/fglt/ - Friendly GNU/Linux Thread

>two people buy it
>diff
>???
>profit

wow that was hard

How are they going to pass hash checks user? Provide a hash for each individual? That seems awfully suspicious.
>taking all this time out

>donate XXX once a month from server donations

Those patches are expensive.

And providing hosting for a distro isnt?
Buy the patch set, apply it to your hardened distro.Its not different then running donations for server bandwidth

Fork grsec

newfag here, what is "grsec"?

You cant

Who's gonna adapt them for future kernel updates?
Sure, you can still use the last public pacthes now, but with each new kernel version the diff is just going to get larger.

and who's going to maintain and develop the fork ?

yes you can, don't be a fag, anything you do will be better and in compliance to the linux kernel, even linus torvalds agrees

give it time and gresecurity will be deprecated for the same people they ostracized

>linus torvalds
who?

the founder of facebook

>Who's gonna adapt them for future kernel updates?
that's probably the easiest part: only support LTS versions.
the harder part would be always getting the new grsec patches

You can. It's a derivative work from Linux kernel so it has to be GPL2 licensed.

It's a set of security patches for Linux kernel. Some distros shipped a "hardened" version with grsec applied.
It was never accepted into mainline kernel because it's an unmaintainable mess and grsec devs didn't want to do anything about it.

thanks

The new patches are not under gpl, but under there own gresec license.

Sup Forums does. I'll make the logo

i don't think so, grsec is a highly specialized set of patches and the team has been working on it for ~15 years. even if some team starts developing something new now (or forks grsec) it will still be at least another 5 years before they'll catch up and will be considered by any serious distro

How long until a fork is made?

which means the only currently viable option would be taking the latest set of patches, apply it to the latest LTS kernel tree, and try to keep them compatible.
new features / fixes / updates would be out of scope for now.

They have to be under GPL2 since it's a derivative work and violating the GPL would make potential clients unwilling to touch it with a 10-foot pole.
It's just that Spender will add a clause in the contract that redistributing will terminate the contract and you won't receive new versions of grsec. Ever.

There is a wip project here: github.com/kdave/grsecurity-patches/tree/master/wip
They have a patch for 4.9.25 but dunno if it even works

there are 30 posts in this thread and about 10 of them explain what the problem with forking currently is.

How much if the patches are exclusively bugfixes and kernel compatibility updates?

>daily
>not every minute

s/Spender/Spengler

I should learn to write some day.

are these patches even worth it?
isn't the kernel secure ootb?

ootb it's actually worse than windows 10's which is kinda embarrassing
Note that this post is not an endorsement of Windows 10 or MS' privacy practice in any way, shape or form

>isn't the kernel secure ootb?
No. Security hasn't been a priority in the development.

Linux cares little for security,he is all about performance for some reason.

niggers you are making it seem is not more secure because of its kernel, which is a deceit

hello friends. im trying to clock my eeepc celeron M from 630mhz back up to its original 900mhz. ive read about software solutions but they are all ancient/broken dl links. whats a way to approach changing the FSB values?

You can find various quotes the past 10 years from linus stating he dosent care that much for security and is performance oreineted.
There are alot of bugs and holes that have been open for years that never got addressed for some reason.Check out the last big news of the decade old exploit found in the kernel.

>ootb it's actually worse than windows 10's which is kinda embarrassing
source ? or any examples ? it's hard to get worse then allowing everyone to get root by saying "hello, i'm a printer"

i mean, yeah, there are many security problems with linux, but under normal circumstances getting root is still harder than under windows especially if you use the default configurations provided with most programms

not what I said, I mean, at least clarify that kernel security is addressed at access from userland and if you put permissions on the table is far far more secure

but linux lacks security features in the kernel
which is ironic, because these very same guys (PaX team) came up with ASLR...

in any case, AFAIU, the real problem is, the grsec people (spengler) want to dump/merge all the patches at once, while the kernel devs just don't want to break shit

cpufrequtils ?

what does cpufreq-info say ?

care to prove your point?

security features = security

god fucking dammit, at least learn about CAPABILITIES

which patches?

maybe cpufreq-selector(1), idk

grsec adds a bunch of security features... and we wouldn't be talking about it if they weren't useful

so people can hack any distro without grsec?

