/tech/ - Technology★

>>977646 (OP)

>Sprundel says ... he promptly reported all the bugs

I call bullshit:

https://marc.info/?w=2&r=1&s=sprundel&q=a

Only three emails, latest in 2007. That's all archived mailing lists, not just *BSD ones.

>>977663

That's the preffered method for openbsd at least, no?

I doubt he found anything that'd require to warrant going through private channels.

>>977667

Theo literally watched the Talk. You think he would notice if the guy was just totally making shit up.

>>977672

Did he have any comments at all about it?

>>977675

LMGTFY

>I remember reading his first slides, which were mostly about the impact of small API misuses," De Raadt tells CSO Online by email. "Unfortunately, this is a problem of the volume of code relative to manpower. Ensuring all code is 100 percent bug-free and handles all exceptional conditions is a rather difficult problem."

> De Raadt writes. "We solved them all within a week or so and made patches available for the ones that were important. In my experience the only way to be proactive and responsive in a volunteer-driven software project is to never allow deferral of an issue to later. Problems must be handled ASAP to keep the interest in them up."

>>977646 (OP)

>Is XXX YYY? Some (((AAA))) think so.

definitely not a jew template

>>977699

>The jews mean the bugs don't exist

CIA niggers are stepping up their anti opensource efforts. They're taking out threats in order of highest priority to lowest. That's why Terry had to go first, then Linus, and now I imagine Theo will start identifying/transitioning into a woman who cannot code.

>>977646 (OP)

>People say they want to switch to BSD because Linux is swallowing the CoC

>OP immediately start to shill against it

Admit it, you're the "there's no hope" fag, or at least paid by the same (((people))) aren't, you?

>>977719

>Hey guys this place is pretty gay let's all go to the gay bar instead

Look faggot come up with ideas that aren't retarded and maybe we can move on.

What a shitty title. Even if some of the conclusions might be accurate, the title is clearly misleading. It says "some security researchers", but the only referenced security researcher is Argyroudis (Sprudel isn't even a security researcher, he's a director of penetration testing).

Why did they pluralize "security researchers"? To be accurate, it would have to say "a security researcher", or why the fuck not actually just put his name in the title? "Ilja van Sprundel does some bug testing on BSDs and gagues response time, security researcher Patroklos Argyroudis thinks some of the BSDs are dying, but OpenBSD will be fine if it gets more developers".

It's an interesting article, but OP is retarded; I suppose he only read the title and maybe skimmed the section headers.

>>977741

>Random idiot who is not even a security researcher finds dozens of bugs in supposedly superior systems

Yeah BSD is real great

>>977663

I think OpenBSD's guys would actually appreciate that

>>977747

Considering how OpenBSD repeatedly got shafted by """responsible""" disclosure faggotry, I can see that.

>OpenBSD fixed 25 bugs nine months ago

>somehow this is supposed to be a bad thing

>>977742

Don't be an idiot. He's a penetration tester. He's not a security researcher, but he's not a random idiot. Finding bugs is effectively his entire job.

I don't have a horse in the race, because I don't use BSDs. I only have issues with the article and its shitty title. There's only one security researcher, and it isn't even the guy the article spends most of its time talking about. It's a bad article.

>>977754

>openbsd had 25 bugs that some random idiot could find

>this is a good thing

>>977759

A random idiot is like my dad. Not a guy whose literal job it is to find bugs.

OpenBSD accepted the legitimate flaws and quickly fixed them. GNU/systemd would argue that the flaws are features and then just close the bug reports.

>>977764

Buffer overflow errors are not the same thing as mounting EFI files into the VFS and then deleting them like a retard.

>>977699

>>977719

That's /pol/ rotting your brain: if there's an issue that inconveniences your group you should not put your head in the sand.

>>977646 (OP)

>BSD is dying

This is literally the oldest meme on the internet.

>>977801

It has been true for 25 years now.

>Many of these bugs he called "low-hanging fruit."

Sounds like NON CRITICAL.

They aren't security related so fuck off OP.

"Low-hanging fruit" just means the bugs were easy to find. It doesn't indicate any severity. It just means he didn't have to put in lots of effort.

Oh, and the same guy did a similar "low-hanging fruits" at a previous conference. But here he outright says to use OpenBSD's code (Xenocara) for every OS that's using Xorg. And at the very end he also admits that using a software framebuffer (like vesa, or wsfb) is safer than the accelerated X servers. But you have to watch the whole talk to understand why.

X used to be much simpler and cleaner in the 90's, before all that accelerated shit for 3D cards got shoved in

https://media.ccc.de/v/30C3_-_5499_-_en_-_saal_1_-_201312291830_-_x_security_-_ilja_van_sprundel

>>977848

> accelerated X servers

Why do you think they're working on Wayland now?

>>977856

idk if Wayland will be the piece of tech that replaces X11 eventually. idk, i am not convinced yet. Wayland is vaporware imo.

>>977866

>Wayland is vaporware imo

No, it's just around the corner.

>>977646 (OP)

OpenBSD has dev team of 20. An outside guy comes in and found new things with a fresh set of eyes. Then OpenBSD quickly fixed what was found. I fail so see how this is BTFO. CoC/Linux has 1000x the (((man)))power. With that many Xe's working on it the code should be perfect by now.

Netcraft has confirmed: *BSD is dying

>OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

>Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

>All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

>>977866

>>977870

Wayland is already here, it's just not going to replace X11. Wayland and X11 are going to exist together as different options you can choose from for the forseeable future.

>>977875

>that there are 7000 users of OpenBSD

You fucking kidding me? This number must be wrong because I met a lot of OpenBSD fans IRL already!

Used BSDI/FBSD back in the 90's for file servers, email n chit. Eventually moved to Sparc.

Sad to see.

>>977856

Because FDO spontaneously combust if they don't reinvent something badly every few years. Only half joking.

OpenBSD isn't perfect, I would be willing to bet there is a zeroday or two that can be used against it. I would also bet there are at least 20 zeroday exploits against linux, It is a better platform to target as many high value tagets use it, but using any exploit comes with the risk that it will be discovered. With a smaller pool of users and more autistic ones at that an advanced adversary would think carefully about if it would be worth it. Assuming it takes the same effort to exploit openBSD as linux, I think that 99% of its users will never see an attack by an advanced exploit. On the basis that the time and skill would be better spent creating linux exploits. or windows ones There are very few "security researchers" actually reporting and helping fix bugs for free.

>>977884

Theo based those numbers off downloads, one download can install infinite systems. I doubt it accounts for source downloads as well.

>>977778

Let's make our own OS. I'll get started on the logo.

>>978005

>>>/g/ is that way

>>977795

>if there's an issue that inconveniences your group you should not put your head in the sand

classic /leftypol/ projection

Everything is always dying.

>>978135

Yep, more psychwarfare/demoralizing on /tech/. Use whatever OS you want and don't worry about it. What are you making that has to be so secure that it would be less time consuming to keep an offline laptop around for?

>>980121

Why are you implying openbsd should be disconnected, it's the most secure os ever