Microsoft Releasing their own Version of Linux?

[LAwLz]

3 hours ago, Sauron said:

I'm pretty sure they can't, which is why linux distributions can't distribute stuff like mp3 codecs with the installer and must ask the user if they want to install them separately. Can you think of a single linux distribution that comes with proprietary, closed source software or even stuff like zfs that uses the bsd license?

@jagdtigger is correct. 

The GPL only applies to the code licensed under GPL itself, as well as any modifications done to it.

So if I releases a program under the GPL, someone else can take that program and use it inside their program. They don't have to make the entire program open source, but they have to make that component as well as any modifications of it open source.

 

That is why for example Android allows closed source drivers (and so do Linux, inside the official stable branch). All the kernel changes has to be made open source, but all the stuff around it, including drivers and OEM skins, does not. 

 

The reason why some distros don't come with for example MP3 audio codecs is because of patents (can be against the law in some areas) and they are against closed source components (some things only work through closed source software, and distro developers often give users the choice if they want to be 100% free or install closed source software on their computer).

 

Here is the response from Ubuntu regarding MP3 support:

Quote

the advice we have received from our legal team is that it’s not as clear cut as it may seem, and that we should not yet be shipping Free MP3 codecs.

 

[Misanthrope]

*Admiral Ackbar.jpg goes here*

 

No but seriously it only makes sense if they already offer it as an option for Azure.

[Doobeedoo]

That's, interesting. I would've though MS would eventually modify Win kernel or something of sort. 

[Tech Enthusiast]

7 hours ago, Master Disaster said:

These numbers are fine but they don't fully explain the situation.

 

Having 500 security holes and 98% market penetration is far worse than having 1,000 holes and less than 1%.

 

Windows might not be the least secure OS but it really does put MANY MANY MANY more people at risk than every other OS combined.

What?

So because people use Windows more, it is fine have more security holes in other OSes?

 

I get that there are more targets since they have wider adoption, but that argument is just silly. Microsoft is doing a WAY WAY WAY better job at security than any other company out there. Bashing them for having more customer is kinda,... uhm, i don't even know.

[Tech Enthusiast]

7 hours ago, jagdtigger said:

I love when someone cherry pick stuff but forgets about pieces that do not fit into their opinion :

 

MS got rekt basically.... (Even debian is better which is a full blown server/client OS.)

 

So, this is numbers by VENDOR.

You realize how many products Microsoft has compared to others?

 

Not exactly a chart i would link to prove a point as it has zero relevance at all. It does not even list how many products are added up. Let alone split by product.

100% useless.

[Tech Enthusiast]

6 hours ago, LAwLz said:

I don't think you understand what the statistics you're quoting actually says.

 

There are also other areas where it is wonky, for example it splits up Windows 7, 8 and 10 as three separate categories, however all versions of Linux is under the same category. Same for Android. So this Linux vulnerability from 1997 still counts as a "Linux vulnerability", but only vulnerabilities specifically found for Windows 10 will fall into the Windows 10 category.

 

So, Debian Linux, Ubuntu Linux and the Kernel itself are not split up? Oo

Why would i ignore vulnerabilities, just because i feel like it?

 

if a product has 2000 known vulnerabilities, why would i not expect it to be less secure than a product with 500?

 

If anything, i would expect Windows to have more known vs unknown vulnerabilities, due to having a MUCH higher adoption and being targeted a lot more often.

Your reasoning does not make much sense to me. You are basically saying "these numbers only show the known stuff, but i personally expect to have the most often attacked system to have at least 4x as many vulnerabilities and the least used OS basically has exactly that and not more.".

 

Wishful thinking comes to mind.

[dfsdfgfkjsefoiqzemnd]

1 hour ago, Rattenmann said:

If anything, i would expect Windows to have more known vs unknown vulnerabilities, due to having a MUCH higher adoption and being targeted a lot more often.

Targeting is a lot harder if you don't have the source code.  That would be the only good thing about closed-source. 

