''devs'' are lazy

this is the sole reason arch switched to systemd

>>107245908
>it stays there for years
Yes, but someone DID find it. With proprietary software, you can't. DESU I'd be curious how much BS is actually going on in the W11 source without anyone ever being able to find out (without a source leak).

>>107245908
>safe fprintf
>unsafe fprintf
kek
the C standard library is a fucking worthless piece of shit designed by a retard, that's why this whole thing is happening in the first place
just stop using C library. win32 api has all you need in it already.

>>107246771
>Yes, but someone DID find it.
after numerous systems got rekt and nobody can take the blame nobody can get sued
this is why fosshit will always be irrelevant, if you make mistakes there are zero consequences

>>107246771
>someone DID find it
because he contributed malware to another project before and that guy probably went looking through all his other contributions. no one would bat an eye at it otherwise
>I'd be curious how much BS is actually going on in the W11 source without anyone ever being able to find out
it's insane that you make this comparison. one is an employee that you personally screened, have all the legal information to and the legal grounds to prosecute him if the puts your billion dollar product and millions of users in danger, while the other is a volunteer patch from a random user with a cryptic username and an anime girl picture that can even hide his email address from you if he wants to

>>107247263
>one is an employee that you personally screened, have all the legal information to and the legal grounds to prosecute him if the puts your billion dollar product and millions of users in danger
exactly, much worse than a publicly auditable volunteer. thank you for pointing this out.

>>107247353
>publicly auditable volunteer
Read again, retardbro

>>107246771
/thread
Software is always subject to bugs and security issues but with OS we can at least know

>>107246771
>>107247416
Hey why are you replying to your own post? That's cheating!

>>107247263
>it's insane that you make this comparison. one is an employee that you personally screened
Anon most of Microsoft are jeets who work for pennies on the dollar. Literally none of them can be screened because literally all of them can be bought.

Stupid fucking post unless you were talking about exclusively making the IT industry an exclusive white man endeavour

>>107247034
> bsdtar
> win32 api
Retard

>>107247427
He didn't tho

>>107247263
You assume Microsoft is actually acting in good faith and/or screening their employees. And I highly doubt both.

>>107247412
read what again? this guy was caught fucking around and now people are reviewing.
if shit like this happens at M$, or even better, if an M$ wage cuck is merely a proxy for espionage because he was hacked, you have no visibility in it and have to have faith in the company to notice XZ tier backdoors. I imagine M$ is a bit above board and probably has better fuzzing and testing, but given how absolute ass Win10/11 has been for normal consumer releases, I doubt even that.

>>107245908
doesn't matter anymore. LLM reviewers will find shit like this now 99% of the time

>>107247459
>He
>>107247442
>get report from the security team/independent researcher/whatever
>look up what caused the bug while fixing it
>it's a suspicious change by JeetiaTanesh@microsoft.com that somehow passed the code review
>review and revert all of his changes asap
>begin pressing charges and get him arrested
vs
>ummm you might want to re-check that merge request because that person literally contributed malware to another project
>*no response*

>>107247562
whats rms cum taste like? gay ass bitch !

>>107247508
>You assume Microsoft is actually acting in good faith
What do you mean? Their quality control is laughable and they have total disregard for user experience for things like making the start menu in react, but considering how hundreds of millions, if not billions, of people use windows every day, the reports of vulnerabilities actually being exploited is extremely low. and whenever one hits the news, it's been long fixed. I hate microjeet but their security is one of the few things you can't complain about. it's orders of magnitude more than any open sores project can dream of having.

>>107247622
bloody benchod basterd!

>>107247690
Yet you can't prove it. All of your observations are just anecdotal, until the source is released.

Also, who says there aren't any people in MS that actively sabotage the codebase or even work for malicious actors? You might never know about some backdoors. Some go undiscovered for decades and some are actively covered up because (((they))) need it for whatever reason.
Without the source code, YOU WILL NEVER KNOW. You can assume, but you'll never have proof.
>orders of magnitude more than any open sores project can dream of having
Show me the proof. Oh wait, you can't.

