flat assembler
Message board for the users of flat assembler.

Index > Heap > On trusting open source softwares

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
TmX



Joined: 02 Mar 2006
Posts: 821
Location: Jakarta, Indonesia
TmX
revolution wrote:
How come no one mentions Apple? Apple is worse than MS with regard to secrecy. Wink


er... the XNU is open source, right?
Post 02 Feb 2010, 15:48
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
TmX wrote:
er... the XNU is open source, right?
Oh, I forgot about the MAC. Embarassed I was thinking of the iP*ds and iPhones and other locked devices where Apple decide what you can and cannot run.
Post 02 Feb 2010, 16:09
View user's profile Send private message Visit poster's website Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
DustWolf wrote:
As for the rest of the argument, I prefer my back-doors open-source. That way if I want to be paranoid I can check them out, rather than trusting Microsoft to be honest and non-abusive towards their costumers. Think of the odds.
It also happens that Windows is extremely popular... and there's a huge interest in revealing Microsoft mistakes. They would get extreme bad publicity, like they did with the secret "Firefox addon" on an update.

That is much more realistic than "checking the source code yourself FOR exploits (not just for 'learning')" which, really, nobody does it (by 'nobody' I of course mean 99%, since there's always the few who do).

Sony BMG installed rootkits with their music CDs once with autoruns to prevent sharing... needless to say they were forced to back off and take them out by bad publicity. Oh and yes, there was no source code available to examine... just popularity which means highly skilled security people/experts are INTERESTED in examining threats like that.

_________________
Previously known as The_Grey_Beast
Post 02 Feb 2010, 18:10
View user's profile Send private message Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
As much as I hate starting up a conversation with YOU again...

Borsuc wrote:
That is much more realistic than "checking the source code yourself FOR exploits (not just for 'learning')" which, really, nobody does it (by 'nobody' I of course mean 99%, since there's always the few who do).


I did use the word "paranoid" didn't I? Most people are not paranoid. Some are. I know a few. They run FreeBSD and hand-pick and read every piece of software they ever run. Personally I think it's a huge handicap, but if they want to be paranoid it's their choice.

I like it when people have a choice. All people I know like having a choice too.

Borsuc wrote:
Sony BMG installed rootkits with their music CDs once with autoruns to prevent sharing... needless to say they were forced to back off and take them out by bad publicity. Oh and yes, there was no source code available to examine... just popularity which means highly skilled security people/experts are INTERESTED in examining threats like that.


Most closed-source software has issues that nobody is aware of. Such is the nature of closed-source. A reason good enough to me.

LP,
Jure
Post 02 Feb 2010, 20:26
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
I think you kinda missed the point of the thread, but preachers always do that Razz

It's not about "open-source is worse than closed-source", it's about "open-source is not immune to backdoors". But of course for you it's always black and white: either something is "THE BEST" or it is "THE WORST". Just because something is open-source doesn't mean that there is no hidden stuff.

My argument was that popular software, such as Windows, is much less likely to have hidden backdoors without being detected by a third party. (note: I didn't say CLOSED software, it just happens that Windows is very popular)

_________________
Previously known as The_Grey_Beast
Post 02 Feb 2010, 23:15
View user's profile Send private message Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
Borsuc wrote:
My argument was that popular software, such as Windows, is much less likely to have hidden backdoors without being detected by a third party. (note: I didn't say CLOSED software, it just happens that Windows is very popular)


While this may be true, it is also quite likely that any hidden backdoors in closed-source will be known by those who will abuse them rather than those who are going to fix them or work around them.

LP,
Jure
Post 02 Feb 2010, 23:46
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
Except if it's popular and the company in question depends on good publicity Wink
Post 03 Feb 2010, 00:09
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
Open source only gives you the ability to modify and recompile stuff to your taste. It gives absolutely no assurance whatsoever of the code being benign.

Lots of stuff can be deliberately included and you would never know: http://underhanded.xcott.com/?page_id=2
Post 11 Mar 2010, 18:34
View user's profile Send private message Visit poster's website Reply with quote
kohlrak



Joined: 21 Jul 2006
Posts: 1421
Location: Uncle Sam's Pad
kohlrak
Borsuc wrote:
Except if it's popular and the company in question depends on good publicity Wink


Kinda late, but i must point out that MS doesn't need good publicity. Only people who have the guts to demand other products will use something other than windows. For the other 99% of the world, windows will continue to rule them no matter what.
Post 24 Mar 2010, 11:23
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.