• StartMeStick Plug-in Operating System

    From Ogg@VERT/CAPCITY2 to All on Friday, July 30, 2021 21:15:00
    Hello All!

    Anyone hear of this before?

    StartMeStick Plug-in Operating System, Unlimited Use on
    Unlimited PCs and Macs, 1 Year

    https://www.staples.ca/products/2977682-en-startmestick- private-computing-device-for-unlimited-pcs-or-macs-1-year

    https://tinyurl.com/yfnt9kdl

    Apparently, $39.99 (down from $79.99) will give you 1yr of
    using an alternative OS from a USB stick.

    THIS sounds a lot like what some Linux distros can do already.
    This sounds almost akin to the Freedom Phone approach (someone
    buying a bunch of USB sticks, loading an alternative OS on it)
    and "liberating" people from the typical Windows and Mac
    offerings. And, this one seems to require a subscription to
    continue using it after a year.


    --- OpenXP 5.0.50
    * Origin: Ogg's Dovenet Point (723:320/1.9)
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Nightfox@VERT/DIGDIST to Ogg on Friday, July 30, 2021 20:08:41
    Re: StartMeStick Plug-in Operating System
    By: Ogg to All on Fri Jul 30 2021 09:15 pm

    THIS sounds a lot like what some Linux distros can do already.
    This sounds almost akin to the Freedom Phone approach (someone
    buying a bunch of USB sticks, loading an alternative OS on it)
    and "liberating" people from the typical Windows and Mac
    offerings. And, this one seems to require a subscription to
    continue using it after a year.

    Software subscriptions is something I'd rather move away from. I've been a little worried Microsoft might do that with Windows, so I've considered switching to Linux. I don't want to use an OS that requires a subscription.. If I can't pay for some reason, then I wouldn't be able to use my PC. I'd like to be able to use what I bought & paid for with my own money..

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From MRO@VERT/BBSESINF to Ogg on Saturday, July 31, 2021 02:24:14
    Re: StartMeStick Plug-in Operating System
    By: Ogg to All on Fri Jul 30 2021 09:15 pm

    Apparently, $39.99 (down from $79.99) will give you 1yr of
    using an alternative OS from a USB stick.

    THIS sounds a lot like what some Linux distros can do already.

    that is exactly what it does. BUT you have to pay a subscription.
    it IS a linux distro. i'm not even sure if this is legal.

    "Like most things in this world, nothing comes free. That's also true of the StartMeStick, which requires a subscription to keep it active. To make that easier, you can pay just $15 to start for what is essentially a 30-day trial. You could also buy the stick for $80 to get a full 12 months of service included, or pay $200 for two years' worth of access.

    I can see how that might leave a sour taste on the device. Why pay to use it in perpetuity when it really only serves a simple purpose? The company addresses this in its FAQ, where it makes the case that rather than collect data about you and sell it (as Facebook and others do), it can know nothing about you and collect the fees instead.

    When put in that context, it's an understandable trade, but still a bit hefty a price to pay for something that isn't a full-on computer replacement. More tech-savvy users will know how to build bootable Linux-based platforms like this with existing USB thumb drives, though that's clearly not the consumer target here."
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Arelor@VERT/PALANT to Ogg on Saturday, July 31, 2021 06:58:17
    Re: StartMeStick Plug-in Operating System
    By: Ogg to All on Fri Jul 30 2021 09:15 pm

    Hello All!

    Anyone hear of this before?

    StartMeStick Plug-in Operating System, Unlimited Use on
    Unlimited PCs and Macs, 1 Year

    https://www.staples.ca/products/2977682-en-startmestick- private-computing-device-for-unlimited-pcs-or-macs-1-year

    https://tinyurl.com/yfnt9kdl

    Apparently, $39.99 (down from $79.99) will give you 1yr of
    using an alternative OS from a USB stick.

    THIS sounds a lot like what some Linux distros can do already.
    This sounds almost akin to the Freedom Phone approach (someone
    buying a bunch of USB sticks, loading an alternative OS on it)
    and "liberating" people from the typical Windows and Mac
    offerings. And, this one seems to require a subscription to
    continue using it after a year.

