So thanks to the UNIX way, even GPG is totally broken. They didn't even need to crack the cryptography, they just went around it by exploiting a bug in the way unix handles filenames (as strings instead of a proper path data type). Absolutely hilarious. GPG has had essentially zero security in the last 10 years.
Decades-old PGP bug allowed hackers to spoof just about anyone’s signature
John Wood
Adrian Howard
I guess this falls into your narrative, but it doesn't seem like bad logic.
Samuel Flores
"i'll explain using a metaphor to help people who aren't good with computers to understand it"
*completely butchers what really happened, making people more confused than before*
Sebastian Reed
Unpossible. GPG is Free Software which gives all its users the freedom to be free, free as in libre. With freedom comes responsibility, which proves that millions of diligent users have been scouring the source for subtle bugs and exploits. Scientists, engineers, and dedicated hobbyists protect the libres from buggos, I simply don't believe it.
Wyatt Wood
Well, it was found, albeit it took some time.
These kind of bugs even existing are a sign that using there is a severe flaw in using c and "everything is text" pipes as the basis for your operating system and applications.
I'm sure lisp machine user will chime in with some relevant info.
Julian Lewis
Why don't you chime in with some super safe IPC in Lisp?
Carter Kelly
I'm not lisp machine user, so I'm not going to do that.
However, I suppose that building something with sane IPC is easiest done in a language that has a sane type system.
Adrian Hughes
took about 10 years
redpill me on lisp IPC please
William Wright
I don't know Lisp. But you can look up the catalog, it's full of (((lisp))) shilling by some retard who also thinks many CPU rings, tagged memory, segmented memory, garbage collection, and automatically starting debuggers are actually good. The language seems to attract insane people.
Ryder Lopez
It's not a bug. It is working as intended. It's a vulnerability of the correct implementation. Like you were saying though the main problem stems from the UNIX way of doing things.
and they just protected it now... Your point?
Josiah Rodriguez
The Bug which evaded librè, known as El Ultimo has been vanquished. GPG Free Software is now confirmed safe (again).
Jordan Lee
NGNU aka Unix btfo again haha
Gabriel Taylor
Elijah Brooks
As bad as the bug is, it doesn't sound like you understood it.
The bug affected signature verification in verbose mode. It doesn't affect encryption, and proving your signature was forged this way would be fairly easy just with the faked signature without knowing the details of the bug ahead of time.
This bug is terrible either way, so why exaggerate it?
Dominic Roberts
It still isn't a bug. You can have something that is proven that it is correctly implemented (eg. sel4), but still have vulnerabilities at the same time. Yes it's a vulnerability that bottom of the barrel programmers should know about, but it is not a bug. It's a flaw in the specification.
Mason Nelson
This is pedantic in the worst way. You could maybe define bug that way, as long as you don't consider something like "output text confirming the signature as valid only if the signature is valid" part of the "specification", but it matches neither the way people use the word "bug" nor any useful way to use the word "bug".
Nicholas Hill
OP have none technical skill at all, nor is even able to read an article.
He just made his thread to troll about the unix way.
Pure bullshit.
Colton Foster
The EFF was just saying a few weeks ago that people should stop using GPG because of some bug in the front-end for certain email clients.
Seems like the FUD wars against PGP / GPG have begun.
Nicholas Cox
Ah, the newest FUD tactic - finding and exposing legitimately dangerous real bugs
Brayden Rivera
Oh yes, and i'm sure what CTS-Labs was saying about AMD was perfectly legitimate and not overhyped at all!
Adam Foster
...
Bentley Long
That was straightforwardly FUD, and the previous GPG thing was fishy, but I don't see anything wrong with this one.
Jaxon Sanders
oh yes, and use our favorite app Signal too! Because decentralization is bad for you, goyim
Seriously, I can't look at what EFF did as anything other than trying to get more people on to signal
Jose Lee
EFF is obviously infested with glowdarks running a kosher scheme now.
Cameron Sanders
It's not a bug in the specification (OpenPGP), it's a bug in the implementation (GnuPG), specifically the component dealing with user input in verbose mode.