this post was submitted on 10 Oct 2023
1125 points (97.0% liked)
Technology
59669 readers
3109 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Everyone can audit the code you clown, that is the point. When it is hidden you cannot do this. If you are trying to be clever and demean my intelligence, let me put it another way, Everyone who can use google can audit the code. Writing code is not something restrictive, there are many, many guides out there along with syntax breakdowns.
Do you even know what the internet is?
This is why I shouldn’t use Lemmy while I’m drunk. I don’t have any idea why I would have said something like that..
Not a problem, I am not fragile in the least. I hope your hangover is a short one.
You ever write code while drunk and come back wondering why it works at all?
My code works better when I'm drunk!
If only my father worked better when he was drunk
I haven't done any real coding since the 90's. Excel meant having the ability to write your own software from scratch redundant.
Idk what the person you’re arguing with is trying to say, but as a prolific user of open source software, there are thousands of serious vulnerabilities discovered every time some auditing company passes its eye over github.
Malicious commits are a whole nother thing and with the new spaghetti code nightmare that is python nowadays it’s extremely hard to figure out which commits are malicious.
Open source software is not more secure by default and the possibility of audit by anyone does not mean that it’s actually getting done. The idea that anyone who can write software can audit software is also absurd. Security auditing is a specialized subset of programming that requires significant training, skill and experience.
My point was that everyone can do it, but not everyone will commit the time and energy to do it. This fact alone is why people prefer an open source product over the hidden schemes behind the likes of Google and Samsung. And you right you will never stop malicious elements trying to take advantage of the flaws that are inevitable in the complexity of software today.
What I’m trying to push back on is your assertion that everyone can do it.
Security auditing is an extremely complex and specialized field within the already complex and specialized field of software development. Everyone cannot do it.
Even if it were as straightforward as you imply, just the prevalence of major security flaws in thousands of open source packages implies that everyone doesnt do it.
If I were to leave piles of aggregate and cement, barrels of water, hand tools and materials for forms, a grader and a compactor out and tell the neighborhood “now you can all pave your driveways” I’d be looked at like a crazy person because presented with the materials, tools and equipment to perform a job most people still lack the training and experience to perform it.