a non-shit language, and yet it remains the fastest, most full-featured set of tools available.
>>53554305
So install any other libc instead, e.g. musl.
there is a youtube video of a lecture and the guy there explained pretty well how easy it is for an agency to side track a FOSS project
sadly i dont have the link but he might have worked for them iirc
>>53554305
GNU is cancer and it's about time someone created a GNU-free Linux distribution.
>>53554331
If speed and features are your main priorities, then of course code correctness, security, documentation and ease of maintenance are going to suffer.
Why would anyone use or even take seriously any libc that doesn't supply strlcpy and strlcat?
>>53554359
The problem is that no alternative to GNU software have "enough features" nor "enough speed". It's OK to have 3% worse performance for statically proven program correctness, it's not OK to lose 50% of your performance for it; because at this point you can just disconnect your computer from the internet and it's both significantly more useful and more secure. Same idea with features.
Holy shit this thread.
>>53554429
It is okay because processors these days are much faster.
Google sacrificed a ton of speed by making all Android application code into managed code. Their security gains were unimaginable.
Android is now the most used operating system in the world.
>>53554305
>we
Not me.
Use Alpine Linux.
>>53553295
I always knew glibcancer was going to bite everyone in the ass someday.
>>53554305
Linux has had it's fair share of exploits, same with most other large projects.
>>53554331
>C is a shit language......................
>>53554568
>What are mitigations?
I'll tell you what they are: something Linux doesn't do.
Loonixfags will defend that.
>>53554596
>application code should be allowed to be non-managed
>>53554511
>>Android is now the most used operating system in the world.
Amongst people who know as much about OSes as they know about loos
>>53554331
Gnu was created in the 80's. And if C is a shitty language for you, I hope you'll never have to deal with real programming and stick to web dev.
>>53554511
There was no need to sacrifice as much performance as they sacrificed, and if they had chosen a less shitty language, their security gains would have been significantly better. But yes, I'd rather use system utilities written in, say, C# than in C (just not java: no jvm is any secure).
>>53554331
GNU isn't shit, it's just been around for 40 years.
>>53554596
Yes. When it was first introduced it had none of the features of previous languages, but ALSO NONE OF THE SPEED. At the same time it required ad-hoc hardware to even run at all with hardware capabilities of the time. Only relatively recently have C compilers become non-shit, and only due to significant push toward really shitty hardware that is designed for C as opposed to high-quality hardware that would have kept languages like lisp significantly faster than C as WELL as significantly safer.
C never was, isn't and never will be a good language, for ANY task, least of all desktop applications.
>>53554822
Even modern GNU software is written with the same idioms as old, 80's GNU software. And yes, it IS all shit. Buggy as all fuck and impossible to patch or hack on because of the ridiculously poor coding style strewn with undocumented gotchas.
>>53554161
>Yeah, but it's been around since 2008. You were exposed for literally 8 years.
There's potentially hundreds of vulnerabilities on your computer right now, waiting to be found. This isn't something limited to Linux either
>>53554822
Bloated is a better word than shit, he's probably taking cat-v cock to the brim. GNU isn't pretty, but a lot of their shit is incredibly useful.
>>53554876
But GNU ISN'T bloated, it's shit. The cat-v retards can talk out their ass all they want, reality won't change. Missing input validation is not "clean and lean", it's "insecure piece of garbage", yet the fact that all GNU tools do correct input validation is what they call bloat.
Have you ever seen the code for GNU software, though? Global states everywhere, unreadable, uncommented hacks left and right. But of course only the semi-obvious segments receive lots of comments so they can claim it's "well-documented" when it really isn't. The user docs are also dogshit but from a programming point of view it's not the end of the world if the source is readable (which it isn't in this case). You want to use a program to take file X and turn it into file Y. Do you want to read documentation for 5 hours straight where 90% of it is completely irrelevant such as history and jokes, or do you want an explanation of the X and Y format and of the arguments taken by the program? GNU programmers think you'd rather have the former.
