People here’s take about why free software (“open source”) should be preferred, in my opinion (basically the OpenBSD’s opinion) is flawed.

You said “open source” is “good” because it permits having eyes on (“auditing”) and make sure there isn’t malware.

This is NOT the most important benefit. But it is flawed because, you guys don’t even have the knowledge to do coding. You guys are activist/“journalists” working for CIA. So you cannot audit the software yourselves.

Or “open source” but with a bad code style, how can you make sure the code doesn’t have backdoors? But I think hilarious journalists that is only smart enough to post fake news about how down is the Russia and China economy can’t even write bad code.

“open source” is good, firstly, because it permits auditing the source code and find the bugs, replace flawed/bad code with safer alternative (for example, the advantage of an open-source C software when porting to OpenBSD is they can replace every occurrence of strcat/strcpy with safer strlcat/strlcpy), sandbox it (on OpenBSD, with pledge and unveil), do privileges separation and revocation, etc.

And I think “you can make sure there isn’t malware/backdoors” is the second benefit, NEVER THE FIRST.

Conclusion: Do not blindly trust what is “open source” when you can’t even do code auditing.

  • Enoril@jlai.lu
    link
    fedilink
    arrow-up
    7
    ·
    9 months ago

    You should not write when you’re drunk. You’re mixing lot of things and making wrong assumptions. Come back when you’re sober so we can have a constructive discussion.

    • scratchandgameOP
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      9 months ago

      +1, although for me this is somewhat an insult. The English is bad. Nevertheless, the comment will have constructive discussion.

      But I haven’t found much constructive comment. I want to know if you guys or me is the ignorant. But the most important is getting better.

      • Enoril@jlai.lu
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        If it’s langage issue : apologies! Give me some time, i will write you an constructive answer regarding your points.

      • diyrebel@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        9 months ago

        The biggest problem is self-contradiction. These two statements are incompatible:

        • “This [auditing] is NOT the most important benefit.”
        • “‘open source’ is good, firstly, because it permits auditing the source code”
    • scratchandgameOP
      link
      fedilink
      Tiếng Việt
      arrow-up
      1
      arrow-down
      1
      ·
      9 months ago

      But:

      You’re mixing lot of things and making wrong assumptions.

      What I’m mixing? What assumptions is wrong??

  • lemmyreader
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    9 months ago

    Years ago Microsoft was going Linux bashing mode.

    • Linux is a cancer

    • Linux is unamerican

    • Linux is communism

    And why ? Because of the GPL license.

    Many years ago Microsoft already copy pasted BSD licensed code into their Windows 3.x TCP stack and they got away with that because the BSD license is not like the GPL license. Microsoft hated the GPL license and maybe they still do.

    • Is it important to talk about free software or open source software and be a purist about it ? Maybe.

    • Is it more important to get things done, and focus on coding, package maintenance, sharing knowledge ? Maybe.

    • scratchandgameOP
      link
      fedilink
      Tiếng Việt
      arrow-up
      2
      ·
      9 months ago

      I’m talking about what is the first, most important benefit of free software (or open source). The community claims the first and most important benefit is “to make sure there isn’t malware in the software”. In the post I told them why this is not the most important benefit and the most important benefit is to audit, fix bugs, harden it.

  • breadsmasher@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    9 months ago
    1. Check out repository
    2. Autoformat

    ???

    Never have I ever seen intentionally badly formatted open source code with the intention of making contributing difficult

    • scratchandgameOP
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      Sorry, I’m exaggerating on this.

      But did you heard about libressl developers on openssl code?

    • scratchandgameOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      9 months ago

      The main problem is, do you audit the source code YOURSELVES?

      Or it is just “open source” and no one have eyes on. But get blindly recommended.

    • scratchandgameOP
      link
      fedilink
      Tiếng Việt
      arrow-up
      1
      arrow-down
      2
      ·
      9 months ago

      Fine.

      I’m talking about people who only debate on matrix/reddit about why this privacy service is more trustworthy. Then when I told them to self-host they reacted aggressively.

      • diyrebel@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        9 months ago

        @loudWaterHombre@lemmy.dbzer0.com or @loudWaterEnjoyer@lemmy.dbzer0.com can audit for you.

        Seriously, that’s what you’re missing. Bob the non-coder can trust Microsoft not to plant spyware in MS products, or Bob can trust some portion of the public (limited to ~8 billion people) to audit the code. It’s easier to trust the public than it is to trust a corporation. It’s not just about quantity of eyes, but having eyes that are more aligned with your interests.

        • LoudWaterHombre@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          3
          ·
          9 months ago

          I’m sorry if I made the guy question his life so hard, he deleted his comments.

