this post was submitted on 07 Jul 2023
1677 points (92.9% liked)

Memes

47169 readers
1200 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
gary_host_laptop@lemmy.ml
sexy_peach@feddit.de
cyclohexane@lemmy.ml
cypherpunks@lemmy.ml
1677
It's Open Source! (lemmy.dbzer0.com)
submitted 2 years ago* (last edited 2 years ago) by 001100010010@lemmy.dbzer0.com to c/memes@lemmy.ml
223 comments fedilink hide all child comments
 

Not discrediting Open Source Software, but nothing is 100% safe.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] Jmr@lemmy.world 11 points 2 years ago (1 children)

I have never. But someone has.

[–] JshKlsn@lemmy.ml 11 points 2 years ago (1 children)

Everyone thinks this, so no one does it.

It's like the bystander effect.

[–] jdaxe@infosec.pub 6 points 2 years ago

Depends on the software, you can bet your ass people are auditing the Linux kernel every day.

[–] Gradually_Adjusting@lemmy.world 10 points 2 years ago

Ahh the old motte and bailey doctrine.

FOSS is superior even for an end user like me. It only fails when corporations are allowed to "embrace, extend, and extinguish" them.

[–] bill_1992@lemmy.world 9 points 2 years ago

Even audited source code is not safe. Supply-chain attacks are possible. A lot of times, there's nothing guaranteeing the audited code is the code that's actually running.

[–] SexualPolytope@lemmy.sdf.org 9 points 2 years ago* (last edited 2 years ago)

"I don't care about free speech because I have nothing to say." Doofus.

[–] kratoz29@lemmy.world 9 points 2 years ago

We can't but we can shit post at light speed if something fishy is discovered.

[–] NutWrench@lemmy.ml 9 points 2 years ago (1 children)

Also, recompile the source code yourself if you think the author is pulling a fast one on you.

load more comments (1 replies)
[–] Kolanaki@yiffit.net 9 points 2 years ago* (last edited 2 years ago)

IDK why, but this had me imagining someone adding malicious code to a project, but then also being highly proactive with commenting his additions for future developers.

"Here we steal the user's identity and sell it on the black market for a tidy sum. Using these arguments..."

[–] IceGoddessEmma@lemmy.comfysnug.space 9 points 2 years ago

im in this image and i dont like it

[–] MinusPi@pawb.social 9 points 2 years ago

No, but someone knows how and does. If there's something bad, there'll be a big stink.

[–] davewritescode@lemm.ee 8 points 2 years ago (1 children)

Heartbleed is the only counter example anyone needs to know that open source isn't perfect. Intelligence agencies were likely sucking up encrypted traffic because nobody was paying attention to the most commonly used TLS library in the world

load more comments (1 replies)
[–] stonemilker@discuss.tchncs.de 8 points 2 years ago (1 children)

Good article about this: https://seirdy.one/posts/2022/02/02/floss-security/

load more comments (1 replies)
[–] SquishyPandaDev@yiffit.net 7 points 2 years ago* (last edited 2 years ago) (11 children)

*cough* Heartbleed *cough*

load more comments (11 replies)
[–] Selmafudd@lemmy.world 7 points 2 years ago (1 children)

Here is my quick guide to audit code.

Step one. Google is the code safe.

load more comments (1 replies)
[–] tnomrom_haroj@lemmy.world 6 points 2 years ago (2 children)

Ha! It's not just whether you know how but whether you actually do it.

I remember one a few years back, a fairly large project (I don't remember the name though), very active community but no one LOOKED. That's part of the problem.

Still the best option imho

load more comments (2 replies)
load more comments
view more: ‹ prev next ›