[ 3 / biz / cgl / ck / diy / fa / g / ic / jp / lit / sci / tg / vr / vt ] [ index / top / reports / report a bug ] [ 4plebs / archived.moe / rbt ]

Due to resource constraints, /g/ and /tg/ will no longer be archived or available. Other archivers continue to archive these boards.Become a Patron!

/g/ - Technology

View post   

[ Toggle deleted replies ]
File: 609 KB, 600x539, 1378596075685.gif [View same] [iqdb] [saucenao] [google] [report]
50335227 No.50335227 [Reply] [Original] [archived.moe] [rbt]

Why is Linux such a piece of unsecured shit?

>Have Linux installed on my laptop
>Lock my laptop
>Realize I can fucking kill the X Server with Ctrl+Alt+Backspace
>Unlike a Windows or OS X laptop. If someone steals my device they can easily access my session through this backdoor
>Decide to fix it
>Hmm should I edit the xorg.conf or or XF86Config or XF86Config-4 file or create a new file in the xorg.conf.d directory. It doesn't FUCKING MATTER BECAUSE X IS A PIECE OF ANTIQUATED AND INFLEXIBLE SHIT THAT WILL NOT HONOR ANY FUCKING SETTING YOU MAKE.

Oh I almost forgot Alt-SysRq-F is the Linux kernel "OOM-killer" keystroke. It shoots down random long-running programs of its choosing, and so might target the screen locker.

And yes there are other keystrokes/vulnerabilities that will fuck your screen locker. Because the developers of X11 and the Linux kernel want to give a very secure OS!

Linux is only free if your time has no value

>> No.50335273

Im interested in the solution to your problem. Any gents willing to share a solution...?

>> No.50335391

>have Windows installed on my laptop
>realize that I can fucking kill Explorer and force my account log out if I unscrew the back and remove the battery
Why is Windows so fucking insecure?

>> No.50335436

OP here, I fixed the Ctrl+Alt+Backspace issue.

Linux is still a clusterfuck of patches and hacks with zero fucks given to design philosophy and quality control though.

>> No.50335474

>Why is Linux such a piece of unsecured shit?
Because you're a retard, that's why.
Shhhhhhh.Nope.I said, /thread.

>> No.50335506

>Realize I can fucking kill the X Server with Ctrl+Alt+Backspace
doesn't do anything
kill yourself.

>> No.50335524
File: 125 KB, 401x305, 1377329564763.png [View same] [iqdb] [saucenao] [google] [report]


>Default behavior of system is to allow a backdoor that kills the screen locker
>t-the user i-is a r-retard

>> No.50335564

And so what if it kills the screen locker? The offender still has to login. Unplugging a machine running any OS will also kill the screen lock.

>> No.50335571

First, it doesn't do that by default for quite some time - you have to enable it yourself.
Second, Stealing sessions through killing X? What fucking hobo setup do you have? If you manually do startx then just do "startx; logout" - problem fucking solved and you still keep the useful ctrl-alt-backspace.
Third, Magic SysRq? Seriously? That's for kernel debugging and is disabled in virtually every distro ever. Don't complain about shit you explicitely enable you retard.

>> No.50335577


Unless plugged in, removing the battery would just shut the whole system down, still requiring a password to log back in. If plugged in the system would still have power and nothing would change.

If you're going to make fun of someone, at least do it intelligently

>> No.50335584

What is Stallman angry about?

>> No.50335591

>being this new

>> No.50335619


what the fuck is OP going on about

>> No.50335629

>being this rude

>> No.50335637

>Shhhhhhh.Nope.I said, /thread.
Don't make me say it again.

>> No.50335641

>The offender still has to login

We are talking about the SCREEN LOCKER not a login manager.

What happens if a user finds a way to crash gdm by typing noise at the login box? Nothing much: if gdm crashes, there's still nobody logged in. If the screen locker crashes there IS ALREADY someone logged in.