          You summoned me for auditing code? Call me crazy but I’m in, I would actually do it and hand out free threat level and security analysis for you specific use-case / system.

          I’ve been in the industry for 20+ years.

        • LoudWaterHombre@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          2
          ·
          9 months ago

          He actually did not delete his post.

          hey I have never deleted any comment

          perhaps I’m banned.

          In my shallow thought privacy communities nowadays can only whine when company do something harm their privacy. Few like you are much better, and should escape that community or do something to actually revise it.

          Your data is not private when you put on other’s hard drive. I thought europes are much well-educated than Vietnamese here… but they mostly can’t doubt on privacy policy. If I doubt, they call that conspiracy theories and I’m banned. I only think they are so naive. This is just a surprise for me.

          feel free to public this message

      • LoudWaterHombre@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        9 months ago

        Why are you attacking me then. There are dipshits all over the place in IT spectrum. You won’t see a lot of industry professionals chilling in matrix spaces debating noobs. You had one impression and now you are telling all of us to get a grip. I think you yourself should get some fucking grip.

        • scratchandgameOP
          link
          fedilink
          Tiếng Việt
          arrow-up
          1
          ·
          9 months ago

          Curious why do you put yourself in the class of privacy racers.

            • scratchandgameOP
              link
              fedilink
              Tiếng Việt
              arrow-up
              1
              ·
              9 months ago

              !!!

              Do you think installing and start using privacy-tool-of-week would improve your privacy?! Do you think proton mail is trustworthy?

                • scratchandgameOP
                  link
                  fedilink
                  Tiếng Việt
                  arrow-up
                  1
                  ·
                  9 months ago

                  I saw the clients are open source, but what about the server??

                  Anyways, if you put your data on others’ hard drive, NOTHING will guarantee the data can be erased on demand.

                  But well, when the clients is open source, PGP-encrypted messages are mostly safe.

  • Trent
    link
    fedilink
    arrow-up
    3
    arrow-down
    1
    ·
    9 months ago

    Lemmy clients need a feature to automatically hide poosts by accounts less than X days old…

    • scratchandgameOP
      link
      fedilink
      Tiếng Việt
      arrow-up
      2
      arrow-down
      1
      ·
      9 months ago

      Why? It’d be better to hide post at -5

      Duolingo forum do that.

      • ghu
        link
        fedilink
        arrow-up
        1
        ·
        9 months ago

        Hiding opposing or thought provoking opinions just because the mob don’t like it or agree with it is a bad design which prevents any kind of meaningful discussions and tend to create bubbles. Upvoting and downvoting is not used in the way it was intended for. I’d rather flag posts as spam or low effort which makes the intention clear.

  • ghu
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    9 months ago

    When I install a new software, sure I don’t start auditing the souce code but the developement of a software is a process and I trust that all the contributors and distributors have eyes on it and know what changes a release contains. It’s very hard to sneak in shenanigans into popular repositories. And an opensource software can quickly lose the trust of the community and get replaced if it makes bad turns. In non-free softwares I don’t have this assurance.

    • scratchandgameOP
      link
      fedilink
      Tiếng Việt
      arrow-up
      1
      ·
      edit-2
      9 months ago

      I’m not recommending proprietary.

      I’m clarifying about the benefit of free software: The most important is permission to audit, fix bugs, sandbox it with pledge(2) and unveil(2), NOT “to make sure the software doesn’t carry malware”.

      And I’m alarming: You guys are racing on “open source” but don’t actually audit the source code. Because you guys can’t even code and do not intend to become experts. So the benefit that you guys think the most important become useless. Thankfully there are experts in your community to audit and fork whenever they want.

      And an opensource software can quickly lose the trust of the community and get replaced

      (Such small open source project shouldn’t care if they want to make quick money :) ) I think they wouldn’t care if they have malicious intention

  • scratchandgameOP
    link
    fedilink
    arrow-up
    1
    arrow-down
    2
    ·
    edit-2
    9 months ago

    I think what you guys hate the most is the “This is not correct, and true GNUism won’t accept it. But it is flawed because, you guys don’t even have the knowledge to do coding. You guys are activist/“journalists” working for CIA”

    Both c/privatelife and privsec.dev+grapheneos community is “sponsored” by Richard Stallman I think? Although privsec and the grapheneos community tend to welcome blobs, both c/privatelife and they are same in racing on “open source” and privacy tools.

    Only “journalists” working in CIA would like to do that. People learning programming wouldn’t care.

    An year in the privsec.dev & madaidan’s community and grapheneos community helped me nothing with programming. It should be the same for this community.