GitHub hacked, millions of projects at risk of being modified or deleted

Discussion in 'all things UNIX' started by vasa1, Mar 6, 2012.

Thread Status:
Not open for further replies.
  1. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    http://www.extremetech.com/computin...projects-at-risk-of-being-modified-or-deleted

     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That shows two things:

    1. Some developers aren't that interested in solving bugs. :argh:
    2. Just because a project is open sourced, it doesn't mean bugs will be fixed ASAP, due to more eyes on top of it.

    Is that about it? o_O
     
  3. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    How are these "millions of projects" are at risk, especially as the article states the recent known vulnerability was quickly fixed ?

    Is there any evidence in the article that any project has been tampered or could be in the future, to substantiate the claim in the title ?

    FUD.

    Cheers Nick.
     
  4. vasa1

    vasa1 Registered Member

    Joined:
    May 1, 2010
    Posts:
    4,152
    Interesting. While I've gone on a bit about the hyperbole used by web-sites to grab attention, I wouldn't have glanced through the article if it wasn't for the title! I had seen previous, more sober titles that referred to Ruby on Rails but yawned and moved on.

    That nothing happened doesn't detract from the significance. It appears that this "vulnerability" was around for some time and known and neglected (for want of a more appropriate word).
     
  5. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    ot posts removed
     
  6. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136

    Open source developers are far more interested in fixing bugs and therefore in an open source environment, bugs get found early and get fixed unlike closed source.
     
  7. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136

    Millions in their delusional imagination of course :D
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Have you paid enough attention? Rails has been weak to what’s known as a mass-assignment vulnerability for years.

    It may have been found years ago, but it sure took then long enough to fix it?

    Are you saying that closed source software developers don't fix bugs? Or, that they don't find them soon and also fix themo_O

    I believe my following question also to be pertinent to that statement of yours: Why are you using Opera web browser?

    It's a contradiction. To keep it consistent to what you say, shouldn't you be using an open source browser, so that you know bugs are found and fixed? o_O Unlike in Opera, due to being closed source? o_O
     
  9. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    So because of that entire github is compromisedo_O thats FUD mongering at its worse.

    I use Opera which is closed source as I am not concerned about so called security issues, it doesn't apply to me as I don't do online transactions and my data is for all to see. However if I need to do some critical transactions, its good old Chromium and nothing else.

    Closed source doesn't have the resources, one of the reason Opera even though far ahead of the rest is suffering in oblivion whereas open source Google Chrome has taken a mercurial rise. So yes closed source can't and will never ever match the resources of open source no matter what. Money can't get enough helping hands, a principle can OTOH.
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    What? o_O What FUD? So, you're excusing that that vulnerability was known for YEARS, because it only happened with Github- that anyone knows of?

    OK... lol

    Nothing against that; it's actually my favorite web browser.

    If you say so... By the way, just because one project is open sourced, it doesn't mean every developer in the world is looking at it or will be looking at it. No single developer will be studying hundreds and hundreds of lines of code (when it is the case). So, many vulnerabilities will pass; many others will be fixed even unintentionally, when fixing other bugs. Many other bugs will be added when fixing others.

    Linux kernel is probably the one project that has more folks involved? Firefox another. I'd say Chromium as well. I'm sure there are many others. Which is great. I'm not against that. It's very welcome. I wish other open source projects had more eyes on them as well.

    Sometimes good projects die, and they were actually promising, but no one cares to look at the code or never cared; most likely never contributed either. Most times, it's a one guy/girl job.

    That is not why Opera has a low market share. I'm not sure if you recall, but Opera used to be a paid for browser. Add to that very poor advertising... or none?

    Google Chrome is not open source; Chromium is. ;) And, don't compare the advertising machine Google is... compared to Opera. lol

    And, sometimes more eyes doesn't mean better vision either. Some may actually suffer from light blindness or something like that.

    Sometimes a principle isn't enough, though. ;)
     
  11. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    If the vulnerability was that critical, Red Hat would have sorted it out right away, after all unlike so called closed source offerings, only Open source is used in mission critical applications world wide. Red Hat being prime among them and SUSE as well. If closed source was that secure, the corporate world would be embracing it en masse instead of open source and that certainly is not the trend. Even stock markets, major ones have switched to your so called vulnerable open source ;)

    The only folks who suffer from blindness are users and creators of so called closed source with their egos. Opera went free long while back and should have picked up there and then when it had significant speed, performance, usability advantages over any other browsers out there but that didnt' happen. Also before you bash Google they have so far used open source quite well and are reaping huge benefits out of it no matter how sinister their agenda may look. Opensource also has lots to thank Google for that, lets put it this way, if there was no google chrome, there would be no chromium.
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Say whatever you want, if it makes you happy.

    One thing I don't get, though, is why you said I was bashing Google? I simply mentioned that Google Chrome itself is closed source. I also mention that Google is a giant in what comes to advertising. Millions of users know Google, due to their search engine. Google Chrome was and is advertised in Google's search engine, if it detects a browser other than Google Chrome.

    Google has a tremendous advertising power at their disposal.... UNLIKE Opera!

    You previously mentioned this: Closed source doesn't have the resources, one of the reason Opera even though far ahead of the rest is suffering in oblivion whereas open source Google Chrome has taken a mercurial rise.

    Which is 100% nonsense.

    The reason why Opera isn't that know, at all... is precisely because Google has a top notch search engine, used by millions of people (if not billions ?), and they also advertise their browser a lot!

    This is something a small company like Opera folks cannot compete with! That's why Opera has such a low martket share.

    It's not due to open source vs closed source! There are open sourced browsers with way less "market share" than Opera. Why? Practically no one knows about them. Why? No advertising power behind them. lol
     
  13. linuxforall

    linuxforall Registered Member

    Joined:
    Feb 6, 2010
    Posts:
    2,136
    In every performance tests, security tests, much as I hate to admit, Open source Chrome consistently beats Opera and thats the reason its on top apart from its isolated process running model.
     
Loading...
Thread Status:
Not open for further replies.