/tech/ - Technology★

>Its kind of like an open-convertible vs a car with a roof. Neither one is effective against a thief taking things left on your front seat. But the one with a roof and windows makes people think it is sometimes safe to leave things in plain view. Without the roof? The user doesn't take the chance and will ALWAYS stow their belongings.

I guess this falls into your narrative, but it doesn't seem like bad logic.

>>930706

"i'll explain using a metaphor to help people who aren't good with computers to understand it"

*completely butchers what really happened, making people more confused than before*

>>930703 (OP)

Unpossible. GPG is Free Software which gives all its users the freedom to be free, free as in libre. With freedom comes responsibility, which proves that millions of diligent users have been scouring the source for subtle bugs and exploits. Scientists, engineers, and dedicated hobbyists protect the libres from buggos, I simply don't believe it.

>>930734

Well, it was found, albeit it took some time.

These kind of bugs even existing are a sign that using there is a severe flaw in using c and "everything is text" pipes as the basis for your operating system and applications.

I'm sure lisp machine anon will chime in with some relevant info.

>>930750

Why don't you chime in with some super safe IPC in Lisp?

>>930752

I'm not lisp machine anon, so I'm not going to do that.

However, I suppose that building something with sane IPC is easiest done in a language that has a sane type system.

>>930750

took about 10 years

>>930752

redpill me on lisp IPC please

>>930765

I don't know Lisp. But you can look up the catalog, it's full of (((lisp))) shilling by some retard who also thinks many CPU rings, tagged memory, segmented memory, garbage collection, and automatically starting debuggers are actually good. The language seems to attract insane people.

>>930750

>These kind of bugs

It's not a bug. It is working as intended. It's a vulnerability of the correct implementation. Like you were saying though the main problem stems from the UNIX way of doing things.

>>930734

and they just protected it now... Your point?

>>930750

>>930767

>Well, it was found, albeit it took some time.

>and they just protected it now... Your point?

The Bug which evaded librè, known as El Ultimo has been vanquished. GPG Free Software is now confirmed safe (again).

NGNU aka Unix btfo again haha

>>930703 (OP)

>GPG has had essentially zero security in the last 10 years.

As bad as the bug is, it doesn't sound like you understood it.

The bug affected signature verification in verbose mode. It doesn't affect encryption, and proving your signature was forged this way would be fairly easy just with the faked signature without knowing the details of the bug ahead of time.

This bug is terrible either way, so why exaggerate it?

>>930838

It still isn't a bug. You can have something that is proven that it is correctly implemented (eg. sel4), but still have vulnerabilities at the same time. Yes it's a vulnerability that bottom of the barrel programmers should know about, but it is not a bug. It's a flaw in the specification.

>>930876

This is pedantic in the worst way. You could maybe define bug that way, as long as you don't consider something like "output text confirming the signature as valid only if the signature is valid" part of the "specification", but it matches neither the way people use the word "bug" nor any useful way to use the word "bug".

>>930863

OP have none technical skill at all, nor is even able to read an article.

He just made his thread to troll about the unix way.

Pure bullshit.

The EFF was just saying a few weeks ago that people should stop using GPG because of some bug in the front-end for certain email clients.

Seems like the FUD wars against PGP / GPG have begun.

>>930904

Ah, the newest FUD tactic - finding and exposing legitimately dangerous real bugs

>>930906

>find bug in certain versions of a particular email client interface

>this means you should stop using gpg completely goyim

>>930909

That was straightforwardly FUD, and the previous GPG thing was fishy, but I don't see anything wrong with this one.

>>930911

oh yes, and use our favorite app Signal too! Because decentralization is bad for you, goyim

Seriously, I can't look at what EFF did as anything other than trying to get more people on to signal

>>930914

EFF is obviously infested with glowdarks running a kosher scheme now.

>>930876

It's not a bug in the specification (OpenPGP), it's a bug in the implementation (GnuPG), specifically the component dealing with user input in verbose mode.