• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

New BootHole Vulnerability Affects Billions of Devices, Compromises GRUB2 Boot-loader

trparky said:
OK, but I also mentioned OpenBSD that was saved only by Microsoft coming along with $100,000 in their pockets.

The problem that most open source projects have is that they have lot of "takers" but not a lot of "givers". If you like an open source program/project, you need to do what is right and by that, I mean donate to the project be it direct donations or if they have a merch store, buy something there. Buy a coffee cup or a t-shirt for God's sake! Every little bit helps.

Like it or not, open source projects live and die on their budgets (or should I say, lack of budgets). The unfortunate thing is that a majority of people are freakin' cheapskates. They don't donate, they don't pay, yet they're the first to start yelling when things go wrong.
Click to expand...
That's not their problem, it's their reason to exist.
Open source is usually just that: a bunch of people that want to give something away. For free.

I mean, what's worse, on OSS project that doesn't gather much interest and dies in a few months, or Bixby that has probably eaten billions by now and will never have anything to show for it?
 
bug said:
Open source is usually just that: a bunch of people that want to give something away. For free.
Click to expand...
But that's not a viable business plan, that's not going to put food on your table. Gas in your car's tank. A roof over your head. I really could go on and on really. Is it a sad reality? Yes! But that's how the world works and until we change the very basics of how the world works and we embrace something that's similar in nature to what's presented in Star Trek where it's just a happy utopia where you can paint if you want to because you can just get your food from a hole in the wall (I'm referencing the food replicator here), it's just not going to work.
 
trparky said:
But that's not a viable business plan, that's not going to put food on your table. Gas in your car's tank. A roof over your head. I really could go on and on really. Is it a sad reality? Yes! But that's how the world works and until we change the very basics of how the world works and we embrace something that's similar in nature to what's presented in Star Trek where it's just a happy utopia, it's just not going to work.
Click to expand...
It's a very viable business plan if I can add an open source project that's actually useful to my resume. It will put food on my table.

Open source is first about people. For some reason you keep talking about like a bean counter. Not that it's a bad thing, but it's a really, really narrow understanding of what open source is.
 
bug said:
For some reason you keep talking about like a bean counter.
Click to expand...
No, I think economically because in the end all humans need food. Don't get me wrong, open source is a laudable goal but until we, as a species, achieve a non-scarcity based economic system because literally everything is free because you can just walk up to your food replicator and ask it for a steak dinner and have it appear out of nowhere, I just don't see how it'll work.
 
trparky said:
No, I think economically because in the end all humans need food. Don't get me wrong, open source is a laudable goal but until we, as a species, achieve a non-scarcity based economic system because literally everything is free because you can just walk up to your food replicator and ask it for a steak dinner and have it appear out of nowhere, I just don't see how it'll work.
Click to expand...
Well, if you don't see how it will work, you've got a problem. Because it works already.
 
bug said:
Well, if you don't see how it will work, you've got a problem. Because it works already.
Click to expand...
The way I see it is the typical starving artist. Sure, your painting is nice but if no one buys it and thus giving you money, you're going not going to be able to eat let alone make another painting. Do you see where I'm coming from?
bug said:
Because it works already.
Click to expand...
Tell that to the graveyard that is GitHub. I've explored GitHub, thousands of projects that never got off the ground. The code is there but often it's so buggy or undocumented that I'd have better luck picking it apart for the scraps and building my own solution. I've done it, I've built my own programs from scraps that I found on GitHub only to have to fix it so much that I just ended up rewriting the whole damn thing.
 
Last edited:
trparky said:
The way I see it is the typical starving artist. Sure, your painting is nice but if no one buys it and thus giving you money, you're going not going to be able to eat let alone make another painting. Do you see where I'm coming from?
Click to expand...
Yes, you don't know what you're talking about, you think open source is an all or nothing approach.

It's not. It's something people are doing in their spare time (you're interrupting me from my Android project right now), it's something that is both written and studied in universities, it's something you at your job if you're paid to. It can even be something you do in your spare time because it helps you at your job.

And if you want to make a living off open source, you do that by charging for support. Or by extending your open source project with non-open functionality.

trparky said:
The way I see it is the typical starving artist. Sure, your painting is nice but if no one buys it and thus giving you money, you're going not going to be able to eat let alone make another painting. Do you see where I'm coming from?