>>107245908
>out of sight out of mind
what would i give to be a low iq chud too

>>107247917
>Show me the proof
it in itself is proof. new vulnerabilities are found every other week and they're quickly patched before you even realize what's happening
>You might never know about some backdoors. Some go undiscovered for decades and some are actively covered up because (((they))) need it for whatever reason.
and you think troonix or any open sores project is different because...? now you're just making stuff up to fit your narrative.
you couldn't even tell if a given piece of code has a hidden bug from a million loc project if it was shown to you, yet you boast that you COULD find all the vulnerabilities and backdoors in your fried software IF you wanted to or something

>>107247690
>the reports of vulnerabilities actually being exploited is extremely low.
You do realize that a vulnerability that is exposed is a failed vulnerability? If you look at the market for these things the ratio of detected to unknown is 1 to 100. In Windows (and macos) this is possible because no one person has knowledge of the entire codebase. In Linux this will get flagged down because everyone can look at it while either being bored at 3am or being paid for it (eg Valve).

You literally think you are more secure because someone else hides the way the tool you use works. This has nothing even to do with malware itself. Its literal npc behavior.

>>107247690
>t. uses brave browser with windows telemtry set to low
sweet sweet summer

>>107246771
holy cope lmao

>>107247169
>after numerous systems got rekt
proof?

>>107248029
>you couldn't even tell if a given piece of code has a hidden bug from a million loc project if it was shown to you, yet you boast that you COULD find all the vulnerabilities and backdoors in your fried software IF you wanted to or something
Do you think all the software that ever exists is written by the same two guys?
The reason you gave is actually the best in favor of Linux. Due to Linux open developement nobody is responsible for the entirety ot GNU+Linux. Everyone who wrote code will have written tiny managable parts that will also be published. So everyone only looks at tiny fragments of code changes. Compare to Windows where you dont even know what the code is.

>>107248040
>this is possible because no one person has knowledge of the entire codebase. In Linux [...]
bitch do you hear yourself? linux has 40 million lines of code
>everyone can look at it
>can look at it
>CAN, but no one will
idk why you keep making the code being openly available vs it being not because it doesn't matter. the issue is security researchers actively looking at it, engineers paid to fix it and whether literal randos with no history or background whatsoever being able to add code to your project just because it "looks right".
just look at the OP. the only reason they think this change is suspicious is because of who contributed it. you could look at the source code all you want otherwise and you wouldn't even think twice about that line of code.

>>107247169
>after numerous systems got rekt
It was a non prod pipeline. Again these are things that can only happen in open source in this way. Someone noticed that on the testing distros (ie not yet released) performance dropped. Since everything is open source they simply looked at it and found the issue then checked the pr and instantly knew its malware. That was before the distros moved from testing to prod (ie nobody with a real system was affected). Furthermore you dont seem to know what the malware was supposed to do. Because again it certainly wasnt meant to rekt computers and thus gather attention

>>107248029
I didn't say anything about actual code quality, but what am I expecting from a fanatical schizo on 4chins.
Windows has had a LONG history of security issues and since it has a market share of well over 90% in most parts of the world, it naturally attracts the attention of many security researchers, which amounts to more stuff being found, even without the source. If you'd put all of these people to work on Linux, OF COURSE they'd find stuff. I'm not saying Linux is bug-free, all I'm saying that having the source code gives you freedom to do some things that would otherwise require you to disassemble and decompile shit first. Security through obscurity is no real security.
This thread reeks of delusions, I'm leaving

>>107248152
>bitch do you hear yourself? linux has 40 million lines of code
Do you think people change the entirety of the OS every line every day and everyone has to look at every line?

You are thinking in Windows ways. In Windows this is correct because no outsider has the code so everyone has to check everything (if possible). On Linux every component is seperate and detached. Lennart will look at systemd things. Rms will look at Gnu things. Neither needs to nor will look at each others things. Why should they? Every single code change is documented since it is logged contrary to Windows.

>>107248152
>Linux has 40 million lines
Chrome is the biggest common "thing" and has around 2 million loc. It is orders of magnitudes larger than Linux itself.

>>107248144
>The backdoor is quite complex. For starters, you won’t find it in the xz GitHub repository (which is currently disabled, but that’s besides the point). In what seems like an attempt to avoid detection, instead of pushing parts of the backdoor to the public git repository, the malicious maintainer only included it in source code tarball releases.
Oh no, open sores sisters, but I thought we could inspect the code for backdoors!
It's even funnier that who discovered the backdoor is a microsoft employee.

>>107248152
You do realize that malwares main job in 99.99% cases is a) to target windows and b) to stay hidden and avoid detection? These both go against everything you said so far.

>>107248226
>oh no, open sores sisters, but I thought we could inspect the code for backdoors!
Who said it isnt complex? What are you talking about? The backdoor was found through performance testing. Because some guy wrote code for some component saw that a deoendency changed and wanted to ensure their program still works fine. This is how most professional developers work (ie not chuds). And even more so this again shows that the system works perfectly fine.

