Just LPEs with next to no market value, but after seeing the hysteria over the "vulnerability" in Windows atom tables, I'm thinking it might be a good way to get some publicity and force people to take a look at information that's being largely ignored, especially if I just dump the exploits without notifying the vendors. (One or two may apply to NetBSD, though I haven't bothered to confirm.)
What would be a good way of generating a spergout over the release? Which popular tech journalists/bloggers would pick it up? I already plan to email The Register and Ars Technica.
Anthony Murphy
What kind of exploits.
Joseph Ross
Just local root exploits.
Chase Cox
pls deliver OP
Easton Russell
So no remote exploits?
Robert Flores
No local ones either, OP's pulling this out of his ass.
Landon Martin
Not the ones I'm thinking of dumping, no.
Chase Williams
Spot the BSD developer fishing for info.
Gavin Perez
I'm not a BSD dev, I just don't believe OP.
Ryder Diaz
What would make you believe the OP? INB4 "telling me what the vulnerabilities are."
Michael Cox
So I'm just supposed to take some random guy's word on it? Nah.
Kayden Sullivan
IMO best option is to notify vendors and wait for response before contacting any news outlets
Owen Richardson
What happened with the atom tablets?
Benjamin Sanchez
Openbsd has no remote exploits, or so I have been told.
Matthew Jenkins
no one ever said this
they even claim that they had at least two at some point
Jose Martinez
Will these work for Mac?
Carter Torres
Well, not that this is the foundation of an exploit, but speaking of random, maybe it's about time that FreeBSD developers fix /etc/rc.d/random to restore the secure permissions on /entropy
save_dev_random() { + oumask=`umask` + umask 077 for f ; do if :>>"$f" ; then debug "saving entropy to $f" dd if=/dev/random of="$f" bs=4096 count=1 2>/dev/null fi done + umask ${oumask} }
Keep doubting. The spergout is going to be hilarious.
Aiden Phillips
Dump everything now and the developers can fix it.
Carson White
...
Brandon Lewis
I don't use BSD but I think BSD being secure would be good.
Jackson Hughes
trueos doesn't have this problem
Mason Brooks
...
Angel Rogers
Even some debian developers use mac osx. If you don't mind proprietary software mac osx is actually good.
Adrian Anderson
looks like GNU propaganda, move along and ignore it.
William Russell
looks like BSD bullshit, again
stop pretending like nothing is wrong with BSD motherfucker
Brody Allen
I'm not pretending like nothing is wrong with BSD, I'm saying that everything is wrong with this picture. It's obvious GNU propaganda.
I know a bunch of people who run a BSD daily, even NetBSD ffs, and with "modern software" like firefox or chromium which aren't much but are still tanks.
Just read what's in the picture a bit. It's starting with some license war, saying that the BSD licensed alternative to GPL software sucks, which it most definitely doesn't (look at llvm, look at openssh, look at libressl, look at libedit) Then it says that BSD projects can't run modern applications that weren't made in the 90's, which is flat out wrong, FreeBSD has plasma 5, while NetBSD and OpenBSD have qt5 working, they all have modern compilers, chromium, firefox, etc. Then they attack the developers themselves saying that they don't use their OS, which they most definitely do. Then they talk about how BSD is a monolithic kernel, when NetBSD can be officially used as a microkernel while linux still is a monolithic mess. Then they tell lies about how you have to reboot your computer if a driver crashes on BSD but not on linux, this simply depends on which driver, whether it's a module, etc.
Yes, things are wrong with BSD, they lack some support because they lack manpower and keeping the GPL out while keeping modern support is a huge task because of Linux, but everything is wrong with the article in the image and nothing in there should be taken seriously.
Ethan Thompson
can you play tekken 7 in wine on bsd*?
Elijah Edwards
bullshit, you rush to accuse everything is propaganda and defend BSD at all cost
John Bailey
Taunt them on their mailing lists.
Samuel Davis
Eh, I don't have any animus toward BSD or its developers. It's just that FreeBSD and OpenBSD local exploits are the only things I have that (a) have extremely low market value; (b) might still be newsworthy enough for my main goal of drawing attention to something totally unrelated to BSD.
Asher Young
>has no remote exploits They has. Also failed to find openssl exploit and gone full autism with libressl.
Joseph Hall
do it.
if you found stuff others have or will and youre better off forcing people to patch it quickly instead of it being drawn out and exploited for a decade from alphabet agencies or sold on the black market and kept secret to exploit
maybe this will force openbsd to actually adopt jails
Luke Lee
>they even claim that they had at least two at some point the one would have been prevented, but theo decided to hold off on a couple things for -RELEASE. if he hadn't hesitated the exploit would have been ineffective.
Jackson Hughes
>openssl was never an openbsd project
Gabriel Sanders
...
Ryder Edwards
>gone full autism with libressl
what?
Isaiah Martin
>I have these secrets >>no you don't >How can I make your beleive me, and don't say reveal the secrets >>>>>>>>
Lincoln Campbell
FreeBSD devs use OSX*
OpenBSD devs all use OpenBSD on their laptops.
Zachary Perez
>local You'd be lucky if Goodwill let you drop this trash off
Jeremiah Thompson
Last time I notified FreeBSD about vulnerabilities, they were very receptive and professional, but it was many months before fixes were available. That's no good for my immediate goal of drawing attention to some information.
Hudson Fisher
What do you think about Phoronix? I feel like the readers of that would make a big stink about it. Obviously HN too.