To all you bitches claiming security feature at the kernel is the same as security, learn about LKM and how it adds selinux or apparmor

Yes, RBAC is the one thing not covered with selinux/apparmor

This is an example of what I meant with all this thread, you are all sreading FUD

>in any case, AFAIU, the real problem is, the grsec people (spengler) want to dump/merge all the patches at once, while the kernel devs just don't want to break shit
thats understandable from linus point of view

not really sure what happened with 3.X because it doesn't seem that different from 2.6 (compared to the step from 2.4 to 2.6), but why didn't they try to get them into the 3.X line ? that would have been the perfect moment to break compatibility with older kernels and would (should ? i don't really get 3.X) have had enough time and RCs to test everything

You have a gushing wound.
Would you just let it coagulate by its self over time.
Or
Would you apply a bandage to the wound to apply a clotting barrier?

No. As a normal, not paranoid user you wouldn't notice the difference. Most 0days mitigations are for example one of the features of grsec, think of it like an EMET on steroids.

Been using my phone as a primary modem for a while now. Rcently they started throttling me to 15kbps during peak hours, so, want to get cable intenet. Can Sup Forums recommend me a cable modem to get? It'd be nice if it has open source components, no backdoors, low latency, etc. It'd also be nice if it can connect to my router via USB, as that is how my router is currently configured from connecting to my phone.

As a side note, I constantly get blocked from posting on Sup Forums due to whatever IP address my phone uses. What nonsense is this? Lets see if I can reply instead of starting a new thread...

Not as easily as windows

Not what he asked

At least you fags should remember that selinux/apparmor is packaged with many distros

>selinux
Not enabled by default in the kernel
>apparmour
Not enbled by default in the kernel

>selinux
>nsa created and still maintains code
Yeah,totally putting that on my system

Congrats, your ignorance on basic security terminology is going to be taken by winfags

Learn on linux capabilities
Learn on LKM
Learn to the role of permissions

And for fucks sake, if you already know this, SAY IT!

can someone give me a quick rundown on the systemd controverse
?

fuck off

That is why AppArmor need more love, and is easier to setup

>Not enabled by default in the kernel
You have to patch and recompile the kernel to use grsec you retard.

>Yeah,totally putting that on my system
If only there was an alternative...
>>apparmour
IF ONLY...

>selinux
>Not enabled by default in the kernel
but compiled-in every major distributions kernel, so it's literally just writing 1 instead of 0 into a "file"

not sure about apparmour though.

cvedetails.com/product/32238/Microsoft-Windows-10.html?vendor_id=26
>2016: 172
>2017: 68
cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33
>2016: 217
>2017: 266

Considering severity, number of cves with CVSS score >= 7:
>2016: 109
>2017: 28
and for linux kernel:
>2016: 90
>2017: 188
links are here: pastebin.com/p7hARPT7
The attitude towards implementing new security mitigations b/w MS and Linux is wildly different too, what helps Windows as well imo is that they are running a bug bounty with pretty nice payouts (in comparison to others) for researchers who are able to break their mitigations and offer better designs too.

how about you try to make up your own opinion ? it's not like you'll get a serious answer on a board dedicated to technology related shitposting

And here it is, the FUD that can only be ridden with a good basic knowledge of hacking

How are you going to get rid of this troll /fglt/? Do you know the difference between kernel exploitation vs user level access?

What the fuck are they gonna do? Make a new business and set up a new contract with grsec every time they use a new version? grsec stops providing corporations with the source code if they release it you know.

≥not setting up a script that pacman -Syyu 's every minute

Are you actually retarded or paid to be retarded?