>>107248226
Mate please go to a market. Compare the amount of windows zero days to the amount of linux zero days. Then tell me why there are a trillion more windows zero days. And why the two linux zero days that do exist cost more than all window zero days combined

>>107246771
>Yes, but someone DID find it.
My wife cheated on me behind my back but eventually I DID find out and I became friends with Tyrone

>>107248203
>my cope isn't working, I'm leaving
>>107248211
>On Linux every component is seperate and detached. Lennart will look at systemd things. Rms will look at Gnu things.
funny you say that because neither of those things are in Linux
>>107248241
you do realize that malwares main job in 99.99% of cases is to extract some kind of value out of you (money, crypto, files, accounts) which is something you can easily notice after it happened. reports of malware exist because of the sheer amount of users and bad actors out there, yet they are so little. the 0.001% is spying software which you are not a target of no matter how delusional you are.

>>107248152
windows macos and classical linux are dumpster fires. if you run any of these you shall not be talking about security whatsoever.

only immutable users have security.

>>107248290
>Who said it isnt complex?
reading comprehension? it's not about it being complex, it's that the backdoor wasn't even in the public git repository at all, but inside the source tarballs that only maintainers/scripts used to build the package from source
>>107248302
>thing with a dozen users has less malware being written for it than thing with a billion users
woah

>>107248326
>funny you say that because neither of those things are in Linux
So thanks for confirming you are a troll. Or do you want to tell me that systemd belongs to the GNU project? Or that the nvidia open source driver was written by Linus? Or that Proton and Wine were written by the Chrome team?

>>107248326
>you do realize that malwares main job in 99.99% of cases is to extract some kind of value out of you (money, crypto, files, accounts
Good thing I am running Linux then because every application is run inside its own sandbox and does not have access to other files unless I allow it. Phew. Very hard I know.

>>107248360
(You) are either a troll or a retard. you attempted to say not all parts of linux are maintained by the same person and proceeded to cite projects that have nothing to do with linux kernel source code.
if you mean linux as in a linux distro, there's a million overlooked components from tiny to larger ones like our-themes-can-have-code-execution-DE aka krashde

>>107248383
no bro dont worry your code has a backdoor satya nadella found it already and told this guy the 40 million lines of code remember. 2 million from chrome and 38 more duplicated lines of code.

>>107248409
>othing to do with linux kernel source code.
>systemd
>drivers
>gnu
If you call these not "core" identity of Linux you are beyond hope.

>>107248410
>>107248424
why are you retarded? genuine question.
https://www.stackscale.com/blog/linux-kernel-surpasses-40-million-lines-code/

>>107248409
>krashde
So youre just a chud. Should have said before that you hate immigrants and earn minimum wage. That would have saved us a lot.

Do you think 4chan has updated their servers since the hack? Sharty hack round two??

this still wasn't rolled back or even investigated btw

>>107248457
>include every driver in existence
Yes I also include the lines of code of my written in asm driver for my desk phone from 1996. The fact you just google searched and pulled a random non technical article instead of just looking at how many lines of code the linux kernel repo has (ie what you built as the OS) shows youre just a consumer npc

>>107248467
The xz backdoor never got published that is the entire point. The backdoor got caught before being published to end users.

>>107248489
>moving the goal post
you are an imbecile beyond any hope. it's sad that you filled this thread with your cope. keep using your muh open OS (that you can't even differentiate the kernel from the distribution, which is funny on its own) that you *totally* can inspect and find all the le bugs and vulnerabilities! except you never will because you are lazy and a larping retard on top of it all

>>107248539
Can you tell me who is moving goalposts? You are a very intelligent man. Out of sight out of mind. Definetly not what a braindead person who just npc repeats would say.
>>107248424
>>107248457

>>107248510
he's referring to the op you troglodyte

>>107248539
>that you can't even differentiate the kernel from the distribution, which is funny on its own
You were the one to combine every single component under the banner Linux. You were combining arbitrary drivers. Most non technical pages just clone the entire linux repo. Usually this includes all drivers even shit from the 90s and whatnot. This is how its relatively easy to see that both the article and the person reading the article are non technical people.

>>107248565
yes, systemd and gnu don't live inside the linux kernel source tree. HOW hard is that for you to understand? are genuinely and irreparably retarded?

>>107248539
are you saying that systemd IS a part of the linux kernel or are you saying it is not? you seem to be getting washy

>>107248605
So they are seperate components entirely unrelated to the Linux kernel. Again Linus does not develop systemd or the GNU tools. So the point he did was correct that people only need to look after their respective components and not monolith beasts like Windows or macos.

