technology

23559 readers

2 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 4 years ago

MODERATORS

context@hexbear.net

EmmaGoldman@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

ZoomeristLeninist@hexbear.net

Isn't Ubuntu (and therefore Mint, other derivatives) backdoored? (hexbear.net)

submitted 1 month ago by sooper_dooper_roofer@hexbear.net to c/technology@hexbear.net

21 comments fedilink hide all child comments

I'm stupid can someone explain which distros are least backdoored? Maybe using a phylogenetic linux chart to simplify it

you are viewing a single comment's thread
view the rest of the comments

[–] trompete@hexbear.net 13 points 1 month ago* (last edited 1 month ago)

I mean you get updates from your distro. So in that sense every distro is equally backdoored. If some agents or criminals can get at the infrastructure & signing keys (or the people responsible for those), they could distribute backdoors through the update mechanism. I don't recall this exact thing ever happening, but, for example, someone hacked Mint's website some years ago and replaced to ISOs with backdoored ones.

Also, there are what's called remote code execution (RCE) vulnerabilities, those are found regularly in all kinds of software, but those look like (and most likely almost always are) honest mistakes. Anyone with the right know-how can exploit such an RCE in a vulnerable system. We do know that government agencies pay people to find RCEs, or buy them on the black market, and then keep them secret as a potential offensive cyber weapon to break into systems.