>> No.50335653

>nothing happens
once again op turns out to be a fag

>> No.50335657

>implying a nigger who steals your laptop wouldn't think its broken as soon as he saw X die

>> No.50335667

But it doesn't crash the screen locker it kills your whole X session.

>> No.50335679

X is GNU, Bash is GNU, Magic SysRq is disabled by default unless you installed a debug build of the kernel.

Also, who the hell uses X anymore, even if they use GNU?

>> No.50335692

X ain't GNU

>> No.50335717

You are still logged in.

You can type startx or navigate using the command line.


And yes, niggers know how to start X manually.

>> No.50335724

>X is still a clusterfuck of patches and hacks with zero fucks given to design philosophy and quality control though.
I fixed that for you.

>> No.50335756

>If someone steals my device
>living in third world countries or America

>> No.50335758

My bad. I was on a who the hell uses X and who the hell uses GNU roll.

One thing's for damn sure, X ain't Linux. X is just a userspace program. An old as shit one.

>> No.50335778

see >>50335571
If you're using a login manager like gdm/slim/whatever you're not logged in anymore after killing X.
Stop being stupid

Also, fourth you stole your OP from the horrible out-of-date https://www.jwz.org/xscreensaver/faq.html#no-ctl-alt-bs
Wich is also kinda retarded, I like jwz but "XGrabMagicKeys()" is the dumbest shit ever.
(Not to mention the macfaggotry)

>> No.50335819

>>Have Linux installed on my laptop
>>Lock my laptop
>>Realize I can fucking kill the X Server with Ctrl+Alt+Backspace

>using shitty desktop environment with unsecure lock screen which allows keystrokes nevermind ctrl alt backspace
>it's linux fault guise

>using shitty distro with ctrl alt backspace enabled by default
>it's linux fault guise

>Oh I almost forgot Alt-SysRq-F is the Linux kernel "OOM-killer" keystroke.
>using shitty distro with magic sysreq key enabled by default
>it's linux fault guise

>> No.50335827

What distro is OP using that starts X automatically but doesn't logout after the X session ends?

>> No.50335832
File: 49 KB, 419x418, 1378999707517.jpg [View same] [iqdb] [saucenao] [google] [report]

So OP let me get this straight, because you have no idea how linux works, you assume you have to install X server and a DE to get shit running, and then you blame Linux developers for X vulnerabilities? You are so wrong I don't even know where to begin.

X is shit, everyone will tell you that, most especially X developers. That's why they gave up a long time ago. Also I can't recreate whatever you're describing with xlock, so I'm assuming you're either using shit software or looked up a legacy bug that was patched years ago. Because there is no chance in hell that this sort of critical bug wouldn't be fixed withing HOURS of it being reported.


>> No.50335854

OP is confirmed faggot

>> No.50335855

Prob one of those minimalist orientated distros like Arch.

>> No.50335856

This is in my .kshrc (equivalent to bashrc or wherever you put shell aliases in Linux)
alias x='test -z "$DISPLAY" && exec startx -- -nolisten tcp'

"It's too late. What am I supposed to do?"

>> No.50335868
File: 10 KB, 350x334, 0000A0.jpg [View same] [iqdb] [saucenao] [google] [report]

>tfw I noticed that I have x server installed on my distro too

what do lads?

>> No.50335869
File: 490 KB, 886x810, 1428324171353.png [View same] [iqdb] [saucenao] [google] [report]

You're a faggot.
For any of this to work, someone needs to physically access your laptop. And an OS can't fucking protect the physical computer from theft, that's your own responsibility. As for protecting data against theft like that, the only option is encryption, which most linux distros can give you out of the box during installation.

>> No.50335883

Arch user here. I can't recreate this bug. And I am not even using a display manager. OP is just a winblows shill.

