Conversation

Notices

1. Embed this notice
   ramblingsteve (ramblingsteve@fosstodon.org)'s status on Friday, 19-Jul-2024 20:12:09 JST ramblingsteve

   in reply to

   • Dave Lane :flag_tino: 🇳🇿

   @lightweight but...but... Linux isn't secure! 😂 🔥 💻

   • Embed this notice
     翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 19-Jul-2024 20:12:09 JST 翠星石

     in reply to
     @ramblingsteve The kernel, Linux is known for having the best security record of all nontrivial kernels.
     
     There is also security hardening techniques you can use to make a system extremely hard to exploit - for example SELinux (with SELinux, even if you find a root privileged escalation attack in a daemon, you cannot read or write to anything outside what the daemon is authorized to access, unless you find a way to bypass SELinux - which pretty much doesn't happen unless the SELinux rules set are wrong).
     
     People like to count up the number of CVE's for all of the software in and that runs on GNU/Linux and then compare it with the count of CVE's for windows only and then say that windows is more secure because the number is smaller.
     
     The concept of CVE's is to embarrass proprietary software companies so they eventually go and fix the security bugs rather than leave them for years, which isn't useful for GNU/Linux, as if you just let the developer(s) know of the bug, they'll fix it, or better you can just fix the bug and send the fix in and the developer(s) will merge it immediately as long as it's correct.
     
     As a result, every single published CVE for GNU/Linux software is a bug that has long been fixed and usually isn't being actively exploited in mass, or is in known insecure software that is no longer maintained, while CVE's for windows are usually bugs that haven't yet been fixed for months, that are being actively exploited in mass.
   • Embed this notice
     Dave Lane :flag_tino: 🇳🇿 (lightweight@mastodon.nzoss.nz)'s status on Friday, 19-Jul-2024 20:12:12 JST Dave Lane :flag_tino: 🇳🇿

     Watching what some are pronouncing "the world's worst IT disaster" unfolding from the comfort of a completely Enterprise-Windows-free zone that is, unsurprisingly, entirely unaffected. Sorry for those poor sods who're having to mop up this mess - created by IT policy makers who probably don't do 'on call'.