Government agencies probably already have half of these exploits in their private toolbox for years now. Finding and patching them is good, but there probably needs to be some systematic change to prevent them rather than just patching bugs when they get found.
As other people said in this thread: so many devices won't be patched. And that can easily lead to users and manufacturers moving away from Linux. Linux is in a glass house.
Linux is "falling apart" because it's the highest-profile open source project people can point LLM agents at to find CVEs. It'll come out the other end of this hardened by all of the attention it's getting, but the next few months/years will be... bumpy.
I do think SELinux is a good example of how robust software with poor UX/DX gets undermined by that poor UX/DX. Although I do wonder if AI can help with it?
Pray to God no one ever lets an AI agent run loose on the various leaked Windows source code dumps.
Given Windows' absurd amount of backwards compatibility, chances are pretty high that there are a lot of sleeping dragons buried inside even modern Windows 10/11 kernel and userland that date back to code and issues from the 90s - code where half the people who have worked on it probably not just have departed Microsoft but departed living in the meantime.
Falling apart? You mean getting stronger? Every single one of these is an existing hole being patched. It isn't making new holes
Government agencies probably already have half of these exploits in their private toolbox for years now. Finding and patching them is good, but there probably needs to be some systematic change to prevent them rather than just patching bugs when they get found.
Something something microkernels + capability-based security.
> for years now ZCRX is less than half a year old. I'm so tired boss.
As other people said in this thread: so many devices won't be patched. And that can easily lead to users and manufacturers moving away from Linux. Linux is in a glass house.
I remember when people used to joke with Windows security and something like that would never happen on Linux, well..
Linux is "falling apart" because it's the highest-profile open source project people can point LLM agents at to find CVEs. It'll come out the other end of this hardened by all of the attention it's getting, but the next few months/years will be... bumpy.
perhaps this will lead to better AppArmor and SELinux defaults?
People will just turn SELinux off rather than have to go through the horrible tooling when it breaks a regular use case.
It is enabled by default on Android, and only developers can change it temporarly via an ADB session.
I do think SELinux is a good example of how robust software with poor UX/DX gets undermined by that poor UX/DX. Although I do wonder if AI can help with it?
1 reply →
How's BSD doing? How about Amazon Linux?
Amazon Linux is a Linux distro? Though, yes, I would like to know how the BSDs are doing.
Yes, it's a fork of Fedora. https://docs.aws.amazon.com/linux/al2023/ug/what-is-amazon-l...
FreeBSD is getting piles of security updates lately too. Not sure about the other BSDs.
And Windows?
Pray to God no one ever lets an AI agent run loose on the various leaked Windows source code dumps.
Given Windows' absurd amount of backwards compatibility, chances are pretty high that there are a lot of sleeping dragons buried inside even modern Windows 10/11 kernel and userland that date back to code and issues from the 90s - code where half the people who have worked on it probably not just have departed Microsoft but departed living in the meantime.
1 reply →