>>107248592
>You were the one to combine every single component under the banner Linux.
never grouped anything, all mentions of Linux in my posts are the linux kernel. you made that assumption on your own. drivers ARE part of the source tree if they, well, are part of the source tree.
>but muh I can disable it before building it from source
I wonder why you think that is relevant at all

>>107248641
>drivers ARE part of the source tree if they, well, are part of the source tree.
So again. Its out of sight out of mind. Windows just doesnt give you the option to build a driver for a 1996 desk phone. Linux does. That makes Linux worse (despite no distro shipping these drivers). Remember how this only started with your 40 million loc. From a consumer article.

>>107248630
>he
>>107248152
>linux has 40 million lines of code
the linux KERNEL has 40 million lines of code
>>107248211
>On Linux every component is seperate and detached. Lennart will look at systemd things. Rms will look at Gnu things. Neither needs to nor will look at each others things.
systemd and gnu are not included in the linux KERNEL's 40 million lines of code.
is that clearer now? or do I have to draw?

>>107248641
>>but muh I can disable it before building it from source
>I wonder why you think that is relevant at all
>/src/drivers/1992/phone.asm
>Last edited: May 25th 1994
i agree there will be many vulnerabilities in this driver on downstream distros. Oh wait downstream distros dont ship 99.99% of the drivers? That makes the kernel size shrink to its real size smaller than the Chrome browser? No no my npc master told me differently this is fake news

>>107247622
Takes one to know one ;3

>>107248383
>I am running Linux then because every application is run inside its own sandbox
Who told you linux does that? Might want to consider punching them for lying to you.

>>107248672
you're grasping at the 40 million figure like it helps drive your narrative somehow. pretend it's 30, 20, even 15 million if you want to or whatever other size you claim with "only the drivers you use". it doesn't matter. the point is that no, no one in the linux kernel project knows the entirety of it despite what you said in:
>>107248040
>In Windows (and macos) this is possible because no one person has knowledge of the entire codebase.
which is the same for linux. that's the entire point that you're too dumb to understand.

cloudfare is the worst hosting company. Finally the captcha worked holy shit I've been stuck here for hours.

>>107248457
>40 million
someone did the trick again huh? its easy to see what the narrative is when someone includes drivers when counting loc. obviously doesnt happen for windows and mac. after all they could have trillion lines and we wouldnt know

>>107248712
i am rubber and you are glue, whatever you say bounces off from me and sticks to you
bitch

>>107248578
Yes, yes (you) are.

>>107248689
why are you STILL hung up on this argument when it literally doesn't matter? the ability to include or exclude drivers has nothing to do with anything

>>107248715
Actually this is rather standard on Silverblue distros. That is why Bazzite has double digit million installs without any marketing. Its the most secure the easiest to use and the fastest consumer os available.

>>107248733
Lol gotem good

>>107248729
>cloudfare is the worst hosting company
Good thing it's a CDN, then, eh?

But, yes. Bad. Just think, if you hadn't doubled down on this redardation over the last decade or two this wouldn't be a problem right now as you reap what you sow.

>>107248727
Chrome has 2 millions loc. Linux kernel is significantly smaller than Chrome.

Windows has had shared source initiaves. Please count the lines of code of any Windows version. You will be embarassed.

>which is the same for linux. that's the entire point that you're too dumb to understand.
With the major difference that I can look the code up. I understand you as npc have to listen to what other people tell you. But there are some people who actually do read code.

>>107248757
So... A *silverblue* feature.... not a *linux* feature...

>>107248741
it's not me but what if it was? point is that the changes made by jia tan in bsdtar are still not reverted. you're getting desperate.

>>107248744
>linux has 40 million loc who is gonna read alk this
>ok but 99.99% of them are outdated drivers without them linux kernel is smaller than chrome
>idc im an idiot
>also you do understand that reading open source code usually means reading changes not rereading the entire code
>hahahahahab ur an idiot

never trust freetards

>>107248782
Linux has the feature. Its just Silverblue enforces it by default wherever possible. Thats why this board does not use Silverblue. This is an npc board as proven by you. Bazzite has had no marketing si no chance to catch on here. Meanwhile non chud devs and normies are living in the future.

>>107248781
>Linux kernel is significantly smaller than Chrome.
lol, lmao even.
>Windows has had shared source initiaves.
for one windows is much more than the nt kernel
>With the major difference that I can look the code up.
yet you won't, and you won't find shit
>But there are some people who actually do read code.
which is not you, and hilariously enough it's microsoft's employees.