>> No.50335901

>>Realize I can fucking kill the X Server with Ctrl+Alt+Backspace
>>Unlike a Windows or OS X laptop. If someone steals my device they can easily access my session through this backdoor
How exactly?
Just because you're a dumbass archnigger who thinks startx is le cool and le haxxor it doesn't mean linux is insecure

And Yes X is a piece of trash.

>> No.50335903

Encryption won't protect you from this, though. This is just a stupid bug that is not relevant any more.

>> No.50335907

He's a shitposting fuckface and we all fell for his bait. Just report and sage.

>> No.50335908

shut up

>> No.50335924

See this: >>50335883

This is not working even with startx.

>> No.50335940

>Just because you're a dumbass archnigger who thinks startx is le cool and le haxxor it doesn't mean linux is insecure
I use arch and startx and what OP is describing can't be done. I even got xlock and it wouldn't let me do it either.

>> No.50335964

Did you even enable ctrl-alt-del?
It's disabled by default in Arch.

>> No.50336005

It doesn't even matter because xlock disables all keybindings.

>> No.50336044


>> No.50336087

this is the 4th time I've seen this thread today... someone is being paid. I wonder how much, because I'm unemployed :(

>> No.50336093

>why is Linux such an unsecured piece of shit

Because it's not maintained by paid developers and depends solely on the effort of unemployed hobbyists neckbeards

>> No.50336105

You have to be a special kind of stupid if you're complaining about any OS or devices security with physical access to the device.

>> No.50336117

some guy just discovered jwz's eternal xscreensaver butthurt and tries to troll /g/ with it

no conspiracy theory needed

>> No.50336124

shhhhhut up

>> No.50336134

SysRq is enabled on Arch, but only allows to call sync.

>> No.50336145
File: 148 KB, 580x435, linux-kernel-sponsors.0011.jpg [View same] [iqdb] [saucenao] [google] [report]

>Because it's not maintained by paid developers and depends solely on the effort of unemployed hobbyists neckbeards
So you consider microsoft devs to be unpaid hobbyists? Then why do you use windows?

>> No.50336173

1. That doesn't work on most distros.
2. If it does, it kills your entire session and you will be logged out.
3. Other OSes have bigger problems. What about OS X, where holding command + S during startup dumps you to a terminal as root? What about Windows with its 10^37 viruses?

>> No.50336199

MS doesn't contribute much. But the other top contributors contribute a lot and are highly respectable.

Interesting that there are more contributions from professionals than from amateurs.

>> No.50336226

>You are still logged in.
>You can type startx or navigate using the command line.
I see the problem. You don't know about VTs.

Linux has multiple Virtual Terminals, aka Virtual Consoles.

When you boot GNU+Linux and it shows a text login, it shows it on the first of many concurrent displays. You can switch between these displays with Ctrl-Alt-F1, F2, etc.

You can log in, run a program, and then hit Ctrl-Alt-F2 to get a new, concurrent login prompt where you can log in and run a second program. You can then Ctrl-Alt-F1 to go back to your first one.

When you run "startx", such a new, concurrent session is created on VT 7 (Ctrl-Alt-F7). You can switch back and forth between them. You can even startx -- :1 to start a separate X session on VT 8!

Each VT must be locked separately, and the problem you're seeing is that you're locking VT 7 but failing to lock VT 1.

I'd recommend logging in graphically or running "startx & exit" to log out VT 1.

>> No.50336230

All of those a X problems, not Linux problems. X sucks. Wayland is slowly gaining more and more support.

>> No.50336263

That's because Linux is the most used operating system kernel in the world. A company like Google can get it for free, modify it to suite their needs, and then use it with the only restriction being they have to share the changes they've made. But in return they get all of the improvements other people/companies have made to it.

If I was a tech company I would invest money into Linux. It's just about the definition of a win-win situation.

>> No.50336375

> What about OS X, where holding command + S during startup dumps you to a terminal as root?

Well damn. This actually exists. What the fuck

>> No.50336394

already logged in or it asks for the password?

>> No.50336407

OSX has always been a joke. It's barely worth mentioning.

