From Newsgroup: comp.lang.ada

On Fri, 17 Oct 2025, Tom Mix wrote:
"[. . .]

[. . .]
[. . .] For ordinary folks, the best short-term
advice is to [. . .] keep your
personal accounts and devices patched [. . .]
[. . .]

[. . .]"


Patches are not always improvements. Cf.
news:v7fokv$3ehcr$1@dont-email.me
(Subject: Re: Canal+ crash)
by Dmitry A. Kazakov in news:comp.lang.ada about a software update by CrowdStrike on 19th July 2024.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

Also cf.
news:105o7kg$gi0$5@gallifrey.nk.ca
(Subject: Re: Is Rocksolid Light really compromised and insecure?)
in news:news.admin.peering and news:comp.security.misc and news:news.software.nntp by The Doctor.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On 2025-10-20, Nioclás Pól Caileán de Ghloucester <Spamassassin@irrt.De> wrote:

On Fri, 17 Oct 2025, Tom Mix wrote:
"[. . .]

[. . .]
[. . .] For ordinary folks, the best short-term
advice is to [. . .] keep your
personal accounts and devices patched [. . .]
[. . .]

[. . .]"

Patches are not always improvements. Cf.
news:v7fokv$3ehcr$1@dont-email.me

Not patching because it might cause issues is like skipping deodorant because once it made your armpit itch.
--
Tom Mix
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On Mon, 20 Oct 2025 19:52:54 GMT, Tom Mix wrote:

Not patching because it might cause issues is like skipping deodorant because once it made your armpit itch.

Think of Microsoft Windows as a full-body attack of hives, then ...
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

Patches can ge good. Patches can be bad. A good thing is less likely to
need patches.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On Mon, 20 Oct 2025 22:50:33 +0200, Nioclás Pól Caileán de Ghloucester wrote:

Patches can ge good. Patches can be bad. A good thing is less likely
to need patches.

Greg Kroah-Hartman on the Linux kernel <https://www.zdnet.com/article/the-linux-security-team-issues-60-cves-a-week-but-dont-stress-do-this-instead/>:

Greg Kroah-Hartman, maintainer of the Linux stable kernel, wants
you to know that on an average week, the Linux security team
issues sixty -- 60 -- Common Vulnerabilities and Exposures (CVE)
security bulletins. Don't stress. That's just life in Linux.

...

Wait. Isn't 60 CVEs a week about problems that can stop your
computer dead in its tracks something to worry about? Well, yes.
Then, again, no.

You see, Kroah-Hartman explained, today, the Linux kernel has "38
million lines of code. You only use a little bit of this. My
laptop uses about one and a half million lines of code. .... Your
phone, the most complex beast out there, uses about 4 million
lines of code. So, out of everything, you're really using a small
portion, but everybody uses a different portion, and that's an
important thing to remember."

...

What you can do to keep your system safe -- whether it's a car or
10,000 servers in a data center -- is simple. Kroah-Hartman's rule
is "If you're not using the latest stable/long-term kernel system,
your system is insecure."

By that, he means update your kernel almost every week. Now, most
of you will find that notion as scary as dealing with 60 CVEs a
week.

The thing is, Kroah-Hartman said, "We have proof this can be done.
Debian runs over 80% of the world's servers and they're using
stable kernel updates. Android, billions of devices out there,
takes every stable kernel update on a couple months lag, but
they're doing it and keeping their devices secure. There's nothing
more complex than embedded into the system, and there's nothing
more common and easy to use than a Debian server.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On 10/20/25 15:52, Tom Mix wrote:

On 2025-10-20, Nioclás Pól Caileán de Ghloucester <Spamassassin@irrt.De> wrote:

On Fri, 17 Oct 2025, Tom Mix wrote:
"[. . .]

[. . .]
[. . .] For ordinary folks, the best short-term
advice is to [. . .] keep your
personal accounts and devices patched [. . .]
[. . .]

[. . .]"


Patches are not always improvements. Cf.
news:v7fokv$3ehcr$1@dont-email.me

Not patching because it might cause issues is like skipping deodorant because once it made your armpit itch.

Software/driver "patches" are a mixed bag - and
twice so if they're done in an emergency hurry.

Ideally you improve the entire base OS, but
that scale of upgrade goes very slow.

In any case, EVERYTHING now needs to be re-done
with hostile actors as the main focus. Russia,
China, NK, to a point even India and some of
eastern Europe ... they're out to GET us.

We aren't using CP/M anymore, today's systems
are just ULTRA complex, not to mention all the
'convenience' stuff. A zillion points of attack.
Vlad's boyz have nothing better to do than find
and exploit ALL of them.

Oh, checked, you CAN buy a few Z80+CP/M kit
boards still :-)

As for 'Ada' ... tried it, wrote some shorties
in it (relatively complex linked lists of linked
lists and such) ... NO NO NO !!! It's the anal-
retentive dream. Surprised mass quantities of
programmers didn't jump off the roof (did they?).
Perfect for "government" projects of course, takes
a month to do what 'C'/other programmers could do
in an afternoon ...

But the vulnerabilities were only just so much
in the hand-writ code. The compiler, the libs,
the underlying OS, the hardware, they all had
points of attack as well. Ada, at best, kind
of reduced ONE of those attack points a little.
A tunnel-vision 'fix'.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On 10/20/25 16:50, Nioclás Pól Caileán de Ghloucester wrote:

Patches can ge good. Patches can be bad. A good thing is less likely to
need patches.

But how to be sure 'good' is actually 'good' ?

It's a problem.

'AI' won't fix this either.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

As for 'Ada' ... tried it, wrote some shorties
in it (relatively complex linked lists of linked
lists and such) ... NO NO NO !!! It's the anal-
retentive dream. Surprised mass quantities of
programmers didn't jump off the roof (did they?).
Perfect for "government" projects of course, takes
a month to do what 'C'/other programmers could do
in an afternoon ...

Linked lists seem simple in Ada to me. Skill issue?

But the vulnerabilities were only just so much
in the hand-writ code. The compiler, the libs,
the underlying OS, the hardware, they all had
points of attack as well. Ada, at best, kind
of reduced ONE of those attack points a little.
A tunnel-vision 'fix'.

All of what you mention above is vastly because they or their firmware is
written in C and also falls into different parts of a risk model such as
physical access etc..
--
Regards, Kc
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

You see, Kroah-Hartman explained,
stable kernel updates. Android, billions of devices out there,
takes every stable kernel update on a couple months lag, but
they're doing it and keeping their devices secure.

Actually that means that Android devices are constantly vulnerable to
publicly known exploits except Goigle Pixel. Phones require security and
not safety. Even for monthly updates only delayed by Googles silly testing
requirements where devices are patched by the end of the month after pixels
are patched on e.g.the 4th then it means that over 90% of the year those
phones are vulnerable to publicly known exploits.

Linux has trouble even reaching the security bar never mind safety and yet
Elon thought 3 Linux systems counted as redundancy in space...such a
joke(r) on so many counts.
--
Regards, Kc
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On Sat, 25 Oct 2025 19:59:52 -0000 (UTC), Kevin Chadwick wrote:

Linux has trouble even reaching the security bar never mind safety
and yet Elon thought 3 Linux systems counted as redundancy in
space...such a joke(r) on so many counts.

Remember the Ingenuity helicopter that flew about on Mars? Originally
tacked onto the Curiosity mission as an afterthought, designed only
for a few test flights over maybe 30 days, just as an experiment?
Ended up operating for 3 years with 72 flights, and making important contributions to the mission?

Yup, it ran Linux.

<https://web.archive.org/web/20240711103822/https://list.waikato.ac.nz/archives/list/wlug@list.waikato.ac.nz/thread/57ZXVFPZ5462OVYYFEUPIKAXYG54SYGZ/>
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

followups reduced

On 20/10/2025 20:52, Tom Mix wrote:

Not patching because it might cause issues is like skipping deodorant because once it made your armpit itch.

Issues are a DoS. News about security risks can be a DDoS whenever a
security update introduces issues. For security, security updates must introduce no issues; they must be orthogonal to the functionality (both advertised and conventionally assumed).

--
Tristan Wibberley

The message body is Copyright (C) 2025 Tristan Wibberley except
citations and quotations noted. All Rights Reserved except that you may,
of course, cite it academically giving credit to me, distribute it
verbatim as part of a usenet system or its archives, and use it to
promote my greatness and general superiority without misrepresentation
of my opinions other than my opinion of my greatness and general
superiority which you _may_ misrepresent. You definitely MAY NOT train
any production AI system with it but you may train experimental AI that
will only be used for evaluation of the AI methods it implements.

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

Tristan Wibberley wrote this post while blinking in Morse code:

<snip>

--
Tristan Wibberley

The message body is Copyright (C) 2025 Tristan Wibberley except
citations and quotations noted. All Rights Reserved except that you may,
of course, cite it academically giving credit to me, distribute it
verbatim as part of a usenet system or its archives, and use it to
promote my greatness and general superiority without misrepresentation
of my opinions other than my opinion of my greatness and general
superiority which you _may_ misrepresent. You definitely MAY NOT train
any production AI system with it but you may train experimental AI that
will only be used for evaluation of the AI methods it implements.

:-D
--
Don't change the reason, just change the excuses!
-- Joe Cointment
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

Remember the Ingenuity helicopter that flew about on Mars? Originally
tacked onto the Curiosity mission as an afterthought, designed only
for a few test flights over maybe 30 days, just as an experiment?
Ended up operating for 3 years with 72 flights, and making important >contributions to the mission?

Yup, it ran Linux.

So what. I've had OpenBSD servers up without a reboot for well over a year.
Even longer with OpenBSD dues to less security patches. Had it failed which
is much more likely and possibly all three Linux kernels would in the same
way then that's a lot of money wasted on pretend redundancy along with
inappropriately complex and generic kernels.

Regards, Kc
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.

--708268602-433880605-1761493149=:1025264
Content-Type: text/plain; CHARSET=UTF-8; format=flowed Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID: <5c4d1672-f2c3-60da-867e-3407621af352@insomnia247.nl>

Dear Mister d=E2=80=99Oliveiro,

Consider redundancy in terms of the different principles of different=20 altimeters. Cf.
HTTPS://WWW.Britannica.com/technology/altimeter
A main principle of one type of altimeter relies on pressure. A main=20 principle of a different type of altimeter relies on radio propogations.

Mister Chadwick warns that if one (Linux) system fails, then two (Linux)=20 similar systems probably also fail. If alternative techniques are used=20
(e.g. a pressure altimeter and a radio altimeter), then they are less=20 probably going to all fail at the same time. I.e. different techniques can=
=20
offer a good redundancy.

Dear Mister Chadwick,

NASA made a webpage more than twenty years ago about thinking to use Linux=
=20
in space. Thereafter a then employee of the European Space Agency thought=
=20
about Linux in space but he saw that NASA did not add to this webpage so=20
he concluded that NASA did not think more of it.

(Linux is not suitable for space but . . .)

This is not the best way for ESA to conclude. This ESA then employee did=20 important things but he did not report them all on a webpage. NASA might=20 have had more to say about Linux if he would have asked.

Mister Chadwick correctly complained about Linux's
"inappropriately complex and generic kernels"
but I must say that my boss when ESA used to employ me in 2001 complains=20 that maintaining software on spacecraft is very frustrating because it is=
=20
like performing heart surgery on a conscious patient without an anesthetic=
=20
because a maintainer cannot safely simply stop an old version of an=20 application (e.g. Excel) on a spacecraft and start a new patched version,=
=20
which he wants to. If, however, he would have dared to use a=20 Microsoft-Excel-compatible operating system on a spacecraft, then there=20 would be a disaster!
--708268602-433880605-1761493149=:1025264--
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On Sun, 26 Oct 2025 13:55:19 -0000 (UTC), Kevin Chadwick wrote:

Remember the Ingenuity helicopter that flew about on Mars?
Originally tacked onto the Curiosity mission as an afterthought,
designed only for a few test flights over maybe 30 days, just as an
experiment? Ended up operating for 3 years with 72 flights, and
making important contributions to the mission?

Yup, it ran Linux.

So what. I've had OpenBSD servers up without a reboot for well over
a year.

Could you run OpenBSD on the necessary hardware?

No, you could not.

Had it failed which is much more likely ...

But it didn’t.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On Sat, 25 Oct 2025, Kevin Chadwick wrote:
"Linux has trouble even reaching the security bar never mind safety and
yet
Elon thought 3 Linux systems [. . .]"


Another misadventure which is associated with a non-Adaist is: HTTPS://WWW.FoxBusiness.com/fox-news-tech/musks-new-grokipedia-crashes-launch-day-hosts-nearly-900k-articles
--- Synchronet 3.21a-Linux NewsLink 1.2