The average Linux user has probably hundreds of binaries installed. The 99% of those binaries are not reproducible...

The average Linux user has probably hundreds of binaries installed. The 99% of those binaries are not reproducible, which means there's no way to know if that binary is compromised.

The average Linux distro's repositories have tens of thousands of packages built by unknown volunteers.

Modifying a binaries code to introduce a keylogger would be amazingly easy. Noone would ever notice.

This is the reason why, if you don't build from source, you are fucking retarded.

Attached: 1565621562175.jpg (225x224, 17K)

delet this

Attached: 1564012269437.png (600x583, 340K)

this simply isn't true

What if the compiler is compromised?

Read reflections on trusting trust

same for the average windows or mac user

Okay, then build from source if you're that scizo. If there was a keylogger someone would probably see it in wireshark and tell everyone.

>What if the compiler is compromised?

What if your very CPU is compromised.

>someone would probably see it
how many OpenSSL vulns will it take to disabuse you of this stale meme?

>PEPE PEPE PEPE
>I GOT BOXES OF PEPE

The possibility of such an exploit being possible in the wild is close to zero.

If the compiler is compromised, and you build a different compiler with it, how would it inject malicious code on it?

hint: if your architecture is x86_64, your CPU is compromised

that's why I only use operating system written and compiled by myself, that runs on hardware I made out of scrap metal and silicon I've found in trash near a hospital

rkhunter and other software can detect any unwanted changes to files with hashing

Post this every time a dum stupid frogposter decides to shit up this place more than it already is. I would personally shake your hand if I could.

Attached: rare_pepe.webm (480x360, 2.95M)

...

>desperately trying to get attention by replying to everyone

Eat shit

see

>The possibility of such an exploit being possible in the wild is close to zero.
yet this is exactly what the Chinese government used to spy on iPhone users in China (see: XcodeGhost)

neck yourself retardo I bet you have tiny white cock

No, YOU eat shit you frogposting scum.
see
see

Why do you post the frogs? What compels you to such absolute lunacy?

>sperging out because of a frog

If Linux is so insecure then why is it always Wincucks that get pwned?

Attached: proxy.duckduckgo.com.png (700x582, 367K)

another thread bites the dust

Fuck off frog eating chink

Wow
Much argument
Such dubs

>rare_pepe
It's so rare the damn thing's still alive.

how can one cute amphibian cause this much anal consternation?

Attached: rx9ygFL.png (978x986, 884K)

Because it has a bigger marketshare and is used by literal brainlets.

You don't understand, every thread this stupid frog gets posted with is a steaming shitfest underage retards who think shitting up this site for "le luls" is fucking epic and will go home to circlejerk to their discord mentally ill trannies.

Why isn't this stupid piece of shit a bannable offense yet, why does does this website have to be so ass backwards as FUCK.

BAN ME YOU USELESS COCKSUCKING HOT PICKET EATING PIECE OF SHIT JANNY THAT CAN'T DO HIS FUCKING JOB.

(THIS USER HAS BEEN BANNED FOR THIS POST)

DO IT YOU PUSSY, TAKE THE WHOLE WEBSITE DOWN FOR THE GOOK OVERLORD

>pepeposting literally causes mental breakdowns and schizophrenia
nice

>le ebin contrarian faggot
kys

I hate frogposters but that's too much.

If you want to know how it looks when that happens to your soul, subscribe to Londonfrog.

>32 replies
>14 posters

based schizo
dumping my frog folder

Attached: tenor_5.gif (220x220, 9K)

Attached: 1563991279951.jpg (734x823, 129K)

Attached: original_0.gif (300x456, 567K)

Based

Attached: 1565237165307.jpg (1024x784, 248K)

I literally am one of those "unknown volunteers" and I contributed a tiny bit of code that's still in XFCE.

Attached: angry-linux-100535581-large.jpg (580x387, 22K)

Don't be a brainlet, just open your binaries with a hex editor and make sure they aren't doing anything malicious

imagine falling for this. i fucking hate boomers

he means distro volunteers, not dev volunteers

Umadbro

Attached: 1564994244321.png (910x587, 887K)

Guix

Yeah mate, a random stack overflow is totally the same as a keylogger.

Binaries are reproducible???? You suck OP

If I understand correctly, Chinks downloaded a pirated version of a compiler that introduced malicious code.

But, if they used that compiler/toolchain to compile another compiler from source, would that new compiler start putting malicious code into their apps? (X) Doubt.

Why would you make your life so difficult? Why not just target retarded Arch users and put malware into AUR packages?

> linux is the only place that you can build a reproducible system from source code
> other systems require binary blobs and/or build systems that don't create reproducible binaries
> linux is dangerous because of this

I'm having a hard time in life right now. I've been fighting a battle with religion for way too long and I've only started to come to terms with it in recent months. Thank you for posting this user, and God bless you. I can go to sleep tonight with peace in my heart being reminded of this.

Attached: 1564892629813.png (925x711, 32K)

Even if you build from source that assumes you to actually read every line of source. Totally easy for some compromised source to hide obfuscated in the labyrinth of packages.

Nobody is going to comb through line by line you autist.

>cpu compromised oh fugg
What if YOU are compromised? Would you even know?

This. What if the source code was compromised? You're still essentially trusting the maintainer + community's competency. Simply put, be skeptical if it hasn't been audited.

>[Reeeeeeeees internally]

Actually dude look up the reproducible binary project. Most of debian is reproducibly compiled.

Nigger that's not enough. You gotta recognize the odor of the common execution patterns and smell your processor before and during important instruction executions and sniff out any differences in odor.

Shame it's just make believe.

Wow big whoop. How many people get infected a year? 0?

What if somebody wrote a key logger into the source and you build it with the main application.

Or are you going to read potentially 100,000 lines of code before building?

Nope. Auditing isnt foolproof either.

An npm package got compromised some time ago. New owner silently took over. He put malware in the latest 2.x release but ledt 3.x clean. All the legacy package.jsons upgraded to the latest non breaking 2.x tepease and got the malware.

The dogshit npm audit package only inspected the latest 3.x release.

You didn't even have to use the package directly. It could have been a sub dependency.

>This is the reason why, if you don't build from source, you are fucking retarded.

This is the reason why you place your trust somewhere since no one has the time to check every piece of code manually.