>> No.50336413

Already logged in AS ROOT.

Point is, once someone gets physical access to your machine you are utterly fucked. The only way to be secure is to use encryption and unmount everything when you leave the machine.

>> No.50336427

holly molly

>> No.50336438

>the only restriction being they have to share the changes they've made
i thought they didn't have to do that, mind spending some words to clarify?

>> No.50336484

Yes they have to

GPL is roughly CC-BY-SA in contrast to BSD which is roughly CC-BY

>> No.50336494

Yeah, it's bad. Almost all consumer computers are fucked when someone gets physical access, but OS X makes it very streamlined.

To access someone's files on most PCs, you'd have to configure the BIOS and carry a USB drive to boot Linux from. On a Mac, you can get in with two keystrokes and no additional hardware.

>> No.50336504

People who buy a copy of the software -- like when you buy a Chromebook or Android device -- are entitled to the source code.

When it's used internally, like for their servers, the source does not have to be released.

>> No.50336510


>> No.50336524

OP is a retard and whoever agrees with him is also a retard.

When you kill X it logs you out and you have to log in to access anything.

Windows on the other hand is absolute shit
>have a password on a windows
>boot from live CD
>you have access to all files on windows partition

>> No.50336552

>for their servers
Which is why you should use AGPL, so Silicon Valley jews don't get rich on your code.

>> No.50336569


>> No.50336614

>have a password on a windows
>boot from live CD
>you have access to all files on windows partition
That's true for ALL operating systems unless you use encryption.

>> No.50336617

>Windows on the other hand is absolute shit
That's exactly the same as on GNU+Linux, and why you always encrypt your drives.

>> No.50336627

install wayland

>> No.50336641

In cases where the attacker has physical access to the machine all bets have always been off. The only solution is disc encryption, but even that can be defeated if you can get the machine when the user is logged in. IIRC this is how they got everything on Ross Ulbricht's machine despite full on disc encryption when he got v& by the FBI.

So complaining about vulnerabilities that require physical accidents is basically like complaining about how unsafe cars are when hitting a concrete barrier at 300 km/h.

>> No.50336661
File: 1000 KB, 400x225, 1441744099581.gif [View same] [iqdb] [saucenao] [google] [report]

>What about OS X, where holding command + S during startup dumps you to a terminal as root?
>Well damn. This actually exists. What the fuck
>Already logged in AS ROOT.
>holly molly

Didn't know about this. Lel.

>> No.50336674
File: 56 KB, 750x501, pukenao3.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.50336720

Windows is just completely insecure. It's very easy to break into.

>> No.50336721

See >>50336641

You get exactly the same end result by booting off a bootable USB drive or CD if you haven't encrypted your drive on every OS out there.

>> No.50336937

Yeah, but then you need to put in a lot more effort. You have to configure the BIOS and have the USB drive or CD on hand.

Apple makes it super streamlined, and it is remarkably difficult to disable this functionality. They can't prevent people from getting your files with physical access, but that's no excuse for making it as easy as possible.

>> No.50336942

if you boot a linux live cd/usb you can't do shit to mac(HSF+) partitions(journaling enabled)

>> No.50337023
File: 3.99 MB, 243x162, BillGates.gif [View same] [iqdb] [saucenao] [google] [report]

Everyone is so salty here...

>> No.50337099
File: 101 KB, 1920x1080, Ubanto.png [View same] [iqdb] [saucenao] [google] [report]


>Using broken shit like Arch

>> No.50337349

>using bloat shit like Ubuntu
enjoy 2k+ packages and uses 1/5 of it

>> No.50337496

You can if you customize it~~
I use this all the time when my customers fuck their Macs up, verifying of course that they are the owner. Resetting the admin password when Recovery won't load, removing launchd.conf after a Genieo removal went horribly wrong, there are so many ways you can use Single User Mode (also available in other UNIX-like systems. Interrupt disk i/o on a Linux machine at just the right time, it goes into Single User Mode already logged in as root.) to circumvent security features.
Except FileVault. To bypass FileVault (and erase all the data in the process), go to Recovery and use Terminal (since Single User Mode won't load if FileVault is on and you don't know the password).
This also won't work if the Mac is in Lost Mode or has a Firmware Password.
But, assuming these needs are met (which they almost always are), in the Terminal while in Recovery Mode, you'll first need to find the UUID of the logical volume. (a la LVM)
diskutil cs list
This will list your volumes and groups.

