upvote

points

by rvz16 hours ago |
comments
upvoteby hn9272681915 hours ago|
next
[-]
Falling apart? You mean getting stronger? Every single one of these is an existing hole being patched. It isn't making new holes
reply
upvoteby Gigachad12 hours ago|
parent|
next
[-]
Government agencies probably already have half of these exploits in their private toolbox for years now. Finding and patching them is good, but there probably needs to be some systematic change to prevent them rather than just patching bugs when they get found.
reply
upvoteby onjectic6 hours ago|
parent|
next
[-]
Something something microkernels + capability-based security.
reply
upvoteby FriedFishes6 hours ago|
parent|
prev|
[-]
> for years now ZCRX is less than half a year old. I'm so tired boss.
reply
upvoteby tgv5 hours ago|
parent|
prev|
next
[-]
As other people said in this thread: so many devices won't be patched. And that can easily lead to users and manufacturers moving away from Linux. Linux is in a glass house.
reply
upvoteby pjmlp4 hours ago|
parent|
prev|
[-]
I remember when people used to joke with Windows security and something like that would never happen on Linux, well..
reply
upvoteby gordonhart15 hours ago|
prev|
next
[-]
Linux is "falling apart" because it's the highest-profile open source project people can point LLM agents at to find CVEs. It'll come out the other end of this hardened by all of the attention it's getting, but the next few months/years will be... bumpy.
reply
upvoteby maven2915 hours ago|
prev|
next
[-]
perhaps this will lead to better AppArmor and SELinux defaults?
reply
upvoteby ChocolateGod15 hours ago|
parent|
[-]
People will just turn SELinux off rather than have to go through the horrible tooling when it breaks a regular use case.
reply
upvoteby pjmlp4 hours ago|
parent|
next
[-]
It is enabled by default on Android, and only developers can change it temporarly via an ADB session.
reply
upvoteby yjftsjthsd-h15 hours ago|
parent|
prev|
[-]
I do think SELinux is a good example of how robust software with poor UX/DX gets undermined by that poor UX/DX. Although I do wonder if AI can help with it?
reply
upvoteby pjmlp4 hours ago|
parent|
[-]
There is also the Android way, this is how it goes, fix your apps.
reply
upvoteby EGreg15 hours ago|
prev|
[-]
How's BSD doing? How about Amazon Linux?
reply
upvoteby yjftsjthsd-h15 hours ago|
parent|
next
[-]
Amazon Linux is a Linux distro? Though, yes, I would like to know how the BSDs are doing.
reply
upvoteby toast015 hours ago|
parent|
prev|
next
[-]
FreeBSD is getting piles of security updates lately too. Not sure about the other BSDs.
reply
upvoteby cachius15 hours ago|
parent|
prev|
[-]
And Windows?
reply
upvoteby mschuster9115 hours ago|
parent|
[-]
Pray to God no one ever lets an AI agent run loose on the various leaked Windows source code dumps.

Given Windows' absurd amount of backwards compatibility, chances are pretty high that there are a lot of sleeping dragons buried inside even modern Windows 10/11 kernel and userland that date back to code and issues from the 90s - code where half the people who have worked on it probably not just have departed Microsoft but departed living in the meantime.

reply
upvoteby pjmlp4 hours ago|
parent|
[-]
While true, since MinWin and OneCore that most of that code has been moved around.

Also contrary to Linux, Windows 11 (optional on W10) uses sandboxing for kernel and drivers.

Since Windows XP SP2 that Windows keeps getting mitigations, Microsoft has security teams whose day job is to attack Windows.

They are also promoting using CoPilot for C and C++ code review for some time now.

While it won't stop all attacks, it is better than the whole UNIX is safer than Windows attitude from the 90's, turns out it is a matter of how much money is into it.

Want really safe above anything else, look into Qube OS with its sandboxing over everything, or mainframe systems like Unysis ClearPath MCP, with NEWP as systems language, and managed environments.

reply