Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
The difference being that I can actually use the hardware in Linux but the nv driver doesn't even do adequate 2D. If you're going to use the nv driver you might as well just get something that uses a better OSS driver like an older radeon or a matrox.
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
I'm ending this now, because we'll just keep going in circles. The nv driver is absolutely terrible compared to the nvidia driver in terms of picture quality and performance and on top of that I'm surprised that you don't have a problem using a driver that was intentionall obfuscated by nvidia, I mean what's the point of it being OSS if no one can understand the code?
As an addendum to my previous post, the lack of information also causes us to miscommunicate.
This is a trap, plain and simple. Escape is impossible through rhetoric alone. I am convinced that the only way out is to collectively buy our way out: to come to a consensus as to what chipset/hardware is most valuable to us, to collect money, and to try to convince the designer of said chipset or hardware that it is to their advantage to provide sufficient documentation not under NDA, redistributable firmware, and other such things in exchange for a reasonable sum. Even if this amount is orders of magnitude out of our abilities to collect, it is probably the only way outside of corporate wisdom and generosity (which are in very short supply) or expensive (perhaps even more so) reverse engineering for us to have FOSS drivers, which we all desire.
You all very well know that money is the only language businesses understand, and that to speak it indirectly (through retailers and system vendors) doesn't work very well. Why not speak it directly to them?
This is a trap, plain and simple. Escape is impossible through rhetoric alone. I am convinced that the only way out is to collectively buy our way out: to come to a consensus as to what chipset/hardware is most valuable to us, to collect money, and to try to convince the designer of said chipset or hardware that it is to their advantage to provide sufficient documentation not under NDA, redistributable firmware, and other such things in exchange for a reasonable sum. Even if this amount is orders of magnitude out of our abilities to collect, it is probably the only way outside of corporate wisdom and generosity (which are in very short supply) or expensive (perhaps even more so) reverse engineering for us to have FOSS drivers, which we all desire.
You all very well know that money is the only language businesses understand, and that to speak it indirectly (through retailers and system vendors) doesn't work very well. Why not speak it directly to them?
Probably not, but you never know.
The point I'm trying to make is that more options should be explored: closed or unacceptably licensed drivers are undesirable, having no drivers is undesirable, reverse engineering is expensive (time is arguably more precious than money), and generosity from hardware companies is rare and fleeting. Getting what we want is practically a miracle as it is.
However, I can see a strategy like this backfiring, by discouraging the Ralinks of the world from Doing The Right Thing without the need for a prompt.
i've gone out (or rather sat at my computer and clicked a few buttons), and bought a firegl 8700 on ebay. since i currently have a geforce fx5200, it's mild upgrade, but at least now i get open source drivers.
i finally received my ati firegl 8700. after some fiddling, composite and opengl work under linux with the open source drivers. no more nvidia
i'm a little disappointed that the visual quality of the open source drivers really suck on doom 3. oh well, not that i really play it anymore. at least i don't have any more remote exploits (yet).
Wow, you guys blew this out of proportion... in order to exploit, you have to have access to the X session which means being locally logged in be root. OR be forwarding x11 thru your firewall and stupidly have +xhost set.
How do you rationalize the fact nVidia sat on this vulnerability for 2 years? Or the fact it wasn't fixed in the release drivers at the time this vulnerability was released? Or how about the fact no one could fix this except nVidia?
EDIT: Nothing I've read mentions the exploit requiring root... Link? Also, running X applications from a server to be displayed on a client isn't entirely uncommon.
No mention of requiring you to be root, or even logged in locally to the machine in the advisory. In fact, it mentions being able to remotely exploit this flaw. Please provide a link.
Also, how do you rationalize the fact nVidia sat on this vulnerability for 2 years? Or the fact it wasn't fixed in the release drivers at the time this vulnerability was released? Or how about the fact no one could fix this except nVidia?
EDIT: Just to be clear, the fact that the vulnerability exists is not a problem. People write code, and people make mistakes. The problem is that it took 2 years for this to come out to the public who are still WITHOUT A FIX. If this was an open source driver, it would have been fixed in 2k4.
Just an FYI in case you guys didn't know: NVIDIA has released a new version of the drivers to fix this issue.
http://www.nvidia.com/object/linux_display_ia32_1.0-8776.html
http://www.nvidia.com/object/linux_display_ia32_1.0-8776.html
I see you don't really get it:
If you don't already have root, you must have local access to the machine to be able to access the display
or to be remotely exploitable:
you have to be an idiot and run +xhost AND also forward all those ports from the router to the interweb
if you need references try reading this: http://www.oreilly.com/catalog/lunix5/
oh and for all the fanbois, ATI's Linux support sucks and guess what, their drivers are closed source too!
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
I haven't tried it myself, but I remember reading that since it's an exploit in the glyph rendering it's possible that a webpage could trigger the bug by feeding the browser a specially crafted page. And that would make it remotely exploitable and wouldn't require root either.
No, you don't get it.
That's bullshit. OpenSSH allows you to forward X sessions. Hell, you don't even need SSH. NOR DO YOU NEED ROOT. And last time I tried, the xhost ****** didn't affect this at all. Oops.
See my SSH comment.
There is nothing about this exploit on that page that I can find. Please point it out a little better.
There are open source drivers for both ATI and nVidia cards.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 24K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter