Vulnerabilities in CentOS 6.5 discovered in Miami

Support for security such as Firewalls and securing linux
bbkirk
Posts: 7
Joined: 2015/08/21 18:29:51

Re: Vulnerabilities in CentOS 6.5 discovered in Miami

Post by bbkirk » 2015/09/01 06:12:22

Here's the thing. Even my posts on your forum are hacked. I originally wrote the following:
And requiring respect is not the same as asking for it.
Somehow it got changed without my consent to:
And requiring respect is the same as asking for it.

The meaning was totally distorted. I am harassed and censored into sounding like a pathetic looser when I am even allowed by the hackers to talk. If I do not sound sufficiently horrible on my own, then someone changes just a few words until I sound completely wrong, monstrous, and crazy. Your fabulous knee-jerk reactions only magnifies the effect, because all of you refuse to give me the benefit of the doubt.

But here's the thing about the hacking. I did not write the broken code. I am not the one refusing to admit that I write bugs. I write plenty of bugs. That is why I spend days and weeks trying to find them. In fact I'm so good at writing bugs that I have also gotten quite good at finding them. Why should I help fix the broken code? Why shouldn't I help fix the broken code? I am a computer scientist to the core. I am actually quite happy to help fix code I did not write.

Actually, if you bothered to ask, I would tell you that I found CentOS 6.5 easier to secure than the version of MacOS that was new at the same time. How astonishing is that? Perhaps it is because CentOS is open source and people nicely try to answer my questions.

There is something quite strange about the economy of our field. Somehow we must market imperfect products which we loudly declare to be imperfect, while the rest of the world ignores our warnings and expects perfection from technology. Then when there is a problem, we are ridiculed so horribly that we have to resort to giving away our hard work in an effort to convince people that we really were being honest. While we once again explain Turing's result about the halting problem, the lack of provable verifiability, and the lack of provable security. Strangely enough, our explanations never work for long. The cycle repeats itself, and our skills are one again devalued at the same time as we are told that the world cannot live without us. Actually, I think that a lack of security is a good indicator of a technology bubble.

Oddly enough, despite the problems with our field's economy, we have several generations of computer scientists that believe strongly in open source. As I understand, even Mac has based their latest OS on BSD. It is probably not an exaggeration to say that every computing infrastructure in the world makes use of open source software. We should be very proud of what we have accomplished.

Of course, you all could argue that I have yet to give back to the open source community. So maybe there is no we in the statement that I just made. But I think I have given back in ways you may not readily see. I believe in what people can do, more than in their credentials. Despite being trained in the academic model of teaching, my early days with computing were largely self-taught. I gave back to the community in the early days by writing tutorials, doing volunteer work, teaching people about computing, and fixing computers. I still fix computers. I have already taught numerous students how to write better algorithms and better code. And, I'm quite certain that I know how to write algorithms, deterministic or statistical, that would help improve CentOS.

But I have a bottom line, I have no interest in working with people who continue to take me for a fool. I could care less whether you disagree with my politics or think my identity is rubbish. As long as you politely disagree with me, I will be fine. But if you continue to slam my competence for no reason, then you are welcome to keep the problems in your field. I can make a living doing something else. I am quite happy painting houses.

Cheers,
Brent

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Vulnerabilities in CentOS 6.5 discovered in Miami

Post by avij » 2015/09/01 06:18:19

The topic was previously put into quarantine because it was suspected that this discussion might end up with rants like the above. This is not censorship -- we accept criticism, but if the discussion strays too much offtopic or becomes a flamewar, the moderators will need to do something.

Please stick to discussing CentOS. Otherwise this topic will get locked or deleted. This guideline applies to other users as well.

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: Vulnerabilities in CentOS 6.5 discovered in Miami

Post by gerald_clark » 2015/09/02 01:39:26

1. CentOS does not fix the software. It is a rebuild of RHEL.
You would need to post problems on RHEL bugzilla.

2. Exploits for 6.5 are of no interest. Prove an exploit for currently updated 6.7. and submit it to RHEL.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Vulnerabilities in CentOS 6.5 discovered in Miami

Post by TrevorH » 2015/09/02 08:12:49

I think at this point, this topic can usefully be locked as it appears to be mainly flamebait.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Locked