this post was submitted on 08 Aug 2023
1680 points (88.1% liked)

Technology

59559 readers
4137 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 18 points 1 year ago (2 children)

I think one of the biggest issues with FOSS-minded people is that they automatically consider open source software private, safe and having good intentions in mind, but they never actually go beyond the surface to check if it actually is.

[–] [email protected] 22 points 1 year ago (2 children)

Most people who use FOSS are not qualified to check source code for ill-intent (like me) and rely on people smarter than them (and me) to review the code and find any problems. FOSS isn't automatically private, safe, and having good intentions, but if it isn't, at least the code is transparent and the review process is open for all. Commercial software has no review, and zero transparency.

[–] [email protected] 2 points 1 year ago (1 children)

True, but Libre software can be commercial. So you should instead say that the proprietary or non-libre software has no transparency.

[–] [email protected] 2 points 1 year ago
[–] [email protected] 1 points 1 year ago (1 children)

The problem is that quite often everything rests on that belief in someone else being there to check. Most of the time, even if some of the users are qualified to do it, they don't have the time to go through all of the code and then be on it through each update.

[–] [email protected] 1 points 1 year ago

Good point and worth considering. For the more popular stuff, though, it's likely someone somewhere is looking at it, and even the threat of discovery is enough to discourage malfeasance. And in either case, it's better to have the observability rather than a black box system with no possibility to check it.

[–] [email protected] 2 points 1 year ago (2 children)

Free software is not automatically private or secure, but it can be. Proprietary software can't.

[–] [email protected] 1 points 1 year ago

Why can't proprietary software be private or secure? You cannot verify it for yourself, but nothing about the licensing model precludes it. In highly regulated industries (such as health care or banking), I would expect a very large investment by software vendors into security.

[–] [email protected] -1 points 1 year ago (1 children)

You can disassemble any kind of closed source software and fully analyze it.

[–] [email protected] 0 points 1 year ago (1 children)

But you can't legally modify it and distribute your modified version. You can't fix a vulnerability and share the patched version with others. Only the developer can, so you are at their mercy. If they add spyware into the program, users can't do anything about it.

[–] [email protected] 3 points 1 year ago (1 children)

I think it's a gray area in that if you merely instruct people on it or distribute it as a patcher that contains none of the original code or assets, few would take issue with it, and if they do, their legal position would be much shakier compared to fighting piracy.

[–] [email protected] 1 points 1 year ago

That's true. Still it's more difficult for everyone.