On 08/07/2013 07:36 PM, Martijn Grooten wrote: > On Wed, 7 Aug 2013, Ivan Zaigralin wrote: > It is also likely that they have vulnerabilities in any other operating system. > And in Tor implementations. And it is good to assume they have enough 'crackers' > on staff that will be able to exploit such vulnerabilities. True enough, but I think the risk is much higher for proprietary software. The law enforcement tends to know about vulnerabilities before anyone else, and the holes may stay unpatched for weeks, months, or years, simply because of incompetence or ill will on behalf of the vendor. And then there is the monoculture factor. OTOH, to get a Linux remote going, one needs to get lucky first and discover a zero-day before kernel devs do, and after that it's still a crapshoot, with all the different kernel versions and configs out there. In conclusion, thanks for listening to my rants everyone. I enjoyed this discussion way more than the one on Slashdot, where my argument got steamrolled by fanboy mods, or may be even NSA drones.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk