Open source is generally considered to be more secure because the large number of eyes on it are expected to catch the vulnerabilities. That’s the idea anyway.
I get where you’re coming from though. If anyone can see how it works it must be easier to break into right? But if something is only secure because you don’t know how it works, then it isn’t really secure at all.
Right. The amount people with good intentions looking for vulnerabilities in open source software far outnumbers the amount of malicious actors looking for vulnerabilities.
Right. The amount people with good intentions looking for vulnerabilities in open source software far outnumbers the amount of malicious actors looking for vulnerabilities. Chances are great that, by the time malicious actors find a vulnerability, someone with good intentions is working on a patch already.
But if something is only secure because you don’t know how it works, then it isn’t really secure at all.
For an IRL equivalence, just watch any Lock Picking Lawyer video featuring any Master lock. If watching how easily defeated those locks are plummets your confidence in those locks, well it’s the same idea with digital security.
Short answer is no. Safety of a program is in its implementation, not in the visibility of the code.
Most of the internet runs on opensource code, most companies that require highest security rely on open source programs, while companies relying on proprietary software are victims of hackers, malwares, ransomware every second (I am not going to name names to avoid useless wars).
That said, not all open source code is safe to use, as no all closed source software is safe to use. Bigger projects, used by many and used by experts are usually safe, most often even safer than close source counterparts.
Smaller projects are as safe as any random software downloaded from internet, unless you are able to read the code yourself. Many are safe, many aren’t, few are malevolent.
Be careful and research the program you are installing for security concerns.
If you want to download big stuff like debian, fedora, blender, gimp, krita, chromium, vscode, docker, k8s (I don’t know what you are into) just be sure that you trust the source from were you download binaries. The same as for any closed source software
Except Chromium can still access the Chrome extension store. The VSCode extension store is not included with the OSS version, which seriously hampers the usefulness of the app.
I just love when I get these ingrown things like 0.5mm thick in diameter (in my beard) :) They have a tendency to just slide right out, leaving a small hole in the skin.
Nah it doesn’t blank out your credit card number unless it’s followed by cvv number and expiration date - I think it even encrypts it if you enter a 5 digit billing zip code
The EU did its job correctly by forcing sites to ask for consent. How that rule is implemented is up to the sites, and they often choose to do it in the most annoying possible way. And then tell you to blame the EU for it.
Also as a website owner, you only need to ask for consent when you use more than "strictly necessary" cookies (https://gdpr.eu/cookies/), i.e. cookies that are needed for your site to function normally.
I just learned about the Do Not Track standard, which seems like a much better solution. Just tell your browser once that you don’t want to be tracked, and websites are required to respect that. Rather than each website implementing its own banner UI.
I blame the EU for not forcing implementation of Do Not Track standards. I will forever maintain that scraping of personal data of any kind should be opt-in, not opt-out. These people get paid a lot of money to get this right.
My take: there’s many more user preferences (and always have been), that have effect on accessibility, usability and privacy. Cookie usage is just one of them, others are language, geolocation, dark/light theming, etc.
Judging from user perspective, level of implementation of these preferences has historically been a holy mess. For example, for one of the oldest preferences, Language, sites would commonly just take them as nice-to-have, if not ignore it completely. Geolocation is a different story, it looks like the way things are set up, site just has to ask your browser for help so it’s harder to ignore it. Dark/light theming—I don’t actually know where we are but is seems it’s slowly getting better.
Technically, I don’t see why data usage consent (cookies or not) could not be just another item in this list—in theory there must be better ways to deal with it than adding HTML dialogs.
I don’t know if there’s some standardization process going on somewhere, but it looks like we need it. These things take massive amount of collaboration, which just won’t happen until the Mozilla’s and Google’s of the world are “forced” to.
So I appreciate government bodies stepping into this in terms of simply mandating that (but not how) service providers must respect user preferences. Telling them how to do it on a technical level is another question and I can’t imagine anyone, let alone average regulatory body do this right on the first attempt.
I appreciate governments stepping in when it’s clearly needed but these people get paid a lot of money to get this stuff right. I see no good reason they couldn’t have implemented Do Not Track as the standard. Invasion of privacy should be opt-in, never opt-out, let alone some tedious task where you have to manually tick every box along the way.