    Requiring a subscription for running a Live USB seems a deal breaker to me. I get a subscription for updates, but not a subscription for running. Plus you get more than half a dozen Live DVDs from a yearly Linux Magazine subscription anyway.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Nightfox@VERT/DIGDIST to MRO on Saturday, July 31, 2021 09:47:11
    Re: StartMeStick Plug-in Operating System
    By: MRO to Ogg on Sat Jul 31 2021 02:24 am

    Apparently, $39.99 (down from $79.99) will give you 1yr of
    using an alternative OS from a USB stick.

    THIS sounds a lot like what some Linux distros can do already.

    that is exactly what it does. BUT you have to pay a subscription.
    it IS a linux distro. i'm not even sure if this is legal.

    Why would it be illegal? RedHat charges a subscription for support for their Linux distro. I don't really see this as much different. As far as I know, there isn't a law against this..

    addresses this in its FAQ, where it makes the case that rather than collect data about you and sell it (as Facebook and others do), it can know nothing about you and collect the fees instead.

    When put in that context, it's an understandable trade, but still a bit

    I always thought most Linux distros were made as basically a volunteer effort, and the people making the distros do it neither for money nor to collect data (though there may be some exceptions - I'm not sure what Ubundu does, for instance).

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From Arelor@VERT/PALANT to Nightfox on Saturday, July 31, 2021 13:55:29
    Re: StartMeStick Plug-in Operating System
    By: Nightfox to MRO on Sat Jul 31 2021 09:47 am

    that is exactly what it does. BUT you have to pay a subscription.
    it IS a linux distro. i'm not even sure if this is legal.

    Why would it be illegal? RedHat charges a subscription for support for thei Linux distro. I don't really see this as much different. As far as I know, there isn't a law against this..


    At the bare minimum, they must make the source code available upon request for the GPL licensed components of their distribution. Red Hat and company actually do just that - they just ofuscate their source code on purpose.

    The Ubuntu crowd is still trying to figure out how to make a profit from it. They tried with mobile appliances, they tried including sponsored search bars in the system, and I don't know what else. Qubes is a for profit operation and they make money via hardware certification programs. Slackware makes money via Patreon and merchandise, and Slackware Inc. is registered as a for profit firm.

    So yeah, it seems there is a lot of for profit in Linux :-)


    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From MRO@VERT/BBSESINF to Nightfox on Saturday, July 31, 2021 17:27:16
    Re: StartMeStick Plug-in Operating System
    By: Nightfox to MRO on Sat Jul 31 2021 09:47 am


    that is exactly what it does. BUT you have to pay a subscription.
    it IS a linux distro. i'm not even sure if this is legal.

    Why would it be illegal? RedHat charges a subscription for support for their Linux distro. I don't really see this as much different. As far as I know, there isn't a law against this..


    it could be a violation of their license. especially if it's not their distro. i seriously doubt they have their own distro. looks like they are trying to make a buck off fools.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Gamgee@VERT/PALANT to Nightfox on Saturday, July 31, 2021 20:28:00
    Nightfox wrote to Ogg <=-

    Software subscriptions is something I'd rather move away from.
    I've been a little worried Microsoft might do that with Windows,
    so I've considered switching to Linux. I don't want to use an OS
    that requires a subscription.. If I can't pay for some reason,
    then I wouldn't be able to use my PC. I'd like to be able to use
    what I bought & paid for with my own money..

    Recommend you take the plunge to Linux. That way you'll always be able
    to use your system, and pay *ZERO* of your own money for it. :-)

    Oh, and also not have to worry about viruses.



    ... Daddy, what does "now formatting drive C:" mean?
    --- MultiMail/Linux v0.52
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Nerdanderthal@VERT/THEMIDNI to Arelor on Saturday, July 31, 2021 21:08:47
    Re: StartMeStick Plug-in Operating System
    By: Nightfox

    Slackware makes money via Patreon and merchandise, and Slackware Inc. is registered as a for profit firm.


    I remember some controversy with the Slackware merch store. I was worried that Slack's days were numbered
    I would love to see Slackware as a bootable USB,.

    ---
    ­ Synchronet ­ THE MIDNIGHT CAFE -- themidnightcafe.ddns.net The Last Stand For Free Speech O
  • From Nightfox@VERT/DIGDIST to Gamgee on Saturday, July 31, 2021 22:29:01
    Re: Re: StartMeStick Plug-in Operating System
    By: Gamgee to Nightfox on Sat Jul 31 2021 08:28 pm

    Recommend you take the plunge to Linux. That way you'll always be able
    to use your system, and pay *ZERO* of your own money for it. :-)

    Oh, and also not have to worry about viruses.

    I'm not sure if the virus thing is really true.. I imagine Linux just has much fewer viruses because Windows tends to be targeted more because so many users use Windows. I doubt Linux is free of vulnerabilities.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From MRO@VERT/BBSESINF to Nerdanderthal on Sunday, August 01, 2021 03:33:04
    Re: StartMeStick Plug-in Operating System
    By: Nerdanderthal to Arelor on Sat Jul 31 2021 09:08 pm

    Re: StartMeStick Plug-in Operating System
    By: Nightfox

    Slackware makes money via Patreon and merchandise, and Slackware Inc. is registered as a for profit firm.


    I remember some controversy with the Slackware merch store. I was worried that Slack's days were numbered
    I would love to see Slackware as a bootable USB,.


    why dont you just make one
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Arelor@VERT/PALANT to Nerdanderthal on Sunday, August 01, 2021 06:39:45
    Re: StartMeStick Plug-in Operating System
    By: Nerdanderthal to Arelor on Sat Jul 31 2021 09:08 pm

    Re: StartMeStick Plug-in Operating System
    By: Nightfox

    Slackware makes money via Patreon and merchandise, and Slackware Inc. is registered as a for profit firm.


    I remember some controversy with the Slackware merch store. I was worried t Slack's days were numbered
    I would love to see Slackware as a bootable USB,.


    There is always a lot of drama regarding the long term viability of Slackware, but it is due to the fact Patrick is VERY bad at public relations rather
    than the distribution running out of resources or developers.

    The Slackware store issue was very ugly indeed.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Arelor@VERT/PALANT to Nightfox on Sunday, August 01, 2021 06:44:37
    Re: Re: StartMeStick Plug-in Operating System
    By: Nightfox to Gamgee on Sat Jul 31 2021 10:29 pm

    Re: Re: StartMeStick Plug-in Operating System
    By: Gamgee to Nightfox on Sat Jul 31 2021 08:28 pm

    Recommend you take the plunge to Linux. That way you'll always be able to use your system, and pay *ZERO* of your own money for it. :-)

    Oh, and also not have to worry about viruses.

    I'm not sure if the virus thing is really true.. I imagine Linux just has m fewer viruses because Windows tends to be targeted more because so many user use Windows. I doubt Linux is free of vulnerabilities.

    Nightfox


    Linux is not free from vulnerbilities, but since the vast majority of automated attacks against desktops is targetting Windows systems, it cuts a big portion of the risk out.

    If you are very hardcore regarding desktop security you can use AppArmor or any MAC framework on your Linux.

    Or you can try Qubes, which puts every environment in its own container, so you can haev isolated frameworks for each task - you have a Work environment, a Multimedia environment and a Games environment, for example, so if you donwload a malware ridden game, it will breack havoc in your Game environment but leave alone your Work and Multimedia. Bonus points because all the environments
    run concurrently.

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Gamgee@VERT/PALANT to Nightfox on Sunday, August 01, 2021 10:31:00
    Nightfox wrote to Gamgee <=-

    Recommend you take the plunge to Linux. That way you'll always be able
    to use your system, and pay *ZERO* of your own money for it. :-)

    Oh, and also not have to worry about viruses.

    I'm not sure if the virus thing is really true.. I imagine Linux
    just has much fewer viruses because Windows tends to be targeted
    more because so many users use Windows. I doubt Linux is free of vulnerabilities.

    Yes, that is certainly true. Linux does have vulnerabilities. But if
    you're running it at home, behind a normal firewall/router, I think the
    risk is very close to zero. I've been doing that for 20+ years, with no anti-virus software running, and haven't had a single issue.



    ... All the easy problems have been solved.
    --- MultiMail/Linux v0.52
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Ksource@VERT/MUTINY to Nightfox on Monday, August 02, 2021 00:18:23
    Re: Re: StartMeStick Plug-in Operating System
    By: Nightfox to Gamgee on Sat Jul 31 2021 22:29:01

    I'm not sure if the virus thing is really true.. I imagine Linux just has much fewer viruses because Windows tends to be targeted more because so many users use Windows. I doubt Linux is free of vulnerabilities.