Next to "Logical Volume Group" on the first line to actually have words on it, there will be a bunch of random numbers and letters with dashes. This is, of course, what we call a UUID.
Now, putting that in the place where I put $UUID, run the following command:
diskutil cs delete $UUID

You can now reinstall OS X and the Mac is yours again.

Disclaimer time!
 I do not represent Apple. I have obtained the knowledge I shared with you from public resources, and it is for educational and recovery purposes only. I am not responsible for your misdeeds.

>> No.50337570

Going into the BIOS and changing the boot device priority list is probably going to take about 20 seconds even when you haven't previously worked with that particular vendor's BIOS's.

So all you win is skipping something that'll take max 20 seconds anyway...

>> No.50337591

Why is half your screen unused?

>> No.50337616

And to continue my post, one last thing:
To protect against this vulnerability, enable FileVault and set a Firmware Password. Now, they can't go to Recovery without one hell of a soldering job that will usually just permanently break the Mac, and they can't get your data if that happens because~~~~
They can only get your FileVault key if they do a live RAM analysis after your startup disk is unlocked.

Your friendly neighborhood app developer

>> No.50337631


>> No.50337650

No. The main thing you've gained is that you don't need the USB drive on hand. I sure don't carry a Linux live USB drive everywhere I go, but I can still casually skullfuck any Mac I come across.

>> No.50337679
File: 348 KB, 1257x1233, Screen Shot 2015-09-17 at 22.54.18.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.50337717


MyLittlePony App

>> No.50337791 [DELETED] 


>being this poor

>> No.50337817

You can literally disabled all of that

>> No.50337837

application name PLOX?

>> No.50337855



>> No.50337880

not free as in freedom, no thanks

>> No.50337908

Trash program design tbh

>> No.50337926
File: 87 KB, 576x764, 451aff0cccee7cb0a8592f2afd67b504.jpg [View same] [iqdb] [saucenao] [google] [report]


>> No.50337946

>Why is OP such a piece of insecure shit?

>> No.50337965

What did you expect, anon?

Can you name one FOSS program on OS X that doesn't look like shit?

>> No.50337986
File: 52 KB, 947x950, Untitled 1 - LibreOffice Writer_012.png [View same] [iqdb] [saucenao] [google] [report]


>> No.50337998

>>50337880 mentioned free software, not "open source."

>> No.50338005


Jesus what the fuck is that? Was that designed by an autistic child in the 90s?

>> No.50338076
File: 151 KB, 620x480, man-with-laptop-620x480.jpg [View same] [iqdb] [saucenao] [google] [report]

>hey nigga look at dis chinkpad I took from dam whitey, stupid ass nigga put gnu in dis machine so I can get behind hahaha stupid ass whitey should have chosen a better client-server

>> No.50338086
File: 297 KB, 1257x1233, madeinpaint.jpg [View same] [iqdb] [saucenao] [google] [report]

Name one thing wrong with it

Protip: you can't

>> No.50338108

Wait. Isn't that fucking Ubuntu?

>> No.50338125

Icons strewn randomly around the toolbar with no meaning or context.

Icons that look like they were stolen from the Office 2003 reject pile

>> No.50338166

Not that battery you fucking retard. The other one.

>> No.50338181

>Icons strewn randomly around the toolbar with no meaning or context.
Are you retarded? Do you really like cm wide spaces and needed functions needlessly hidden away in menus?