Tell that to the graveyard that is GitHub. I've explored GitHub, thousands of projects that never got off the ground. The code is there but often it's so buggy or undocumented that I'd have better luck picking it apart for the scraps and building my own solution. I've done it, I've built my own programs from scraps that I found on GitHub only to have to fix it so much that I just ended up rewriting the whole damn thing.
Click to expand...
Please, not that idiocy again. I've already told you in this industry 80% of the project fail anyway.
 
bug said:
Or by extending your open source project with non-open functionality.
Click to expand...
If we go by the GPL, you can't do that; any and all changes you make must be submitted back to the community from which it came from. There's a reason why there's the BSD license, it doesn't have that licensing restriction. Is it any wonder why Apple chose OpenBSD to build MacOSX from? Yeah...
 
trparky said:
If we go by the GPL, you can't do that; any and all changes you make must be submitted back to the community from which it came from. There's a reason why there's the BSD license, it doesn't have that licensing restriction. Is it any wonder why Apple chose OpenBSD to build MacOSX from? Yeah...
Click to expand...
Red herrings... You're starting to see you were wrong, right?
 
Are you referring to the idea that GPL ≠ Open Source and Open Source ≠ GPL?
 
trparky said:
Are you referring to the idea that GPL ≠ Open Source and Open Source ≠ GPL?
Click to expand...
No, I mean I didn't say you can extend all open source code and you went ahead and picked on a particular case anyway. Answering to questions/problems that were never asked, it's a classic means of derailing a discussion ;)
 
trparky said:
No, I think economically because in the end all humans need food. Don't get me wrong, open source is a laudable goal but until we, as a species, achieve a non-scarcity based economic system because literally everything is free because you can just walk up to your food replicator and ask it for a steak dinner and have it appear out of nowhere, I just don't see how it'll work.
Click to expand...

You're looking at it as if OSS is all someone does. Many open source projects are people's spare time projects for the love of doing it. They usually already have jobs. Or college kids. Or any other reason. They aren't doing it to put food on the table (unless for a resume).
 
moproblems99 said:
You're looking at it as if OSS is all someone does. Many open source projects are people's spare time projects for the love of doing it. They usually already have jobs. Or college kids. Or any other reason. They aren't doing it to put food on the table (unless for a resume).
Click to expand...
Perhaps I am. Maybe I'm too caught up on the success of big projects like Mozilla Firefox, Chromium, and of course the Linux kernel itself. They all took off and became hugely successful projects that people the world over uses. They're classified as the quintessential open source success stories that took over the world.
 
Intel's 7nm may be in trouble but their 16 point font is way denser than competing 8 point fonts and shows they still have technical superiority where it counts.
 
trparky said:
Perhaps I am. Maybe I'm too caught up on the success of big projects like Mozilla Firefox, Chromium, and of course the Linux kernel itself. They all took off and became hugely successful projects that people the world over uses. They're classified as the quintessential open source success stories that took over the world.
Click to expand...

Open-wrt is another hugely successful one, with very little investment, AFAIK. Still some pretty big name brands come with open-wrt as an option.
 
silkstone said:
Still some pretty big name brands come with open-wrt as an option.
Click to expand...
And I hope that those brands contribute money towards OpenWRT's development. However, I wouldn't bet on it. The cynical bastard in me says otherwise.
 
trparky said:
And I hope that those brands contribute money towards OpenWRT's development. However, I wouldn't bet on it. The cynical bastard in me says otherwise.
Click to expand...
It's ridiculous how few contributions companies that benefit from open source make, that much is clear. It's also idiotic, throwing a few $$$ towards people that give you goodies for free only ensures you get better goodies in the future. But people are that short-sighted, nothing you can do about it.
 
bug said:
But people are that short-sighted, nothing you can do about it.
Click to expand...
And there's the crux of my issue that I was driving at earlier. Right there, summed up in one phrase.
 
trparky said:
And there's the crux of my issue that I was driving at earlier. Right there, summed up in one phrase.
Click to expand...
Yes, but that's a problem with people, not with open source. Open source is just one of the many things affected by shortsightedness.
 
Look, if your boothole is vulnerable, stick a plug in it so no nasties can't get in alright. :eek:
 
Last edited:
  • Haha
Reactions: bug
Soooo...

Back on topic, I've actually tried this vulnerability(I run several devices that have GRUB2 installed). It's a kick to the jimmies at best to make it work right and there is no way in heaven or hell someone is remoting in to do it, at least based on the scenario's described by the data sheet and what I tried. Granted, I'm not the most freaky-neeky crackster in the world, but it's just not feasible to take advantage of the "hole-in-the-boot" unless the system in question is an extremely high value target and there are no easier avenues of exploit(which is unlikely).
 
Last edited:
  • Like
Reactions: bug
You must log in or register to reply here.
Back
Top