Re: Video editing in Linux?

From: Ian Molton (spyro_at_f2s.com)
Date: 10/29/04 

Date: Fri, 29 Oct 2004 15:43:07 +0100

SjT wrote:

> It's still insecure, whether you or anyone else can fix them quicker
> is not the point,

Huh? an insecure system is one where holes remain open. in a secure one
they are closed as quickly as they are discovered.

Or are you suggesting CSS never has holes? (in which case, why does
windows update list about 20 critical updates to win2k alone?)

> once they're in, they're in and the damage has been
> done.

How on earth do you think they are going to get in? there isnt a little
security-hole gremlin that runs around putting holes in on purpose you
know...

>>That's not an OSS issue, that's a social engineering issue. What's to stop
>>me writing software to do the same on a Windows box? I could put that
>>software in a group, on a P2P network or on a website and encourage people
>>to download and run it.
>
> The difference is that any tom *** or harry could do it with some
> basic knowledge in netcode and c, and it could be made available from
> the the top linux groups completely un-noticed until someone chances
> to notice it.

You claim to be proficient in C, and any good programmer should be able
to learn the linux networking basics in a day. Prove your statement. You
dont have to actually write any code - just demonstrate a vulnerability
you discovered with your 'basic' knowledge.

> Downloading from P2P networks is mostly illegal pirated software so
> you would expect crap from there,

Linux From Scratch legally and securely distributes its source packages
on BitTorrent.

Sure P2P can be abused too. I clearly remember the pre p2p days where
web and ftp services were abused to the same ends.

> besides your virus checked picks up on any known virus,

Go on telling yourself that, if it makes you sleep better.

> on OSS you would actually be including your own
> code within the original code so that it would be totally undetected.
> As opposed to being bolted on to the end of the file.

Explain. you might want to research digital signing, and MD5 before
spouting off like that.

>>If anyone downloads and installs unconfirmed software from any old website
>>then that's their fault.
>
> It's still an issue with OSS.

Its an issue with any kind of S.

> Well, i would find it much easier to add my code to an OS project than
> backwards engineering someone elses executable, in fact i wouldn't
> have a chance at doing that unless someone taught me how to code hex
> in machine code.

You're talking to someone who has done reverse engineering of windows
code here. I doubt you could code assembler the way you talk about
'coding hex in machine code'.

> It is more insecure,

If so why do M$ use linux DNS servers?

> You gotta love this 'WE HATE MS!' linux community havent you?

Here we go again...

Quantcast