>Icons that look like they were stolen from the Office 2003 reject pile
Granted that is true. He's also a retard. Why the fuck would anyone willingly use Unity?

>> No.50338205

Icons seem well organized and functional to me.

Another thing that annoys me about pages is it has both the icon and word at the top. Seems redundant, I think people can remember their meaning without the label.

>> No.50338226

not the target audience of apple.

>> No.50338292

>tesla is a literal moving botnet/bitcoin mining servo

>> No.50338321

Meanwhile the car on the bottom is open-source in real life.

>> No.50339419
File: 78 KB, 636x571, 1439328748544.jpg [View same] [iqdb] [saucenao] [google] [report]


Informative. Thanks anon.

>> No.50340263

What are you running LFS (linux from scratch) and configured your own kernel with retarded defaults? Ubuntu has ctrl+alt+backspace and insecure sysrq keys disabled in kernel by default.

>> No.50340343
File: 1.28 MB, 3840x1275, desktop2.jpg [View same] [iqdb] [saucenao] [google] [report]

>anti-Ubuntu cucks BTFO

>> No.50340593

Ubuntu is garbage, use hardened gentoo.

>> No.50341167

Too newfag for life.

>> No.50341412

Please show me the widows source code so i can see it's not a clusterfuck of patches.

Oh you can't, really?

>> No.50341464

Install FreeBSD.

>> No.50343267

Install Genters

>> No.50343753
File: 106 KB, 450x404, 1316839988682.jpg [View same] [iqdb] [saucenao] [google] [report]

>mfw someone thinks there will ever be "the year of the linux desktop"

>> No.50343873
File: 77 KB, 531x609, 1442320936792.jpg [View same] [iqdb] [saucenao] [google] [report]

you can adjust this in most OSX apps-- show either the icon, text, or both.

>> No.50344710

i give up ... Fuck it !

>> No.50344832

Section "ServerFlags"
Option "DontZap" "yes"

good job idiots

>> No.50344923

OP, you're retarded. And a fag. And a retarded fag.

You have no clue what you're talking about. It sounds like you're just spewing memes about Linux from 1999.

Where do you config X? If you know what X is, then you should know enough that you don't write a config file, unless you're going out of your way to use an ancient, esoteric, outdated distro, and just want to bitch like a little fat baby.

>> No.50344935

Linux is operating system made for losers and used mostly by losers.

When will you guys ever learn?

be normal and use working operating systems.

>> No.50344946

Windows and Linux are both shit.
This has been news since when?

Smart people use mature operating systems with thought put into the overall design, like OS X or BSD.

>> No.50344986

>not a meme

>> No.50345007

>he thinks that behaviour is exclusive of OSX
Almost all UNICES have a way to drop a single user root terminal at boot time if you have physical access to the machine. That's isn't a bug, is a intended behaviour.
Of course, in /g/ almost all neckbeards here we know if an attacker gains physical access to your machine you are pretty much fucked up.

>> No.50345038

>Windows is shit because when a computer is compromised physically then it's fucked
>he doesn't know that applies to almost all operating systems in the world
>somehow is exclusively a Windows' fault

>> No.50345047

>muh bloat maymay
Are you using a 1996 laptop?

>> No.50345053

Thanks dude, I will protect my shit from Jamal soon.

>> No.50345060

I enjoy choosing what I want installed in my computer. .I.

>> No.50345068

Did you choose what firmware is in your bios/uefi?

>> No.50345074

your router is running some linux distribution. what a piece of shit entity you are.

>> No.50345079

>source: me

>> No.50345093

prove me wrong

>> No.50345105

>you don't know the model of the router of that anon
>there's companies that still mantain their propietary firmware

>> No.50345106

>Menu n the right

>> No.50345117

>muh Ubuntu is bad maymay

>> No.50345122

waiting here while rubbing my dick

>> No.50347192

do tell.

Name (leave empty)
Comment (leave empty)
Password [?]Password used for file deletion.