Most browsers have some amount of settings for forcing sites to request permissions like geolocation anyway so there’s little reason to have a borderline EULA to go through before someone can access a website. As for dark/light mode, the implementation on the web of dark modes is so all over the place that I - like many others - just use an extension to force it. It’s not native, it’s not perfect but it’s better than nothing and better than some official attempts.
Who the hell thought we’d want to get harassed on every site we visit?
The sites’ operators.
The GDPR does not mandate cookie banners. The GDPR mandates informed consent to processing of your data beyond what is technically necessary to facilitate the service. If all you’re doing is store session ids, user preferences or whatever, you need no cookie banner whatsoever.
Lemmy also uses cookies. Do you see a banner? Me neither.
Menial banners to “convince”/trick users into accepting severe privacy intrusions (cookies are the least of your concerns here) are an invention of the websites. Most of them aren’t even legal as they often do opt-out (straight up against what is written in the law) or use dark patterns to trick users into giving consent (obviously not actual consent).
It’s taking a while but the law is slowly being enforced now. Expect slightly less terrible cookie banners in the future. Whenever you do see one though, blame the site operators and law enforcement, not the GDPR.
I don’t get why this is even needed. AFAIK the user can set sites that are not allowed to set cookies in the browser settings in chrome and Firefox at least. In theory this should work even better and more reliable than those damn popups.
I was talking about the way the law was made. Why does it require every site to implement a function that the browser already has and does better. They could have made it a requirement for browsers to inform the user about his possibility to block cookies from certain domains on the first launch, just like they made Microsoft to inform about other available browsers after the first startup of Windows XP (I think it was XP…).
But there is something even better coming I heard - there will be the possibility to have a ‘trusted external service’ handle the cookie opt-in-and-out for the users. WHY?! It looks like these laws are made by people without any kind of understanding how any of this even works…
Neither closed or open software is safer than the other in my opinion. If someone wants to find a vulnerability they will find a vulnerability. The only advantage open source maybe has that it’s harder to hide vulnerabilities for years and it’s more obvious if they don’t fix it. But personally I wouldn’t use open source just for safety reasons.
This is the right answer. Basically nothing is secure. That’s the truth. There will always be a hole or a way to circumvent something. That said, a lot of open source software is very high quality and I use it where I can because it’s free and some conglomerate is not push ads or siphoning info from me.
It is no all or nothing question. Some things are obviously more secure than others. Locking your door with a key won’t guarantee that there will be no home invasion but having no lock at all will make it much easier for potential threats. And open source software has advantages in this regard.
The software is as safe as it’s maintainers. The Linux kernel runs the majority of the world’s devices, open source software makes up just about every industry standard piece of software that runs the web. Linux tends to see a lot less major vulnerabilities than Windows, and fixes for those are released much faster because anyone can submit the fix, maybe even the person who found it in the first place.
Wow. I couldn't possibly be any more your opposite in this regard. I try very hard not to run proprietary software. For safety reasons. And when I do run proprietary software, I do my best to sandbox it. I don't let my Nintendo Switch talk to my home network often. I hacked my robotic vacuum cleaner not to phone home. I do my (U.S.) taxes on stupid paper because there aren't pure-FOSS options for filing electronically.
If someone wants to find a vulnerability they will find a vulnerability.
only if there is a vulnerability. Which is possible but not necessary.
The only advantage open source maybe has that it’s harder to hide vulnerabilities for years
Vulnerabilitues should never be hidden but in stead eradicated. The true advantage of oss (regarding security) is that your implementations have to be secure. Security by obscurity is simply not an option
and it’s more obvious if they don’t fix it.
Security also means knowing about issues. When “they don’t fix it” in OSS, you at least (can) know about that, in closed source it is harder to be sure that the code is secure.
I was thinking about this by watching some streamers, some actually do a smart move and remove it the chair for some sessions. They use the PC standing, its not a bad idea, probably different if you sit behind the wheels.
If i think about card games i have to mention “Inscryption” but it is very weird in a good way.
Then there are great positioning games like “Into the Breach” which has a very tight and simple gameplay loop and the Last Spell which is more complex with RPG elements.
Definitely extrinsically. In a lot of those super open games, I get just completely overwhelmed by choice, don’t know where to go or what to do, and give up. I’ve tried twice to play Breath of the Wild and I just can’t. Give me a linear experience any time.
