by bjpbakker on 10/25/18, 9:52 PM with 83 comments
by cperciva on 10/25/18, 11:31 PM
If OpenBSD starts participating in embargoes, they'll get advance notice of vulnerabilities. It's as simple as that.
by busterarm on 10/26/18, 7:35 AM
Immediate and public disclosure is the only responsible disclosure there is and I commend (and monetarily contribute to) the OpenBSD Project for their soft stance against embargoes.
Operating in opposition to that, a large portion of the security industry plays along for reasons varying from personal pride (appealing to authority makes you feel like one of the good guys) to the extremely lucrative payouts for selling 0day to nation states. It's no surprise that the higher your profile in the industry and on twitter, the easier time you have getting paid out on bug bounties. All of this hurts users.
I develop and maintain software and software infrastructure for a living. If you find a vulnerability in work I am responsible for, please rake me over the coals as publicly and loudly as you can. That motivates the PTB who fund my work to resolve the issue better than anything else.
by fizwhiz on 10/26/18, 12:23 AM
by DonHopkins on 10/26/18, 4:30 AM
>This is what happens when software with good intentions goes bad. It victimizes innocent users by distorting their perception of what is and what is not good software. This malignant window system must be destroyed.
>Ultimately DEC and MIT must be held accountable for this heinous software crime, brought to justice, and made to pay for a software cleanup. Until DEC and MIT answer to these charges, they both should be assumed to be protecting dangerous software criminals.
>Don’t be fooled! Just say no to X.
>X-Windows: …A mistake carried out to perfection. X-Windows: …Dissatisfaction guaranteed. X-Windows: …Don’t get frustrated without it. X-Windows: …Even your dog won’t like it. X-Windows: …Flaky and built to stay that way. X-Windows: …Complex non-solutions to simple non-problems. X-Windows: …Flawed beyond belief. X-Windows: …Form follows malfunction. X-Windows: …Garbage at your fingertips. X-Windows: …Ignorance is our most important resource. X-Windows: …It could be worse, but it’ll take time. X-Windows: …It could happen to you. X-Windows: …Japan’s secret weapon. X-Windows: …Let it get in your way. X-Windows: …Live the nightmare. X-Windows: …More than enough rope. X-Windows: …Never had it, never will. X-Windows: …No hardware is safe. X-Windows: …Power tools for power fools. X-Windows: …Putting new limits on productivity. X-Windows: …Simplicity made complex. X-Windows: …The cutting edge of obsolescence. X-Windows: …The art of incompetence. X-Windows: …The defacto substandard. X-Windows: …The first fully modular software disaster. X-Windows: …The joke that kills. X-Windows: …The problem for your problem. X-Windows: …There’s got to be a better way. X-Windows: …Warn your friends about it. X-Windows: …You’d better sit down. X-Windows: …You’ll envy the dead.
https://medium.com/@donhopkins/the-x-windows-disaster-128d39...
by krackers on 10/25/18, 10:25 PM
by protomyth on 10/25/18, 11:05 PM
[edit] a tweet for @OpenBSD said: We're currently preparing errata and a security advisory for today's Xorg issue that allows arbitrary overwriting of files as a non-root user. You can run "chmod u-s /usr/X11R6/bin/Xorg" as a temporary workaround until the fixes are out.
by newnewpdro on 10/26/18, 4:55 AM
by bubblethink on 10/26/18, 4:17 PM
by yitchelle on 10/26/18, 9:11 AM
I guess that by doing the type of discussion in the public, the level of accountability is a lot higher for all concern.
by based2 on 11/2/18, 6:48 PM
by JshWright on 10/25/18, 10:30 PM