    Of course nothing can be totally free of viruses in the real world.

    Linux has two huge advantages over Windows, though:

    1) Not as much garbage from hardware vendors. The amount of malware
    that ships with drivers and utility software on Windows is frightening.
    There have been cases of manufacturers (e.g., Lenovo) SHIPPING brand
    new computers pre-loaded with malware. On Windows it's hard to get away
    from malware that comes straight from the manufacturer.

    Linux does have some binary blobs here and there that come from
    hardware manufacturers, but not near as many, and I haven't heard of
    any of them containing malware (yet).

    2) You almost always install software from the official repository on
    most Linux distributions. How do you install software on Windows?
    Do a Google search for it, click on the most legit-looking page, hope
    it's actually legit, download an .exe/.msi and blindly run it? Yikes.
    That process is practically DESIGNED to give you malware.

    The "store" model (which, sadly, Canonical is trying out) doesn't seem
    to be much better at keeping out malware. I've not seen any software distribution system that works in practice as well as a hand-curated repository.

    ---
    þ Synchronet þ Mutiny BBS - mutinybbs.com - telnet:2332 - ssh:2232
  • From Nightfox@VERT/DIGDIST to Ksource on Monday, August 02, 2021 08:42:46
    Re: Re: StartMeStick Plug-in Operating System
    By: Ksource to Nightfox on Mon Aug 02 2021 12:18 am

    Linux has two huge advantages over Windows, though:

    1) Not as much garbage from hardware vendors. The amount of malware
    that ships with drivers and utility software on Windows is frightening. There have been cases of manufacturers (e.g., Lenovo) SHIPPING brand
    new computers pre-loaded with malware. On Windows it's hard to get away from malware that comes straight from the manufacturer.

    Sure, if you buy a pre-built computer.. I suppose that's what the majority of PC customers do though. I tend to like to build my own desktop PC though, and when I do, I install a fresh copy of Windows and whatever software I need.

    2) You almost always install software from the official repository on
    most Linux distributions. How do you install software on Windows?
    Do a Google search for it, click on the most legit-looking page, hope
    it's actually legit, download an .exe/.msi and blindly run it? Yikes.
    That process is practically DESIGNED to give you malware.

    I've been using Windows (and before that, DOS) for 25+ years and overall can think of maybe one time where I had an issue that may have been a virus.. I think this issue tends to be exaggerated. If you aren't downloading things from questionable sources, I think the risk is fairly low.

    Also, it seems Microsoft is trying to move toward having a software repository with their Windows Store. I'm a little skeptical about that though.. I'm not sure I want to rely on all the software I want showing up in a repository before I can install it. I like being able to find new software and being able to install it without a walled garden controlling what I can install on my own computer.

    The "store" model (which, sadly, Canonical is trying out) doesn't seem
    to be much better at keeping out malware. I've not seen any software distribution system that works in practice as well as a hand-curated repository.

    I haven't used Ubuntu in a while. Is their "Store" model similar to the Windows Store?

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From Mr Ned@VERT/CAVEBBS to Ksource on Monday, August 02, 2021 19:26:00
    Ksource wrote to Nightfox <=-

    The "store" model (which, sadly, Canonical is trying out) doesn't seem
    to be much better at keeping out malware. I've not seen any software distribution system that works in practice as well as a hand-curated repository.

    Are there examples of Ubuntu's store delivering malware? The volunteer
    nature of Linux repositories does make me nervous at times (although
    I've never stopped using them)

    --- MultiMail/Linux v0.52
    þ Synchronet þ The Cave BBS - Since 1992 - cavebbs.homeip.net
  • From Ksource@VERT/MUTINY to Mr Ned on Tuesday, August 03, 2021 00:30:34
    Re: Re: StartMeStick Plug-in
    By: Mr Ned to Ksource on Mon Aug 02 2021 19:26:00

    Are there examples of Ubuntu's store delivering malware? The volunteer nature of Linux repositories does make me nervous at times (although
    I've never stopped using them)

    https://www.linuxuprising.com/2018/05/malware-found-in-ubuntu-snap-store.html

    Yes :(

    ---
    þ Synchronet þ Mutiny BBS - mutinybbs.com - telnet:2332 - ssh:2232
  • From Nightfox@VERT/DIGDIST to Mr Ned on Tuesday, August 03, 2021 08:11:13
    Re: Re: StartMeStick Plug-in
    By: Mr Ned to Ksource on Mon Aug 02 2021 07:26 pm

    Are there examples of Ubuntu's store delivering malware? The volunteer nature of Linux repositories does make me nervous at times (although
    I've never stopped using them)

    Years ago I had a job interview, and the interviewer asked me what I thought of Linux.. He then shared his opinion, and he said he thought that since Linux was open-source, anyone could go in and put malware into the code, so he didn't trust it. And on the other hand, he felt like since Windows is maintained by a smaller group of people who are there to make money from it, they would try to make Windows as good as possible.

    As far as I know, there are reviewers who review the code submitted for Linux. It's not a free-for-all.. So I think there are safeguards in place to try to prevent malware from being submitted in the Linux code.

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From MRO@VERT/BBSESINF to Nightfox on Tuesday, August 03, 2021 11:01:58
    Re: Re: StartMeStick Plug-in
    By: Nightfox to Mr Ned on Tue Aug 03 2021 08:11 am

    Re: Re: StartMeStick Plug-in
    By: Mr Ned to Ksource on Mon Aug 02 2021 07:26 pm

    Are there examples of Ubuntu's store delivering malware? The volunteer nature of Linux repositories does make me nervous at times (although I've never stopped using them)

    Years ago I had a job interview, and the interviewer asked me what I thought of Linux.. He then shared his opinion, and he said he thought that since Linux was open-source, anyone could go in and put malware into the code, so he didn't trust it. And on the other hand, he felt like since Windows is maintained by a smaller group of people who are there to make money from it, they would try to make Windows as good as possible.

    As far as I know, there are reviewers who review the code submitted for Linux. It's not a free-for-all.. So I think there are safeguards in place to try to prevent malware from being submitted in the Linux code.


    but they dont review the code. look at heartbleed and other shit
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Nightfox@VERT/DIGDIST to MRO on Tuesday, August 03, 2021 10:15:50
    Re: Re: StartMeStick Plug-in
    By: MRO to Nightfox on Tue Aug 03 2021 11:01 am

    but they dont review the code. look at heartbleed and other shit

    It's possible for people to do a code review and still miss something. People are human. And obscure bugs could be caused by a combination of factors and could be easy to miss.

    But also if you believe conspiracies, I've heard some people say things like heartbleed where put in (or left in) on purpose..

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From Arelor@VERT/PALANT to Nightfox on Tuesday, August 03, 2021 17:30:42
    Re: Re: StartMeStick Plug-in
    By: Nightfox to Mr Ned on Tue Aug 03 2021 08:11 am

    Re: Re: StartMeStick Plug-in
    By: Mr Ned to Ksource on Mon Aug 02 2021 07:26 pm

    Are there examples of Ubuntu's store delivering malware? The volunteer nature of Linux repositories does make me nervous at times (although I've never stopped using them)

    Years ago I had a job interview, and the interviewer asked me what I thought Linux.. He then shared his opinion, and he said he thought that since Linux was open-source, anyone could go in and put malware into the code, so he did trust it. And on the other hand, he felt like since Windows is maintained b smaller group of people who are there to make money from it, they would try make Windows as good as possible.

    As far as I know, there are reviewers who review the code submitted for Linu It's not a free-for-all.. So I think there are safeguards in place to try t prevent malware from being submitted in the Linux code.

    Nightfox


    I hate that sort of interviewer because they want employees that agree with them, not employees that know the trade.

    Code sent into the Linux kernel is read by someone before it is merged with the main code tree. The kernel mailing lists are a verbal gorefest of developers criticising somebody else's code and approaches. The quality standards for things that are not "core" is a bit lax though. The reasoning is that if if a GPU vendor sends a module for their graphic cards and their module sucks, it is the GPU vendor's problem - after all, the crappy code only kicks in if you try to run their cards.

