"It's not safe to run an internet facing Windows box right now," a hacker who used to work in the US Department of Defense said to Motherboard.
I'm thinking this could be a good time to introduce your friends to #Linux.
I wrote a bit on why over on Reddit: https://www.reddit.com/r/linux/comments/65gnkm/this_could_be_a_good_time_to_talk_to_your_friends/
@forteller from an exploit mitigation perspective, the main Linux distributions trail behind Windows. With grsecurity making their patch private, all distributions will fall behind. When it comes down to it, Windows is likely more secure than stock Linux. It's simply that Windows has a larger market share on the desktop. If Linux had that same market share, you'd see it be targeted more.
@lattera If Linux had a larger market share then there would be more eyes and resources on finding and fixing security holes too. Just think what could be done if say 5-10 countries switched all their administrative PCs in government, police, healthcare, etc to Linux and spent all the Win+MS Office license money on making Linux better.
@lattera @forteller that was not his argument. His argument was: the more people use it, the more resources are available to do the audits and improve it.
Your logical fallacy is: Straw Man. https://yourlogicalfallacyis.com/strawman
@forteller @lattera that's the point. Investing in FLOSS is investing in a public good, it actually pays off both for governments, and the people.
Also, think of local companies being able to help with development of features needed by local governments. We really don't need to send buckets of cash to Redmond.
@forteller @lattera @rysiek Not happening.
By which I mean: Any government that can save money on dropping OS costs will not reinvest that into an open-source project. They'll sooner channel that money somewhere else.
For eg, the whole world basically runs on OpenSSL, including all firewall vendors. None of them found Heartbleed before it was too late.
Many eyes doesn't mean they're always looking.
@wogan @forteller @lattera nobody says it means that. But at least they *can* look. It's our choice if we choose to actually use that chance.
And it's up to us, the citizens, to push the governments to Do The Right Thing. Surprise, surprise.
@rysiek @wogan @lattera My greatest fear is software controlling critical systems for peoples life and liberty and for the possibility of whistleblowing, journalism and resisting the state power intentionaly being made say "I can't let you do that" in some cases. In a world where everything is computers that can be the death of freedom.
FOSS can be hacked, but not built to serve others than the users without anyone knowing about it.
@forteller @wogan @lattera Democracy always lives in the cracks of the system. We need to preserve these cracks. FLOSS is a way of doing just that.
@forteller @lattera Linux has an enormous market share on servers (Without Linux the Internet would stop working), phones and gadgets, but not so much on desktops. Companies like Google and IBM have been putting money into Linux development since years. Agreed on the money saving re: Microsoft. Money flowing towards Redmond WA, USA is like a black hole, and not worth it.
@yellowfrog @forteller and, yet, nearly all the IoT devices that run Linux have critical vulnerabilities that will never, ever be fixed.
@lattera @forteller Yes, indeed. A terrible truth.
@forteller @lattera @yellowfrog honest question: are the vulnerabilities in the actual kernel or on the software running on top of it?
@lattera @Maltimore @yellowfrog There's always voulnerabilities in all software would be my guess (I am not a coder)
@lattera @yellowfrog @forteller well that's a very fatalist point of view. The conclusion of that would be that I could also just do my online banking with internet explorer on windows (ugh). Sure all software has vulnerabilities but some more than others.
@Maltimore @lattera @yellowfrog You just litteraly said the same thing that I did, though ;) I never said there's no differences, or else I wouldn't have posted that original toot in the first place :)
@forteller @lattera @yellowfrog actually I can't see your first post in this thread. For me the first post is by Shawn Webb starting with:
"@forteller from an exploit mitigation perspective, the main Linux distributions trail behind [...]"
@yellowfrog @lattera @forteller
I think I found your original post on your profile now though
@Maltimore @lattera @yellowfrog Yeah, there is a problem with not geting the full thread from other instances. That's a big issue that really needs to be fixed. I hope it's high on the dev's list
@forteller we thought the same about OpenSSL until Heartbleed. The "it's open source, so there's eyes on it" argument means nothing.