But then again it doesn't matter if Linux has more vulnerabilities because patches are pushed out in a matter of hours or days of being found, whereas on Windows you usually need to wait until the next Patch Tuesday ... IF Microsoft decides to patch at all, that is.. 

 

Oh, and regarding that stuff regarding Windows being the most targeted OS because it has a larger market share, think again.  Windows only has the largest market share on the desktop.  Overall Linux is the most targeted because most of the internet and the world relies on Linux, not Windows

[Mira Yurizaki]

8 hours ago, jagdtigger said:

I love when someone cherry pick stuff but forgets about pieces that do not fit into their opinion :

 

MS got rekt basically.... (Even debian is better which is a full blown server/client OS.)

Number of publicly disclosed vulnerabilities are just that, publicly disclosed vulnerabilities. It's not exactly indicative of how bad the security is on something really is. Because if we were to take this to the logical extreme, Windows 98 doesn't have a lot of publicly disclosed vulnerabilities as of late (there's only 7 on the CVE list, compared to say XP with 71), but that doesn't mean it's secure.

[Master Disaster]

1 hour ago, Rattenmann said:

What?

So because people use Windows more, it is fine have more security holes in other OSes?

 

I get that there are more targets since they have wider adoption, but that argument is just silly. Microsoft is doing a WAY WAY WAY better job at security than any other company out there. Bashing them for having more customer is kinda,... uhm, i don't even know.

I just love it when people take something away from a post that isn't in it, like at all.

 

Where did I say anything is OK or not OK? Where did I bash them?

 

What I said was a straight up fact, even if Windows isn't the least secure OS it is the most used by a huge margin which means many more people are likely to see the effects of its security holes than those that use other OSes. 

 

Now if you care to counter that please do but claiming that post normalises security holes or that it in any way is "bashing" anybody is straight up wrong.

[LAwLz]

22 minutes ago, Rattenmann said:

So, Debian Linux, Ubuntu Linux and the Kernel itself are not split up? Oo

The distros are split up, but the versions aren't.

So in the list I posted, Ubuntu has 902 CVE vulnerabilities reported, and that's the total from all versions since 2005.

Windows 10 have had 554 CVE vulnerability reports since 2015.

Ubuntu = 902 CVE reports in 13 years.

Windows 10 = 554 CVE reports in 3 years.

 

36 minutes ago, Rattenmann said:

Why would i ignore vulnerabilities, just because i feel like it?

 

if a product has 2000 known vulnerabilities, why would i not expect it to be less secure than a product with 500?

I am not saying you should ignore them, but what I am saying is that the number of CVE vulnerabilities is a very poor indicator of how secure something is.

1) Not all vulnerabilities gets a CVE entry. A LOT of them don't, especially not with closed source software.

2) The CVE numbers you linked does not take into account how severe the vulnerabilities were, nor does it account for how quickly they were fixed (if at all). Basically, a bug that lets someone freeze a program, which gets patched 15 minutes after being discovered, will count as 1 vulnerability (DoS), and so will something like Meltdown even if it were to take months for a patch to be released.

 

Also, the Linux kernel doesn't have 2000 known vulnerabilities. It has had 2000 vulnerabilities published as CVEs over the course of 19 years. Most of them has been fixed for many, many years.

 

49 minutes ago, Rattenmann said:

If anything, i would expect Windows to have more known vs unknown vulnerabilities, due to having a MUCH higher adoption and being targeted a lot more often.

No, no, no, no. I don't think you understand. CVEs are not just "known vulnerabilities". They are "publicly known" vulnerabilities which have gotten submitted to the CVE database. Not all vulnerabilities which are actively getting exploited are publicly known, nor do all publicly known vulnerabilities necessarily get reported to the CVE database (although most probably do).

 

 

What you also have to remember is that with open source software, the development happens in the open, and as a result the vulnerabilities are more likely to get reported to the public through systems like CVE.

[kennethnakasone]

15 hours ago, BlueChinchillaEatingDorito said:

-snip-

Cool. I'm gonna take a look.

 

Also, slightly off-topic, but your hyperlinks loop back to your post.