    The real danger is in distribution's repositories, since each distribution has its set of policies and may or may not check for evil software sent in by volunteers. This is why I like the Slackbuilds approach, since they want you to send a build script that makes a package out of the official source code of whatever you are packaging. This makes it easy to audit.

    https://www.kernel.org/doc/html/latest/process/submitting-patches.html

    ^ Recommendations for sending patches to the Linux kernel ^

    That said, I am more concerned for malware included in closed source systems since the developer can include all sorts of funky code or functionality in (oftentimes even legally) and the end user is none the wiser, plus the hole may be hard to detect. I remember writing an article long ago about certain propietary GPU driver for Windows calling home and delivering all sorts of non-gpu related information, over an insecure channel (!).



    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Arelor@VERT/PALANT to MRO on Tuesday, August 03, 2021 17:45:40
    Re: Re: StartMeStick Plug-in
    By: MRO to Nightfox on Tue Aug 03 2021 11:01 am

    As far as I know, there are reviewers who review the code submitted for Linux. It's not a free-for-all.. So I think there are safeguards in plac to try to prevent malware from being submitted in the Linux code.


    but they dont review the code. look at heartbleed and other shit

    I think you mean they don't audit it properly, which is a fair concern for some components.

    There are distributions doing active audits on important components, but doing a good audit is slow. Most "hobby" distributions just roll with whatever upstream is producing and assume the upstream code is up to reasonable standards.

    Fun fact is heartbleed could also manifest in non-linux systems if you used OpenSSL on some other platform (I think Windows services built on OpenSSL were vulnerable, and the CVE for heartbleed lists an entry for an Apple security announcement).

    --
    gopher://gopher.richardfalken.com/1/richardfalken

    ---
    þ Synchronet þ Palantir BBS * palantirbbs.ddns.net * Pensacola, FL
  • From Nightfox@VERT/DIGDIST to Arelor on Tuesday, August 03, 2021 16:24:45
    Re: Re: StartMeStick Plug-in
    By: Arelor to Nightfox on Tue Aug 03 2021 05:30 pm

    Years ago I had a job interview, and the interviewer asked me what I
    thought Linux.. He then shared his opinion, and he said he thought
    that since Linux was open-source, anyone could go in and put malware
    into the code, so he did trust it. And on the other hand, he felt
    like since Windows is maintained b smaller group of people who are
    there to make money from it, they would try make Windows as good as
    possible.

    I hate that sort of interviewer because they want employees that agree with them, not employees that know the trade.

    Yeah, interestingly enough, I didn't get that job..

    Code sent into the Linux kernel is read by someone before it is merged with the main code tree. The kernel mailing lists are a verbal gorefest of developers criticising somebody else's code and approaches. The quality standards for things that are not "core" is a bit lax though. The reasoning is that if if a GPU vendor sends a module for their graphic cards and their module sucks, it is the GPU vendor's problem - after all, the crappy code only kicks in if you try to run their cards.

    Makes sense.

    The real danger is in distribution's repositories, since each distribution has its set of policies and may or may not check for evil software sent in by volunteers. This is why I like the Slackbuilds approach, since they want you to send a build script that makes a package out of the official source code of whatever you are packaging. This makes it easy to audit.

    That's cool. :)

    Nightfox

    ---
    þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
  • From MRO@VERT/BBSESINF to Nightfox on Tuesday, August 03, 2021 21:59:41
    Re: Re: StartMeStick Plug-in
    By: Nightfox to MRO on Tue Aug 03 2021 10:15 am

    Re: Re: StartMeStick Plug-in
    By: MRO to Nightfox on Tue Aug 03 2021 11:01 am

    but they dont review the code. look at heartbleed and other shit

    It's possible for people to do a code review and still miss something. People are human. And obscure bugs could be caused by a combination of factors and could be easy to miss.

