Message boards :
Politics :
Can we really trust the software we use?
Message board moderation
Previous · 1 . . . 11 · 12 · 13 · 14
Author | Message |
---|---|
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
Quick & dirty/As long as it works seems to be the current mode of software coding - more profit! Programmers are naturally 'lazy' about coding. However, 'proprietary' adds severe pressures of rush and compromise to get anything that might be vaguely passable 'out the door' to be 'forgotten' or fixed 'later'... A big advantage of FLOSS is that usually you don't suffer the same bad pressures of rush and compromise. You also have people coding for the love of doing a good job. Importantly, you also have the code open to peer review to catch the clangers... (In stark contrast, I'm suffering some contractors at the moment that seem to be desperate to sweep everything under the carpet and hope I don't notice rather than openly talk and discuss. The unhelpful prevarications make for silly painfully long meetings, which also mean added expense all round for everyone. Silly. :-( ) Is that why FLOSS appears to be inexorably stealing the show? ;-) IT is what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
Know what you mean, got a business client that's "chewing the cud" over a quote I've given him. He had a "so called" networking expert wire his building. Now the network is playing up & 11 rj45 sockets not registering. Patch panel not labelled, link cables from panel to switch all over the place (48 port switch - 27 ports in use) & the same with the second cabinet on the 1st floor. 4 desktops & 1 laptop using counterfeit software. Quick & dirty seems to be paying off in today's societies! |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30651 Credit: 53,134,872 RAC: 32 |
Google detects website ID exploit Love it. How do I prove I'm me if I'm standing in front of you? I give you a certificate from an authority saying I'm so and so. But how do you know if it is true? You don't. It doesn't matter that it is a passport issued by a government. I could have tricked the certificate authority, government, into issuing a fake certificate. Sounds like we are describing a universal problem with certificates issued by authorities. |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
Google detects website ID exploit For an excellent example of that, head over to the "Duplicity at Work" thread! |
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
Can a user really trust this one?... Nokia: Yes, we decrypt HTTPS - but we don't spy Nokia has admitted that the Nokia Xpress browser redirects even encrypted HTTPS traffic through Nokia servers – and that the data is temporarily decrypted in the process. ... ... However, Pandya writes that the phenomenon is not restricted to the pre-installed Nokia browser, and that it also affects apps such as the built-in Twitter and email applications which also use the browser. ... IT is what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30651 Credit: 53,134,872 RAC: 32 |
http://www.foxnews.com/tech/2013/01/12/us-government-advises-computer-users-to-disable-java-software/?test=latestnews?test=latestnews
FOSS, it is what we make it ... http://en.wikipedia.org/wiki/Java_%28programming_language%29 As of May 2007, in compliance with the specifications of the Java Community Process, Sun relicensed most of its Java technologies under the GNU General Public License. |
Ex: "Socialist" Send message Joined: 12 Mar 12 Posts: 3433 Credit: 2,616,158 RAC: 2 |
http://www.foxnews.com/tech/2013/01/12/us-government-advises-computer-users-to-disable-java-software/?test=latestnews?test=latestnews I hope that's not a dig on FOSS... Just because that garbage platform is licensed under the GPL, does not mean anything. Besides, not even Bill Gates could get someone to pay for that platform. ;-0 #resist |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30651 Credit: 53,134,872 RAC: 32 |
I hope that's not a dig on FOSS... It is a dig on the hubris that FOSS is any different than closed source. It is still the product of man. If security isn't designed in, ten thousand eyeballs can't test it in, after the fact. |
Ex: "Socialist" Send message Joined: 12 Mar 12 Posts: 3433 Credit: 2,616,158 RAC: 2 |
I hope that's not a dig on FOSS... Yes in the aspect of security FOSS is just a susceptible. However some OSs are less susceptible to security issues than others. This seems to be based on the popularity of the OS coupled with quality of programming of the OS... Nothing is immune. I like Android but I am aware that it's popularity will lead to every little issue that can be found being exploited. People will have to be responsible with their phones as they are with their PCs, and we all know how that's gonna go... At least in the Open community, we [as individuals] have the option to do whatever we want to our OS and software, including making low level config changes and changing any code. [given the know-how to do so] And back to the original subject, Java... I only have it because I need it for one specific piece of software. But I always hated Java as a platform, programmers that like it have obviously not spent a decade and a half noticing that the buggiest software they use is built on Java... #resist |
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30651 Credit: 53,134,872 RAC: 32 |
