Critical Linux Flaw Threatens More Systems Than You Think

Status
Not open for further replies.

Rhinofart

Distinguished
Jan 30, 2006
44
0
18,610
Really? No comments saying "Linux sucks"? If this was any other OS, the fanbois would be all over it. Just goes to show NO OS is infalable.
 

b23h

Distinguished
Jul 5, 2009
23
0
18,560
yea, the every present Linux fanboys are deathly silent. I guess that excellent opensource code wasn't quite so excellent.
 

TFrog

Honorable
Dec 11, 2013
3
0
10,510
You'll note that this critical flaw was fixed the very same day. You Microsloth fanboys WON'T get that kind of speed from Microsloth to fix a critical error. Linux remains to be one of if not the BEST OS bar none. And it's free unlike Microsloth Winbloze.
 

irish_adam

Distinguished
Mar 30, 2010
69
0
18,580
Really? No comments saying "Linux sucks"? If this was any other OS, the fanbois would be all over it. Just goes to show NO OS is infalable.
no internet enabled device is 100% secure and it never will be. All you can hope for is that once these flaws are found they are fixed ASAP. I will note though for the money you pay for Apple products and Windows you would assume that they would fix their problems faster than Linux which is free
 

b23h

Distinguished
Jul 5, 2009
23
0
18,560
You'll note that this critical flaw was fixed the very same day. You Microsloth fanboys WON'T get that kind of speed from Microsloth to fix a critical error. Linux remains to be one of if not the BEST OS bar none. And it's free unlike Microsloth Winbloze.
ah, you mean nine years later. I thought one of the supposed strong points of open source software was that bugs would be noticed and fixed earlier.
 

antilycus

Distinguished
Jun 1, 2006
397
0
18,930
There is still a REALLY evil MS bug that wipes out all users redirected folders in Active Directory that has existed since Windows Server 2003 and is still there in Windows Server 2012. Microsoft answer is "change a setting before it happens" and is not set by default( and is very difficult to find ) we know of companies that have lost millions because of this bug.
 

Harry Callahan

Honorable
Dec 4, 2013
2
0
10,510
This article leaves out several important details. Full disclosure, I'm a Linux fanboy, I guess; I started using Linux eighteen years ago and all my computers run Linux.The main point to understand is that only a small minority of Linux software uses GnuTLS. No web browsers on Linux use GnuTLS for certificate validation. (Google Chrome does use GnuTLS, but not for certificate validation; it uses NSS for certificate validation.) No web servers or other servers on Linux use GnuTLS. On my system (a fairly complete and functional Linux install), the only user programs using GnuTLS are lftp (a command-line ftp client), TigerVNC (VNC client/server), Wireshark (ethernet sniffer), CUPS (printer drivers), and libvirt (virtualization support). If I were still using mutt (terminal-based email client), that would have been affected. The vast majority of programs use openssl or NSS for TLS support.The bug was published on Feb. 25 by the GnuTLS author, patched on Feb. 26, and included in official GnuTLS releases on March 3. https://bugzilla.redhat.com/show_bug.cgi?id=1069865I am confused why Jill would state that Red Hat Enterprise needs to be manually patched. This is completely untrue. Red Hat Enterprise installations receive automatic software updates just like Ubuntu and Mint. In fact, updates for Red Hat are already published on the update servers; Ubuntu and Mint (as of this writing) have not published their updates yet.
 

mamasan2000

Honorable
Jan 13, 2014
40
0
10,590
"Both bugs also appear to result from simple human error on the part of software coders."As opposed to monkeys? Who else codes programs?
 

itsnotmeitsyou

Honorable
Aug 10, 2012
16
0
10,560
"Both bugs also appear to result from simple human error on the part of software coders."As opposed to monkeys? Who else codes programs?
NSA monkeys. I know they said it was error, but wouldnt be surprised if the NSA has been cashing in on this one for some time.
 

xroe

Honorable
Jan 11, 2013
36
0
10,590
You'll note that this critical flaw was fixed the very same day. You Microsloth fanboys WON'T get that kind of speed from Microsloth to fix a critical error. Linux remains to be one of if not the BEST OS bar none. And it's free unlike Microsloth Winbloze.
I'm sorry but the way you capitalize and make a point to rename everything to do with Microsoft makes me think of you as nothing more then a troll. It's good and all to support what you believe in but really, "Microsloth and Winbloze"? That makes you sound like a child.
 

sam_p_lay

Distinguished
Mar 26, 2010
81
0
18,580
I'm sorry but the way you capitalize and make a point to rename everything to do with Microsoft makes me think of you as nothing more then a troll. It's good and all to support what you believe in but really, "Microsloth and Winbloze"? That makes you sound like a child.
My thoughts exactly.
 

Spad7

Estimable
Feb 28, 2014
1
0
4,510
That was a critical flaw? It was fixed in 1 day! Jeez, you MS/Apple fanboys are slow. Try harder.
"Even worse, this bug may have existed in the code since 2005." Not an Apple or MS fanboy . . . but I'm not a Linux fanboy either.
 

ddpruitt

Honorable
Jun 4, 2012
226
0
10,860
This isn't a Linux thing per se, GnuTLS is a library that just happens to be used more on Linux systems than elsewhere. It also shouldn't be compared with Apple's bug. Other than the fact that both should have been caught with proper testing or code reviews they're different animals. In this case it's obvious it was coded using the Cowboy method of software engineering, the wrong piece of code was called after a failure. It can be don with gotos, function calls, or objects. Looking at the past it looks like a number of people advised against using GnuTLS because the maintainers used poor programming practices while obviously unaware of them. Looks they were right.I think both of these cases show that we've been giving degrees to coders rather than real engineers, and why you should be willing to pay for a real engineer.
 

Zetto

Distinguished
Mar 20, 2008
10
0
18,560
You'll note that this critical flaw was fixed the very same day. You Microsloth fanboys WON'T get that kind of speed from Microsloth to fix a critical error. Linux remains to be one of if not the BEST OS bar none. And it's free unlike Microsloth Winbloze.
Uh, what? "Even worse, this bug may have existed in the code since 2005"And everyone knows the best coders don't need or accept a paycheck. Right son, carry on in your fantasy land then.
 
Status
Not open for further replies.