Comments by "Anony Mousse" (@anon_y_mousse) on "Doas I Do To Avoid This Sudo Vulnerability" video.

  1.  @prgnify  Commercial Unix was closed source, but UNIX got most of its development in universities where it was open. Tinkering was most definitely the name of the game.
    18
  2. Your average Rust user isn't intelligent enough to do it. And the vulnerability would still exist in a Rust program as well because it's a string parsing error and has nothing to do with the fake promise of memory safety.
    4
  3.  @capability-snob  Except that it's not short for substitute, it means super user do. That said, I always pronounce it as soo-doe despite knowing the difference because I like the way it sounds more.
    3
  4.  @DVRC  I look at things a different way there. CISC allows for faster code execution, and the only reason why x86 has held onto its monopoly all of this time is because they actually did the work. No RISC architecture has kept up, even ARM. They just coast along doing the bare minimum. Sure, more power efficient, but if it takes you 10 times longer to do the same thing and frustrates users it's not any better. Apple is finally trying to compete, but with locked down hardware that you have to hack to use with an alternative with it's not doing RISC architectures any favor. Microkernels are great in theory, but without the industry at large helping to support such a model they're not realistic. All the major OS's are monolithic because it just works. All of the old drivers that are open source could certainly be converted, but to get widespread acceptance we'd need the hardware manufacturers to cooperate and on new hardware especially. Getting such cooperation for Linux is hard enough as it is but imagine trying to get all of those that contributed binary blobs that work one way to go back and change all of their work from the past 5 to 10 years around to another way of working.
    3
  5. It's something that the program has to do, whereby it just tells the shell not to echo input.
    2
  6.  @yungmang  Each program has to handle that itself. They turn off shell echoing of input before requesting the password. The easiest way is to just use a library like ncurses or readline and let it figure out the platform specific details, but if the terminal you're using supports escape sequences and you know them, you can do it entirely manually.
    2
  7.  @DVRC  I agree with much of that, except that due to the overhead in processing, a clean CISC that wipes away all backwards compatibility would be better than moving towards a completely RISC architecture. Moving data around is the most common action that slows things down that computers do. Having instructions capable of reading from memory and operating on that data is faster than dispatching more instructions to process the same data. And variable instruction sizes can allow for higher density in the cache which leads to faster decode and dispatch. I also fully agree with there being a lot of bad software. I've read a lot of code over the years, most of it has been bad.
    2
  8.  @WadieGamer  If you're only playing old games it might be perfectly fine. There are even some reverse engineering projects that have done native engine ports for some old games, like for the original Half-Life you could use xash. And since Doom 3's engine is open source it's been ported too. I play the original Unreal quite a bit and it runs perfectly through WINE.
    1
  9. Funny, but it might have hit more if you said you logged out as yourself each time you needed to run something as root and then logged back in as yourself when you wanted to continue doing other things.
    1
  10. Some files absolutely need to be mutable though, and for those that are immutable you might as well just disable sudo altogether.
    1
  11.  @ssmith99  Why do you need to clear your screen so often? Is it for some vague security reason or are you just anal retentive with regards to how your screen looks?
    1