CVEs are only assigned to *known* vulnerabilities.
Windows could have thousands of hidden critical vulnerabilities that are not public because only two people in China managed reverse-engineer them and they intend on using them.

number of CVEs != (in)security

And how are they going to identify one copy of the source code vs the other?
If they change any part of it between each other the security hashes will not match the publicized hashes for verification.

>this argument, again, for the nth time
protip: an undisclosed exploitable bug in windows mean lots of $$, and while it may mean the same on linux, most people will keep the windows ones secret while disclosing the linux ones (to, say, root android or whatever, i.e., $$$ for disclosing), simply because in the windows world, exploits are more profitable when kept secret.

If you are still scratching your heads, think on rootkit vs non-root users

And no, not implying the word root has the same meaning in both

this.

linux isn't really secure. take android as an example. enterprise distributions exist for a reason

Linux kernel development may not focus on security, however it is rather foolish to assume CVEs mean anything when comparing it with Windows, the de facto most insecure OS straight after android (and the latter is because of Google's incompetence)

I warned you about winfags bro

there are some flaws with those statistics or at least the way they are presented.
e.g. which linux kernel line is meant ? shouldn't it be windows (all versions) vs linux, or windows 10 vs linux 4.10 or whatever is currently mainline ?

and if you compare the actual bugs, most of the windows bugs are listed as remote execution while most linux bugs as local DoS
and yeah, what i just said still doesn't mean shit because it's not that simple.

What ldflags should i use?

>linux isn't really secure. take android as an example
wut

My desktop runs Linux
My laptop runs Linux
My file server runs Linux
My router runs Linux
My phone runs Linux

Im this guy: plz halp

blog.patshead.com/2013/04/my-bios-is-limiting-my-cpu-clock-speed.html

apparently, an old version of kernel with backported shit loosely bolted on top constitutes a valid example of mainline Linux

Jesus fucking christ guys, cut it from root

More bugs found = more bugs fixed
Fewer bugs found = more bugs on the wild

Linux is more secure THANKS to people finding bugs, even if they don't solve it immediately

While on windows bugs are not fixed, becuase they are not even announced but used against windows users

I just completed the linux command line book. Should I try installing arch or am I too noob to try that? I just don't like the pre installed software that comes with all distros.

Try it. It's not difficult and the wiki has all the documentation, even though the installation guide is somehow vague on purpose.

this. i can pretty much log in into windows xp-10 by renaming cmd into accessibility programs and even do that on an encrypted partition via a one liner in recovery cmd and even extract the keys via another one liner (bitlocker)

do open source cable modems even exist? why not simply just use a openwrt router under the modem?

Arch is easy to install, you basically just follow the guide on their wiki and then skim through the General Recommendations to set up shit you like and want.

It's a nice experience and you'll know your way around the system better, but I'm willing to bet in two year's time you'll be sick of the effort you have to put into maintaining the system and migrate to something like Fedora or OpenSUSE.
Still, go for it, it helped me.

I *will* be using an OpenWRT router with the modem. Are you suggesting it literally does not matter what modem I get?

what is the best distro for communists?

>I just don't like the pre installed software that comes with all distros.
every major distro offers a minimal image / installation.

redstar os

Red Star?

>cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33
>Android
found your problem

...

arch is easy to install but you had to manually set up stuff like cjk fonts and that locale nightmare. the only reason i use it is the AUR and octopi and because manjaro was buggy back then. sadly the AUR is becoming less maintained. if you find systemd hafmful just go for manjaro openrc which i will replace arch with

So I've got a problem. I had multiple HDD failures and I've become incresingly paranoid about its use by the system. Before I always had hdparm to disable APM on boot with .xinitrc, because of that fucking clicking sound. However after booting from suspension something sets that fucking option to 128 again. Is there any way to completely nuke that feature without recompiling the kernel? Do I need to edit the zzz script? Running Void.