Linux community isn't in a reasonable position to criticise Microsoft on security. Mainstream distributions are much worse off than Windows.
-
-
Replying to @CopperheadOS
Despite the issues it has the Linux kernel itself isn't worse off. It's the decentralized userspace and distro packaging with major issues.
1 reply 7 retweets 26 likes -
Replying to @CopperheadOS
For example, PIE is required for full ASLR on Linux. The cost on x86_64 with a recent GCC is closer to 0% than 1% even for microbenchmarks.
1 reply 3 retweets 27 likes -
Replying to @CopperheadOS
Yet most major distributions have only recently started to deploy it on a significant scale. It was stable and near zero cost for *years*.
2 replies 2 retweets 23 likes -
Replying to @CopperheadOS
Many of these mitigations originate in the Linux world, but adoption sucks. PaX RAP is the best available production implementation of CFI.
2 replies 6 retweets 20 likes -
Replying to @CopperheadOS
Yet there's no major distribution that has even started to adopt coarse CFI like Microsoft deployed for everything. They still need ASLR...
1 reply 4 retweets 19 likes -
Replying to @CopperheadOS
It's also an issue that the decentralised development model puts people actively hostile to better security in control over important areas.
1 reply 7 retweets 16 likes -
Replying to @CopperheadOS
There's also nowhere with more stubbornness over using C forever and denying the problems it causes than the Linux and *BSD world...
3 replies 21 retweets 50 likes
Hey, I hear that FreeBSD might even get ASLR support someday!
-
-
-
I know of HBSD. I just think it's silly that the mainline OS hasn't incorporated an exploit mitigation that has been around for ~15 years.
1 reply 1 retweet 5 likes - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.