Can we really trust the software we use?

Message boards : Politics : Can we really trust the software we use?

To post messages, you must log in.

Previous · 1 . . . 14 · 15 · 16 · 17

AuthorMessage
Profile ML1
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 9201
Credit: 5,925,349
RAC: 1,844
United Kingdom
Message 1327895 - Posted: 16 Jan 2013, 11:29:33 UTC - in response to Message 1327489.
Last modified: 16 Jan 2013, 11:41:02 UTC

... If security isn't designed in, ten thousand eyeballs can't test it in, after the fact.

Yes in the aspect of security FOSS is just a susceptible.

Then we agree. I believe Martin, who posts here frequently about how much better FOSS is security wise, disagrees with that.

Which is where the power of the peer review from those ten thousand eyeballs avoids the susceptible or shoddy design problems in the first place.

A bit of an obtuse example is that for the development of WINE. Great pride was taken in the translation layer being so faithful to reimplementing the Windows interfaces that even Windows viruses and malware would operate just as for the Windows world! True to FLOSS thoroughness, careful design was also included to ensure those features could not be exploited by Windows malware to spread any damage outside of that environment. One brief example: I Can Haz Virus (Note the simple two commands to reinstall the Windows environment in just a few seconds!)

[edit]
And before anyone bangs on the Neanderthal old worn record of "Uh! Command line?! Uh!":

Those two commands to quickly reinstall WINE for a Linux system are given because they are easy. The same result can be done from clicking a beautiful graphical software installer. However, explaining two commands is far easier than the effort to describe various graphical clickings!
[/edit]

The big deal with FLOSS is just not the "thousands of eyeballs". A lot is gained from the openness allowing peer review, rapid development, and the personal pride and thoroughness of the authors/contributors. The peer review backs up that thoroughness: You have to work up to the same level as other peers for whatever project.

FLOSS is no guarantee of good software. However, the openness gives far better guarantees than the alternative of proprietary secrecy and exploitative motivations...

FLOSS is almost always intended to be beneficial to the users. That is a huge shift in emphasis from the world of proprietary exploitation of users.


IT is what we make it...
Martin
See new freedom: Mageia5
See & try out for yourself: Linux Voice
The Future is what We all make IT (GPLv3)

ID: 1327895 · Report as offensive
Profile ML1
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 9201
Credit: 5,925,349
RAC: 1,844
United Kingdom
Message 1327954 - Posted: 16 Jan 2013, 15:57:50 UTC
Last modified: 16 Jan 2013, 15:58:06 UTC

Too silly to not include. Have we learnt nothing after decades of Microsoft?

Amusing Windows Phone Error Asks User to Insert Install Disc


I suppose that one is a sort of advance on the old badly worn but still current:

No keyboard detected. Press F1 to continue.

I hate you, computer. You need a keyboard to boot? Why?! And under what circumstance would even be able to push the f****** F1 key if I don’t have a g***** keyboard?! Who in their right g****** mind even took the time to code that?...


Hilarious if it wasn't sadly for real...

IT is what we make it...
Martin


See new freedom: Mageia5
See & try out for yourself: Linux Voice
The Future is what We all make IT (GPLv3)

ID: 1327954 · Report as offensive
Profile Ex
Volunteer tester
Avatar

Send message
Joined: 12 Mar 12
Posts: 2895
Credit: 2,077,480
RAC: 420
United States
Message 1327980 - Posted: 16 Jan 2013, 17:07:07 UTC
Last modified: 16 Jan 2013, 17:13:43 UTC

http://www.tomshardware.co.uk/Windows-Phone-Error-Installation-Disc,news-42098.html


LOL! That's classic! (Surprised there's not an option to "reboot computer in MS-DOS mode")


And Martin, that USB keyboard issue is a BIOS related issue, not a Win specific one. ;-) (The man should have chosen "halt on all- except keyboard")
-Dave #2

3.2.0-33

ID: 1327980 · Report as offensive
WinterKnight
Volunteer tester

Send message
Joined: 18 May 99
Posts: 10167
Credit: 30,524,533
RAC: 3,789
United Kingdom
Message 1327994 - Posted: 16 Jan 2013, 17:30:36 UTC

Here's one way of possibly making the code insecure.

US employee 'outsourced job to China'

ID: 1327994 · Report as offensive
Profile Gary CharpentierCrowdfunding Project Donor
Volunteer tester
Avatar

Send message
Joined: 25 Dec 00
Posts: 18606
Credit: 21,352,654
RAC: 19,529
United States
Message 1328059 - Posted: 16 Jan 2013, 20:37:16 UTC - in response to Message 1327895.

Which is where the power of the peer review from those ten thousand eyeballs avoids the susceptible or shoddy design problems in the first place.

It is only a peer review if the ten thousand eyeballs are trained in security reviews. If they all learned the same bad programming habits to begin with ...

ID: 1328059 · Report as offensive
Sirius B
Volunteer tester
Avatar

Send message
Joined: 26 Dec 00
Posts: 14900
Credit: 2,127,817
RAC: 836
Ireland
Message 1328106 - Posted: 16 Jan 2013, 23:53:03 UTC - in response to Message 1327994.

Here's one way of possibly making the code insecure.

US employee 'outsourced job to China'


Interesting report. Brings it right back to the original thread post & a "rogue engineer".

The question one now has to ask is: -

Just how many more like those 2 in the I.T. industry?

ID: 1328106 · Report as offensive
Previous · 1 . . . 14 · 15 · 16 · 17

Message boards : Politics : Can we really trust the software we use?


 
©2016 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.