People here’s take about why free software (“open source”) should be preferred, in my opinion (basically the OpenBSD’s opinion) is flawed.
You said “open source” is “good” because it permits having eyes on (“auditing”) and make sure there isn’t malware.
This is NOT the most important benefit. But it is flawed because, you guys don’t even have the knowledge to do coding. You guys are activist/“journalists” working for CIA. So you cannot audit the software yourselves.
Or “open source” but with a bad code style, how can you make sure the code doesn’t have backdoors? But I think hilarious journalists that is only smart enough to post fake news about how down is the Russia and China economy can’t even write bad code.
“open source” is good, firstly, because it permits auditing the source code and find the bugs, replace flawed/bad code with safer alternative (for example, the advantage of an open-source C software when porting to OpenBSD is they can replace every occurrence of strcat/strcpy with safer strlcat/strlcpy), sandbox it (on OpenBSD, with pledge and unveil), do privileges separation and revocation, etc.
And I think “you can make sure there isn’t malware/backdoors” is the second benefit, NEVER THE FIRST.
Conclusion: Do not blindly trust what is “open source” when you can’t even do code auditing.
deleted by creator
No one knows
deleted by creator
Try removing everything in (), because they are examples. The post would be shorter.
My English is bad. But the comment will help.
deleted by creator
You should not write when you’re drunk. You’re mixing lot of things and making wrong assumptions. Come back when you’re sober so we can have a constructive discussion.
+1, although for me this is somewhat an insult. The English is bad. Nevertheless, the comment will have constructive discussion.
But I haven’t found much constructive comment. I want to know if you guys or me is the ignorant. But the most important is getting better.
If it’s langage issue : apologies! Give me some time, i will write you an constructive answer regarding your points.
The biggest problem is self-contradiction. These two statements are incompatible:
- “This [auditing] is NOT the most important benefit.”
- “‘open source’ is good, firstly, because it permits auditing the source code”
But:
You’re mixing lot of things and making wrong assumptions.
What I’m mixing? What assumptions is wrong??
More like https://lemmy.world/c/lemmyshitpost
Hi there! Looks like you linked to a Lemmy community using a URL instead of its name, which doesn’t work well for people on different instances. Try fixing it like this: !lemmyshitpost@lemmy.world
Years ago Microsoft was going Linux bashing mode.
-
Linux is a cancer
-
Linux is unamerican
-
Linux is communism
And why ? Because of the GPL license.
Many years ago Microsoft already copy pasted BSD licensed code into their Windows 3.x TCP stack and they got away with that because the BSD license is not like the GPL license. Microsoft hated the GPL license and maybe they still do.
-
Is it important to talk about free software or open source software and be a purist about it ? Maybe.
-
Is it more important to get things done, and focus on coding, package maintenance, sharing knowledge ? Maybe.
I’m talking about what is the first, most important benefit of free software (or open source). The community claims the first and most important benefit is “to make sure there isn’t malware in the software”. In the post I told them why this is not the most important benefit and the most important benefit is to audit, fix bugs, harden it.
-
- Check out repository
- Autoformat
???
Never have I ever seen intentionally badly formatted open source code with the intention of making contributing difficult
Sorry, I’m exaggerating on this.
But did you heard about libressl developers on openssl code?
The main problem is, do you audit the source code YOURSELVES?
Or it is just “open source” and no one have eyes on. But get blindly recommended.
I can audit code jerk
Fine.
I’m talking about people who only debate on matrix/reddit about why this privacy service is more trustworthy. Then when I told them to self-host they reacted aggressively.
@loudWaterHombre@lemmy.dbzer0.com or @loudWaterEnjoyer@lemmy.dbzer0.com can audit for you.
Seriously, that’s what you’re missing. Bob the non-coder can trust Microsoft not to plant spyware in MS products, or Bob can trust some portion of the public (limited to ~8 billion people) to audit the code. It’s easier to trust the public than it is to trust a corporation. It’s not just about quantity of eyes, but having eyes that are more aligned with your interests.
I’m sorry if I made the guy question his life so hard, he deleted his comments.
You summoned me for auditing code? Call me crazy but I’m in, I would actually do it and hand out free threat level and security analysis for you specific use-case / system.
I’ve been in the industry for 20+ years.
Sounds good… will be interesting to see if @scratchandgame@lemmy.ml takes you up on the offer!
We are actually in touch
Hopefully he asks you to audit a tool you might enjoy using or contributing to.
That would be indeed awesome.
He actually did not delete his post.
hey I have never deleted any comment
perhaps I’m banned.
In my shallow thought privacy communities nowadays can only whine when company do something harm their privacy. Few like you are much better, and should escape that community or do something to actually revise it.
Your data is not private when you put on other’s hard drive. I thought europes are much well-educated than Vietnamese here… but they mostly can’t doubt on privacy policy. If I doubt, they call that conspiracy theories and I’m banned. I only think they are so naive. This is just a surprise for me.
feel free to public this message
Why are you attacking me then. There are dipshits all over the place in IT spectrum. You won’t see a lot of industry professionals chilling in matrix spaces debating noobs. You had one impression and now you are telling all of us to get a grip. I think you yourself should get some fucking grip.
Curious why do you put yourself in the class of privacy racers.
Because I’m a privacy advocate
!!!
Do you think installing and start using privacy-tool-of-week would improve your privacy?! Do you think proton mail is trustworthy?
Protonmail is now FOSS?
I saw the clients are open source, but what about the server??
Anyways, if you put your data on others’ hard drive, NOTHING will guarantee the data can be erased on demand.
But well, when the clients is open source, PGP-encrypted messages are mostly safe.
Lemmy clients need a feature to automatically hide poosts by accounts less than X days old…
deleted by creator
Why? It’d be better to hide post at -5
Duolingo forum do that.
Hiding opposing or thought provoking opinions just because the mob don’t like it or agree with it is a bad design which prevents any kind of meaningful discussions and tend to create bubbles. Upvoting and downvoting is not used in the way it was intended for. I’d rather flag posts as spam or low effort which makes the intention clear.
When I install a new software, sure I don’t start auditing the souce code but the developement of a software is a process and I trust that all the contributors and distributors have eyes on it and know what changes a release contains. It’s very hard to sneak in shenanigans into popular repositories. And an opensource software can quickly lose the trust of the community and get replaced if it makes bad turns. In non-free softwares I don’t have this assurance.
I’m not recommending proprietary.
I’m clarifying about the benefit of free software: The most important is permission to audit, fix bugs, sandbox it with pledge(2) and unveil(2), NOT “to make sure the software doesn’t carry malware”.
And I’m alarming: You guys are racing on “open source” but don’t actually audit the source code. Because you guys can’t even code and do not intend to become experts. So the benefit that you guys think the most important become useless. Thankfully there are experts in your community to audit and fork whenever they want.
And an opensource software can quickly lose the trust of the community and get replaced
(Such small open source project shouldn’t care if they want to make quick money :) ) I think they wouldn’t care if they have malicious intention
I think what you guys hate the most is the “This is not correct, and true GNUism won’t accept it. But it is flawed because, you guys don’t even have the knowledge to do coding. You guys are activist/“journalists” working for CIA”
Both c/privatelife and privsec.dev+grapheneos community is “sponsored” by Richard Stallman I think? Although privsec and the grapheneos community tend to welcome blobs, both c/privatelife and they are same in racing on “open source” and privacy tools.
Only “journalists” working in CIA would like to do that. People learning programming wouldn’t care.
An year in the privsec.dev & madaidan’s community and grapheneos community helped me nothing with programming. It should be the same for this community.
Ok 👌