I grew up with freedom of speech (the overall ideal, not the US legal concept) being a non-negotiable, axiomatic thing.
Every bit of social progress the world has seen, came about by loudly and obnoxiously challenging accepted norms, and refusing to sit down and shut up. Civil rights, worker’s rights, women’s rights, gay rights, trans rights and a whole bunch more - all of them only advanced by brave people getting up on their hind legs and speaking up for them, even though it was considered an affront to common decency, even an abomination.
For a bunch of overprivileged idiots to try and pull the ladder up behind them because their comfort is offended… really fucking bothers me.
I promise, I absolutely guaranfuckingtee that every person alive today will one day be on the wrong side of history; there are norms in society that our descendants (should humanity survive long enough for us to have any) will be utterly disgusted with all of us; and we would be just as disgusted by them. The shiny GenZ hope-of-the-world darlings of today will be the contempible boomers of 60 years from now, that’s just how history works. You can’t stop that from happening; the best you can do is increase social flexibility and mobility so they don’t remain totally rooted in the norms of their youth.
The absolute unmitigated gall of people today to imagine that no, unlike all that came before them, they have the right of it, that their accepted norms must be coddled and protected from any that might dare challenge them, that social change can stop right here… fuck no, fuck that, fuck them, fuck the entire concept.
You don’t disable progress, you mustn’t hobble change. And speech that offends us is the only way you get change, pretty much by definition.
Once you silence offensive speech (of whatever form), you’re locking in the status quo, and ironically that’s the most conservative thing you can ever do. Even if you believe that you and your team will never censor genuine activism, once you enable shutting-people-up as an option, you hand an absolutely terrifying weapon to the assholes that take power next time you lose the election.
Now I will grudgingly concede that the landscape has changed, that the coming of the information age has shifted the way everything works, that the mechanisms and underlying rules are changing, and that the principles of absolute freedom of speech that made sense in my youth no longer get you the same results. The internet is a big scary machine, and its ability to create filter bubbles and viral trends and cliques and misinformation and just general ugh… is pretty damn terrifying. Just look at the damn antivaxers, climate change deniers, the rampant and increasing transphobia, the fascist assholes getting their hooks in everywhere - clearly the marketplace of ideas is a mob town now, and we can’t just expect it to run itself.
How do we fix it? I don’t fucking know. Both sides seem to lead some pretty terrible places - is there a middle path somewhere? How do we trust anyone to steer it?
I agree on a lot of points, although it seems I have a more pacifist outlook while you have a more active outlook which if I am honest does more for progress.
I see freedom of speech - in the general sense - as a means to be able to express yourself and your opinions and I feel that if people could express that without outright spreading a feeling of hatred and rage then I feel pretty much anything goes within reason. As even innocuous well meaning ideas can lead to dangerous outcomes.
That doesn’t mean people should expect the status quo, but sometimes I look at chimps and their “gang wars” and think we aren’t that much different sometimes.
We are primed to respond most strongly with hatred and rage… perhaps some deep primitive instinct and that gets taken advantage of.
Humans nature seems to be a violent one and if I look at history it is unfortunately violence that seems to be the most effective means to get through our thick human psyche to advance. Ancient Egypt, Alexander’s Legacy, Rome’s rise and fall, The Crusades, French Revolution, British Empire, American Independence, The World Wars.
We are forever doomed to repeat history it seems until history can no longer repeat
It is like humanity must experience great suffering and that suffering must reach a tipping point before we as a collective species change
What the next big tipping point will be that forces a change, if we last that long, I don’t know as well
My original Raspberry Pi model B I bought on release day, fighting the latency and downtime of the websites selling them. Never did much with it but was my introduction to SBCs.
What I actually use day to day are a Raspberry Pi 3 B+ which is attached to a 3d printer running Octoprint and a Pi 4 running as a small home server to host my NextCloud and IRC bouncer (amongst a couple of other things).
My favourite toy at the moment is actually my StarFive VisionFive 2 RISCV board, its been fun trying it out and getting applications to compile on it which don’t officially support RISC-V.
My favourite toy at the moment is actually my StarFive VisionFive 2 RISCV board, its been fun trying it out and getting applications to compile on it which don’t officially support RISC-V.
You are living the dream. And I need to google that more.
kbin.life
Hot