    But also if you believe conspiracies, I've heard some people say things like heartbleed where put in (or left in) on purpose..

    in that case i believe they didnt review his code. but people and other entities profited from the security hole.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From MRO@VERT/BBSESINF to Arelor on Tuesday, August 03, 2021 22:01:29
    Re: Re: StartMeStick Plug-in
    By: Arelor to MRO on Tue Aug 03 2021 05:45 pm

    Re: Re: StartMeStick Plug-in
    By: MRO to Nightfox on Tue Aug 03 2021 11:01 am

    As far as I know, there are reviewers who review the code submitted for Linux. It's not a free-for-all.. So I think there are safeguards in plac to try to prevent malware from being submitted in the Linux code.


    but they dont review the code. look at heartbleed and other shit

    I think you mean they don't audit it properly, which is a fair concern for some components.

    no, i mean what i said. they didnt review the code.

    maybe they need to audit it properly, also.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From Digital Man@VERT to MRO on Wednesday, August 04, 2021 11:54:57
    Re: Re: StartMeStick Plug-in
    By: MRO to Nightfox on Tue Aug 03 2021 11:01 am

    As far as I know, there are reviewers who review the code submitted for Linux. It's not a free-for-all.. So I think there are safeguards in place to try to prevent malware from being submitted in the Linux code.


    but they dont review the code. look at heartbleed and other shit

    1. Heartbleed was a bug in OpenSSL, not Linux
    2. OpenSSL has been contributed to and reviewed by *many* people and organizations after the bug was introduced into the code in December 2011. The bug wasn't noticed until April of 2014.
    3. All software (of any significance) has flaws, including reviewed software
    --
    digital man

    Rush quote #31:
    Live for yourself, there's no one else more worth living for
    Norco, CA WX: 89.9øF, 32.0% humidity, 0 mph SE wind, 0.00 inches rain/24hrs

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From MRO@VERT/BBSESINF to Digital Man on Wednesday, August 04, 2021 21:30:02
    Re: Re: StartMeStick Plug-in
    By: Digital Man to MRO on Wed Aug 04 2021 11:54 am

    Re: Re: StartMeStick Plug-in
    By: MRO to Nightfox on Tue Aug 03 2021 11:01 am

    As far as I know, there are reviewers who review the code submitted for Linux. It's not a free-for-all.. So I think there are safeguards in place to try to prevent malware from being submitted in the Linux code.


    but they dont review the code. look at heartbleed and other shit

    1. Heartbleed was a bug in OpenSSL, not Linux
    2. OpenSSL has been contributed to and reviewed by *many* people and organizations after the bug was introduced into the code in December 2011. The bug wasn't noticed until April of 2014.
    3. All software (of any significance) has flaws, including reviewed software --

    it's open source and it's in the context of what they were referring to when talking about linux. someone could have [and this has probably happened many times] submitted code that developed a large security flaw in various flavors of linux and sofware that runs on linux.

    sure, all sofware has problems. it's made by people who have flaws.
    ---
    þ Synchronet þ ::: BBSES.info - free BBS services :::
  • From poindexter FORTRAN@VERT/REALITY to Nightfox on Wednesday, August 04, 2021 07:18:00
    Nightfox wrote to Mr Ned <=-

    Years ago I had a job interview, and the interviewer asked me what I thought of Linux.. He then shared his opinion, and he said he thought that since Linux was open-source, anyone could go in and put malware
    into the code, so he didn't trust it.

    It's happened, and it was caught and corrected. University of Minnesota researchers introduced security vulnerabilities as part of their research
    and were banned recently.

    Sounds more like the corporate IT management I used to know who would parrot the FUD that their vendors repeated. Linux won't buy you tickets to the
    sports game or take you out to lunch at the fancy restaurant down the street from the office.



    ... The tape is now the music
    --- MultiMail/DOS v0.52
    þ Synchronet þ .: realitycheckbbs.org :: scientia potentia est :.
  • From Dumas Walker@VERT/CAPCITY2 to POINDEXTER FORTRAN on Friday, August 06, 2021 16:43:00
    Sounds more like the corporate IT management I used to know who would parrot the FUD that their vendors repeated. Linux won't buy you tickets to the sports game or take you out to lunch at the fancy restaurant down the street from the office.

    I know that is why government institutions, excluding universities, are
    down on open source in general. They might use linux but only if it is
    from IBM or some other corporate entity with a lot of money. They don't
    want to lose the sponsorship of their IT symposiums, and they want to be
    able to hold someone financially responsible if something goes wrong.


    * SLMR 2.1a * "My therapist was right...God DOES hate me!!!"-J.Sherman

    ---
    þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP