From Newsgroup: comp.lang.ada

On Fri, 17 Oct 2025, Tom Mix wrote:
"[. . .]

[. . .]
[. . .] For ordinary folks, the best short-term
advice is to [. . .] keep your
personal accounts and devices patched [. . .]
[. . .]

[. . .]"


Patches are not always improvements. Cf.
news:v7fokv$3ehcr$1@dont-email.me
(Subject: Re: Canal+ crash)
by Dmitry A. Kazakov in news:comp.lang.ada about a software update by CrowdStrike on 19th July 2024.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

Also cf.
news:105o7kg$gi0$5@gallifrey.nk.ca
(Subject: Re: Is Rocksolid Light really compromised and insecure?)
in news:news.admin.peering and news:comp.security.misc and news:news.software.nntp by The Doctor.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On 2025-10-20, Nioclás Pól Caileán de Ghloucester <Spamassassin@irrt.De> wrote:

On Fri, 17 Oct 2025, Tom Mix wrote:
"[. . .]

[. . .]
[. . .] For ordinary folks, the best short-term
advice is to [. . .] keep your
personal accounts and devices patched [. . .]
[. . .]

[. . .]"

Patches are not always improvements. Cf.
news:v7fokv$3ehcr$1@dont-email.me

Not patching because it might cause issues is like skipping deodorant because once it made your armpit itch.
--
Tom Mix
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On Mon, 20 Oct 2025 19:52:54 GMT, Tom Mix wrote:

Not patching because it might cause issues is like skipping deodorant because once it made your armpit itch.

Think of Microsoft Windows as a full-body attack of hives, then ...
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

Patches can ge good. Patches can be bad. A good thing is less likely to
need patches.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On Mon, 20 Oct 2025 22:50:33 +0200, Nioclás Pól Caileán de Ghloucester wrote:

Patches can ge good. Patches can be bad. A good thing is less likely
to need patches.

Greg Kroah-Hartman on the Linux kernel <https://www.zdnet.com/article/the-linux-security-team-issues-60-cves-a-week-but-dont-stress-do-this-instead/>:

Greg Kroah-Hartman, maintainer of the Linux stable kernel, wants
you to know that on an average week, the Linux security team
issues sixty -- 60 -- Common Vulnerabilities and Exposures (CVE)
security bulletins. Don't stress. That's just life in Linux.

...

Wait. Isn't 60 CVEs a week about problems that can stop your
computer dead in its tracks something to worry about? Well, yes.
Then, again, no.

You see, Kroah-Hartman explained, today, the Linux kernel has "38
million lines of code. You only use a little bit of this. My
laptop uses about one and a half million lines of code. .... Your
phone, the most complex beast out there, uses about 4 million
lines of code. So, out of everything, you're really using a small
portion, but everybody uses a different portion, and that's an
important thing to remember."

...

What you can do to keep your system safe -- whether it's a car or
10,000 servers in a data center -- is simple. Kroah-Hartman's rule
is "If you're not using the latest stable/long-term kernel system,
your system is insecure."

By that, he means update your kernel almost every week. Now, most
of you will find that notion as scary as dealing with 60 CVEs a
week.

The thing is, Kroah-Hartman said, "We have proof this can be done.
Debian runs over 80% of the world's servers and they're using
stable kernel updates. Android, billions of devices out there,
takes every stable kernel update on a couple months lag, but
they're doing it and keeping their devices secure. There's nothing
more complex than embedded into the system, and there's nothing
more common and easy to use than a Debian server.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: comp.lang.ada

On 10/20/25 15:52, Tom Mix wrote:

On 2025-10-20, Nioclás Pól Caileán de Ghloucester <Spamassassin@irrt.De> wrote:

On Fri, 17 Oct 2025, Tom Mix wrote:
"[. . .]

[. . .]
[. . .] For ordinary folks, the best short-term
advice is to [. . .] keep your
personal accounts and devices patched [. . .]
[. . .]

[. . .]"


Patches are not always improvements. Cf.
news:v7fokv$3ehcr$1@dont-email.me

Not patching because it might cause issues is like skipping deodorant because once it made your armpit itch.

Software/driver "patches" are a mixed bag - and
twice so if they're done in an emergency hurry.

Ideally you improve the entire base OS, but
that scale of upgrade goes very slow.

In any case, EVERYTHING now needs to be re-done
with hostile actors as the main focus. Russia,
China, NK, to a point even India and some of
eastern Europe ... they're out to GET us.

We aren't using CP/M anymore, today's systems
are just ULTRA complex, not to mention all the
'convenience' stuff. A zillion points of attack.
Vlad's boyz have nothing better to do than find
and exploit ALL of them.

Oh, checked, you CAN buy a few Z80+CP/M kit
boards still :-)

As for 'Ada' ... tried it, wrote some shorties
in it (relatively complex linked lists of linked
lists and such) ... NO NO NO !!! It's the anal-
retentive dream. Surprised mass quantities of
programmers didn't jump off the roof (did they?).
Perfect for "government" projects of course, takes
a month to do what 'C'/other programmers could do
in an afternoon ...

But the vulnerabilities were only just so much
in the hand-writ code. The compiler, the libs,
the underlying OS, the hardware, they all had
points of attack as well. Ada, at best, kind
of reduced ONE of those attack points a little.
A tunnel-vision 'fix'.

--- Synchronet 3.21a-Linux NewsLink 1.2