37 Tax Tips For Australia's Most In-Demand Jobs

Four McDonald's Products That Kitchen Staff Say They'd Never Eat

Amazon Prime: Australian Pricing, Delivery Times And Inclusions

Linux Bug Gets Squashed Two Years After Being Introduced

Image: iStock

The cycle in which ideas turn into software is getting shorter and shorter. By and large, this is a good thing as new functions are delivered to users faster than ever before. But one of the consequences is software bugs are introduced and sometimes missed. I suspect part of the reason is testing cycles are being squeezed. This is part of the root cause, I think, as to why a two year old bug was introduced into Linux.

Researcher Chris Coulson found the bug which can allow a malicious actor to write to a system using a specifically crafted TCP payload which exploits the flaw in systemd.

He traced the flaw back to a specific developer.

According to a report at ITWire, patches for Ubuntu have been issued while Debian may still be vulnerable. Red Hat says Red Hat Enterprise Linux 7 is not affected.

It's a good thing this was detected and fixed. But I remain concerned at how these flaws get introduced and committed to public codebases. I get that software is complex and that testing is challenging.

Is there a way to solve this challenge? Does the way we create software need to change? Or are we stuck with these sorts of issues?

Also on Lifehacker
Planhacker: The Cheapest Ways To Get FIFA World Cup On Your Phone
Australia's Best NBN Plans, Ranked By Speed [Updated]
The Best Mobile Plans That Last Longer Than A Month

Comments

  • lightyear @lightyear

    You can take the philosophical angle:

    We're stuck with them in just the way we're stuck with doors and windows in our homes. It's always a trade-off between accessibility and security. We can have perfectly secure software, but its utility would be exactly zero. Every time we add the ability to interact with the software, we add the potential for that to be exploited. The locks gets better, the windows get tougher, but break-ins aren't going away.

    Or you can take the technical angle:

    This class of bug (buffer overrun) is permitted by the language. Other languages don't allow them. We could require everything be written in Ada or something, but just like static analysis or language subsets, it doesn't solve everything.

    But at the end of the day, many people have thought about this problem very deeply for a long time. There are "solutions" but as yet, there is no solution.

    1

Join the discussion!

Log In
Sign Up
Guest Access

Trending Stories Right Now

au internet isp pirate-bay torrent

How To Bypass ISP Blocking Of The Pirate Bay And Other Torrent Sites For Free [Updated]

In 2016, the Federal Court ordered ISPs to block five popular torrent websites including The Pirate Bay, TorrentHound and IsoHunt within 15 business days. Since then, a swathe of additional sites have been added to the block list in a bid to eradicate piracy. Torrenting itself is completely legal of course, and it's not all that difficult to circumvent ISP blocking of torrent websites. For instance, you can do it through a VPN, which often requires a monthly subscription fee. Here are some ways to gain access to blocked torrent sites for free.
diet exercise fitness myths science

Ten Exercise Myths To Avoid

Finding clear, definitive facts about healthy exercise can be difficult. The exercise industry is a multi-billion dollar business, built partially on selling gadgets and supplements to people desperate to lose weight or look attractive. Meanwhile, good workout plans and simple truths lurk in the background waiting for their time to shine. All of this results in lots of misinformation about exercise. We're taking some of those commonly-held exercise myths to task, and we have science to back us up. Let's get started.

Latest Deals

Trending Articles