Re: Video editing in Linux?

From: SjT (NOT_at_yahoo.com)
Date: 11/01/04 

Date: Mon, 01 Nov 2004 16:06:00 GMT

I'm with stupid ---> Ian Molton <spyro@f2s.com> wrote:

>security holes are due to bugs. OSS and CSS have bugs. the only issue is
>how fast they are found and fixed. The faster the more secure.

No they are not always bugs thats incorrect, if you have the source
code for the application in question then you can write an exploit
into the code and but it up for distribution surely?!

What kind of protection is employed to prevent this from happening? i
know you've mentioned digital signing, is that something that the
original author would pay and have submitted?

>Do you think OSS fans download sourcecode from just anywhere?
>
>no, we get it from official download sites for the various projects.
>there are signatures we can use to check the integrity of the downloads.

Well someone laughed at me when i mentioned there were top linux
groups out there for this purpose?!

Anyway, just because you do that Ian, doesn't automatically mean that
everyone else do it, what if the app you require doesn't appear on the
official download site?

>how do you suggest the malicious code is injected?

You don't need to inject it, you bring up the source code and
incorporate it into the original source, failing that you could put it
in one of the files rthat main.c calls.

>> But they would be working on the original code which someone has
>> modified still.
>
>*IF* such a modification ever made it into the code, it would be spotted
>quickly by any competant OSS *OR* CSS developer.

This is what i can't get my head around, at which point would it be
spotted?! who has the job of reading through the source code?!
Whatabout those that download from sites other than the 'official'
ones?!

>And if you run software from just anywhere or Kazaa! you get what you
>deserve, no matter what your OS is.

Some people do not have web access as so choose to download through
P2P's or newsgroups.

Some peoples connections time out and they have problems so like the
resume feature that P2P's offer.

People do use P2P's, with CSS the majority of known malicous code
would be spotted through the use of a virus checker, however OSS would
allow anyone with a small amount of coding knowledge to perform god
knows what on your machine.

>> That to me is a possible security issue. I find it hard that you do
>> not agree.
>
>Moronic users has always been a security risk.

Would you say that OSS would be more risky for moronic users than CSS
then? After all, these moronic users are the ones you will be wanting
to join Linux for it to really hit the big time and have full hardware
support out of the box.

>Wheras under linux the odds are the problem is FIXED before any tempory
>hack is even needed. and linux updates never needlessly reboot the
>machine. there is ONE update that requires a reboot and thats an actual
>change the the core kernel itself, which is about a once-a-year event at
>worst.

In that case it's no different to my win2000 server beside me then ;) 

-- 
Playing: FIFA 2005.... Thats it atm
Awaiting: PES4 & HALO2 (Yawn yes i know)

Relevant Pages