>>107248805
exactly. to get these indians out we need to unite my dear fellow white american christian

blessings from texas oblast from jia tan. a fellow proud white christian american

>>107248830
Chrome and the kernel are public repos. If you cant compare their sizes then this discussion is useless.

Fyi I just did and the kernel is SIGNIFICANTLY smaller than Chrome.

>>107248803
>99.99% of them are outdated drivers
holy shit, you can't be that retarded. I won't even say anything anymore, fuck this

>>107248830
chrome includes entire hardware vms. a single of these vms is probably ten times bigger than the entirety of linux. hell even v8 alone is likely bigger than the entirety of the kernel

>>107248803
>>linux has 40 million loc who is gonna read alk this
It's all been read. Multiple times. By multiple people.

Do you realise how old some of that code is? How long it's been added in? Sure, a lot is simply ignored to focus on the fresh inflow, but the existing wasn't just thrown in there haphazardly.

Not everyone maintains such vigilance with their projects, but linus seems quite picky about what, where, and very importantly, why.

>>107248871
>i wont say anything anymore
>proceeds to say s

the bot is so broken that is started to reply to itself lol

>>107248891
>how do diffs work
Why not just say that you arent a programmer? This wouldve saved a lot of time and answers why you think the way you think.

This is why janitors should stay janitors.

>>107248909
its not a bot its a st. petersburg paid person. thats why they have no knowledge about anything technology. they are paid to argue

>>107248829
I've considered silverblue. Don't see much to move me from common fedora, this install is quite old now...

>>107248933
>Why not just say that you arent a programmer?
Where did I say I was?

>answers why you think the way you think
Which *you think* would be what, precisely?

>>107246771
i think the point is that with proprietary software a chink wouldn't be able to add code like this

of course this no system is perfect and not all non-chinks are good boys

>>107248757
immutable distros don't mean shit from security standpoint
I knew /g/ was retarded but that's lower than reddit

>literal satanist logo
>something something cuck license
>approved a backdoor
Poettering.

>>107249789
As evidenced by the chinks that had penetrated all sectors of USA technology, and walked away with IP? Yeah. It's totally inconcievable that someone can add something instead of taking it.

And you think it's the chinks you need to worry about? You may have heard about mass infiltration by china into your key networking infrastructure, and an inability to remove. That wasn't made possible by the chinese, they just used something someone was stupid enough to smuggle into closed source proprietry products so the literal jews at Akamai Technologies can get rich selling that data to alphabet soups...

>>107247690
This is an unfalsifiable claim because the SOURCE CODE CAN'T BE PUBLICLY FUCKING AUDITED.

>>107245908
>open source is insecure
>ergo(-t poisoning) closed source is secure
what the fuck are you jibbering about?

>>107248829
Cluster B's don't make software for the benefit of the community. You can shove that fucking troonware up your ass.

>>107249789
ah yes the famous anti-immigrant policies that all big tech companies have
they will absolutely never higher a Chink
only the rare Jeet who are well-known for their morality

kek I had never actually thought of it but proprietary software must be riddled with backdoors
they are so vast that they are impossible to audit
corps only care for profit and they have little mechanism to counter organized insider attacks by people who put their nation above all (e.g. Chinese)
or scammy Jeets who will just sell themselves to the highest bidder

>>107252348
>This study investigated the vulnerabilities of three operating systems: Windows 10, macOS, and Ubuntu. The analysis of secondary data obtained from the CVE and NVD databases for the study period demonstrates varying OS vulnerability. Quantitative assessment of the vulnerability (using the vulnerability score) for the investigated operating systems found consistent results in the security vulnerability of these OS. The correlation of the disclosed vulnerabilities data and the average weighted vulnerability yielded coefficients of -0.3674, -0.4081, and 0.3473 for macOS, Windows 10, and Ubuntu Linux. These results demonstrate windows 10 as having the highest security vulnerability, followed by macOS. Ubuntu Linux had the lowest vulnerability scores. These results were validated by the CVSS distribution of the vulnerability score. The results point to the impact of the popularity of OS on the number of attacks in a given period. OS used by many people tend to attract significant attacks testing their integrity, security, and safety.

>>107248467
>>107248783
That's false. It was corrected.
https://github.com/libarchive/libarchive/pull/2101

I'm too lazy to look into whatever the safe_fprintf implementation is, but I assume it's for preventing format string vulnerabilities which was why the xz backdoor guy took it out.