Can we really trust the software we use?

Message boards : Politics : Can we really trust the software we use?

Previous · 1 . . . 14 · 15 · 16 · 17

Author	Message
ML1 Volunteer tester Send message Joined: 25 Nov 01 Posts: 7210 Credit: 3,702,505 RAC: 725	Message 1327895 - Posted: 16 Jan 2013, 11:29:33 UTC - in response to Message 1327489. Last modified: 16 Jan 2013, 11:41:02 UTC
	... If security isn't designed in, ten thousand eyeballs can't test it in, after the fact. Yes in the aspect of security FOSS is just a susceptible. Then we agree. I believe Martin, who posts here frequently about how much better FOSS is security wise, disagrees with that. Which is where the power of the peer review from those ten thousand eyeballs avoids the susceptible or shoddy design problems in the first place. A bit of an obtuse example is that for the development of WINE. Great pride was taken in the translation layer being so faithful to reimplementing the Windows interfaces that even Windows viruses and malware would operate just as for the Windows world! True to FLOSS thoroughness, careful design was also included to ensure those features could not be exploited by Windows malware to spread any damage outside of that environment. One brief example: I Can Haz Virus (Note the simple two commands to reinstall the Windows environment in just a few seconds!) [edit] And before anyone bangs on the Neanderthal old worn record of "Uh! Command line?! Uh!": Those two commands to quickly reinstall WINE for a Linux system are given because they are easy. The same result can be done from clicking a beautiful graphical software installer. However, explaining two commands is far easier than the effort to describe various graphical clickings! [/edit] The big deal with FLOSS is just not the "thousands of eyeballs". A lot is gained from the openness allowing peer review, rapid development, and the personal pride and thoroughness of the authors/contributors. The peer review backs up that thoroughness: You have to work up to the same level as other peers for whatever project. FLOSS is no guarantee of good software. However, the openness gives far better guarantees than the alternative of proprietary secrecy and exploitative motivations... FLOSS is almost always intended to be beneficial to the users. That is a huge shift in emphasis from the world of proprietary exploitation of users. IT is what we make it... Martin ____________ Mandriva Linux A user friendly OS! See new freedom Mageia2 The Future is what We make IT (GPLv3)
	ID: 1327895 ·

ML1 Volunteer tester Send message Joined: 25 Nov 01 Posts: 7210 Credit: 3,702,505 RAC: 725	Message 1327954 - Posted: 16 Jan 2013, 15:57:50 UTC Last modified: 16 Jan 2013, 15:58:06 UTC
	Too silly to not include. Have we learnt nothing after decades of Microsoft? Amusing Windows Phone Error Asks User to Insert Install Disc I suppose that one is a sort of advance on the old badly worn but still current: No keyboard detected. Press F1 to continue. I hate you, computer. You need a keyboard to boot? Why?! And under what circumstance would even be able to push the f**** F1 key if I don’t have a g* keyboard?! Who in their right g**** mind even took the time to code that?... Hilarious if it wasn't sadly for real... IT is what we make it... Martin ____________ Mandriva Linux A user friendly OS! See new freedom Mageia2 The Future is what We make IT (GPLv3)
	ID: 1327954 ·

Ex Volunteer moderator Volunteer tester Send message Joined: 12 Mar 12 Posts: 2883 Credit: 1,182,910 RAC: 927	Message 1327980 - Posted: 16 Jan 2013, 17:07:07 UTC Last modified: 16 Jan 2013, 17:13:43 UTC
	http://www.tomshardware.co.uk/Windows-Phone-Error-Installation-Disc,news-42098.html LOL! That's classic! (Surprised there's not an option to "reboot computer in MS-DOS mode") And Martin, that USB keyboard issue is a BIOS related issue, not a Win specific one. ;-) (The man should have chosen "halt on all- except keyboard") ____________ -Dave #2 3.2.0-33
	ID: 1327980 ·

WinterKnight Volunteer tester Send message Joined: 18 May 99 Posts: 6985 Credit: 17,527,971 RAC: 15,441	Message 1327994 - Posted: 16 Jan 2013, 17:30:36 UTC
	Here's one way of possibly making the code insecure. US employee 'outsourced job to China'
	ID: 1327994 ·

Gary Charpentier Volunteer tester Send message Joined: 25 Dec 00 Posts: 10551 Credit: 5,255,020 RAC: 6,387	Message 1328059 - Posted: 16 Jan 2013, 20:37:16 UTC - in response to Message 1327895.
	Which is where the power of the peer review from those ten thousand eyeballs avoids the susceptible or shoddy design problems in the first place. It is only a peer review if the ten thousand eyeballs are trained in security reviews. If they all learned the same bad programming habits to begin with ... ____________
	ID: 1328059 ·

Sirius B Volunteer tester Send message Joined: 26 Dec 00 Posts: 6943 Credit: 1,291,900 RAC: 390	Message 1328106 - Posted: 16 Jan 2013, 23:53:03 UTC - in response to Message 1327994.
	Here's one way of possibly making the code insecure. US employee 'outsourced job to China' Interesting report. Brings it right back to the original thread post & a "rogue engineer". The question one now has to ask is: - Just how many more like those 2 in the I.T. industry? ____________
	ID: 1328106 ·

Previous · 1 . . . 14 · 15 · 16 · 17

Message boards : Politics : Can we really trust the software we use?