I hope that's not a dig on FOSS... Then we agree. I believe Martin, who posts here frequently about how much better FOSS is security wise, disagrees with that. However some OSs are less susceptible to security issues than others. This seems to be based on the popularity of the OS coupled with quality of programming of the OS... Nothing is immune. I like Android but I am aware that it's popularity will lead to every little issue that can be found being exploited. People will have to be responsible with their phones as they are with their PCs, and we all know how that's gonna go... Popularity is the only factor if you are an opportunistic criminal. However stuxnet shows that targeted attacks are based on the target. At least in the Open community, we [as individuals] have the option to do whatever we want to our OS and software, including making low level config changes and changing any code. [given the know-how to do so] Ah, that problem. The must use it problem, because others dictate it to me. But I always hated Java as a platform, programmers that like it have obviously not spent a decade and a half noticing that the buggiest software they use is built on Java... Bugs are overtime. |
Ex: "Socialist" Send message Joined: 12 Mar 12 Posts: 3433 Credit: 2,616,158 RAC: 2 |
And actually I'd like to correct myself on one thing. Android. It is THE most used OS on the planet, yet we do not hear too much about security flaws, do we? When we do hear something about security it so far has been related solely to apps, I can only think of one OS specific bug found on some Samsung phones where a hotlink could be used to wipe the phones settings. Beats the heck outta some others in the security department, I'd say. +1 FOSS #resist |
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
... If security isn't designed in, ten thousand eyeballs can't test it in, after the fact. Which is where the power of the peer review from those ten thousand eyeballs avoids the susceptible or shoddy design problems in the first place. A bit of an obtuse example is that for the development of WINE. Great pride was taken in the translation layer being so faithful to reimplementing the Windows interfaces that even Windows viruses and malware would operate just as for the Windows world! True to FLOSS thoroughness, careful design was also included to ensure those features could not be exploited by Windows malware to spread any damage outside of that environment. One brief example: I Can Haz Virus (Note the simple two commands to reinstall the Windows environment in just a few seconds!) [edit] And before anyone bangs on the Neanderthal old worn record of "Uh! Command line?! Uh!": Those two commands to quickly reinstall WINE for a Linux system are given because they are easy. The same result can be done from clicking a beautiful graphical software installer. However, explaining two commands is far easier than the effort to describe various graphical clickings! [/edit] The big deal with FLOSS is just not the "thousands of eyeballs". A lot is gained from the openness allowing peer review, rapid development, and the personal pride and thoroughness of the authors/contributors. The peer review backs up that thoroughness: You have to work up to the same level as other peers for whatever project. FLOSS is no guarantee of good software. However, the openness gives far better guarantees than the alternative of proprietary secrecy and exploitative motivations... FLOSS is almost always intended to be beneficial to the users. That is a huge shift in emphasis from the world of proprietary exploitation of users. IT is what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
ML1 Send message Joined: 25 Nov 01 Posts: 20291 Credit: 7,508,002 RAC: 20 |
Too silly to not include. Have we learnt nothing after decades of Microsoft? Amusing Windows Phone Error Asks User to Insert Install Disc I suppose that one is a sort of advance on the old badly worn but still current: No keyboard detected. Press F1 to continue. I hate you, computer. You need a keyboard to boot? Why?! And under what circumstance would even be able to push the f****** F1 key if I don’t have a g***** keyboard?! Who in their right g****** mind even took the time to code that?... Hilarious if it wasn't sadly for real... IT is what we make it... Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
Ex: "Socialist" Send message Joined: 12 Mar 12 Posts: 3433 Credit: 2,616,158 RAC: 2 |
http://www.tomshardware.co.uk/Windows-Phone-Error-Installation-Disc,news-42098.html LOL! That's classic! (Surprised there's not an option to "reboot computer in MS-DOS mode") And Martin, that USB keyboard issue is a BIOS related issue, not a Win specific one. ;-) (The man should have chosen "halt on all- except keyboard") #resist |
W-K 666 Send message Joined: 18 May 99 Posts: 19064 Credit: 40,757,560 RAC: 67 |
|
Gary Charpentier Send message Joined: 25 Dec 00 Posts: 30651 Credit: 53,134,872 RAC: 32 |
Which is where the power of the peer review from those ten thousand eyeballs avoids the susceptible or shoddy design problems in the first place. It is only a peer review if the ten thousand eyeballs are trained in security reviews. If they all learned the same bad programming habits to begin with ... |
Sirius B Send message Joined: 26 Dec 00 Posts: 24879 Credit: 3,081,182 RAC: 7 |
Here's one way of possibly making the code insecure. Interesting report. Brings it right back to the original thread post & a "rogue engineer". The question one now has to ask is: - Just how many more like those 2 in the I.T. industry? |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.