Can we really trust the software we use?


log in

Advanced search

Message boards : Politics : Can we really trust the software we use?

Previous · 1 . . . 14 · 15 · 16 · 17
Author Message
Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8448
Credit: 4,150,200
RAC: 1,735
United Kingdom
Message 1327895 - Posted: 16 Jan 2013, 11:29:33 UTC - in response to Message 1327489.
Last modified: 16 Jan 2013, 11:41:02 UTC

... If security isn't designed in, ten thousand eyeballs can't test it in, after the fact.

Yes in the aspect of security FOSS is just a susceptible.

Then we agree. I believe Martin, who posts here frequently about how much better FOSS is security wise, disagrees with that.

Which is where the power of the peer review from those ten thousand eyeballs avoids the susceptible or shoddy design problems in the first place.

A bit of an obtuse example is that for the development of WINE. Great pride was taken in the translation layer being so faithful to reimplementing the Windows interfaces that even Windows viruses and malware would operate just as for the Windows world! True to FLOSS thoroughness, careful design was also included to ensure those features could not be exploited by Windows malware to spread any damage outside of that environment. One brief example: I Can Haz Virus (Note the simple two commands to reinstall the Windows environment in just a few seconds!)

[edit]
And before anyone bangs on the Neanderthal old worn record of "Uh! Command line?! Uh!":

Those two commands to quickly reinstall WINE for a Linux system are given because they are easy. The same result can be done from clicking a beautiful graphical software installer. However, explaining two commands is far easier than the effort to describe various graphical clickings!
[/edit]

The big deal with FLOSS is just not the "thousands of eyeballs". A lot is gained from the openness allowing peer review, rapid development, and the personal pride and thoroughness of the authors/contributors. The peer review backs up that thoroughness: You have to work up to the same level as other peers for whatever project.

FLOSS is no guarantee of good software. However, the openness gives far better guarantees than the alternative of proprietary secrecy and exploitative motivations...

FLOSS is almost always intended to be beneficial to the users. That is a huge shift in emphasis from the world of proprietary exploitation of users.


IT is what we make it...
Martin
____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile ML1
Volunteer tester
Send message
Joined: 25 Nov 01
Posts: 8448
Credit: 4,150,200
RAC: 1,735
United Kingdom
Message 1327954 - Posted: 16 Jan 2013, 15:57:50 UTC
Last modified: 16 Jan 2013, 15:58:06 UTC

Too silly to not include. Have we learnt nothing after decades of Microsoft?

Amusing Windows Phone Error Asks User to Insert Install Disc


I suppose that one is a sort of advance on the old badly worn but still current:

No keyboard detected. Press F1 to continue.

I hate you, computer. You need a keyboard to boot? Why?! And under what circumstance would even be able to push the f****** F1 key if I don’t have a g***** keyboard?! Who in their right g****** mind even took the time to code that?...


Hilarious if it wasn't sadly for real...

IT is what we make it...
Martin
____________
See new freedom: Mageia4
Linux Voice See & try out your OS Freedom!
The Future is what We make IT (GPLv3)

Profile Ex
Volunteer moderator
Volunteer tester
Avatar
Send message
Joined: 12 Mar 12
Posts: 2895
Credit: 1,766,663
RAC: 1,174
United States
Message 1327980 - Posted: 16 Jan 2013, 17:07:07 UTC
Last modified: 16 Jan 2013, 17:13:43 UTC

http://www.tomshardware.co.uk/Windows-Phone-Error-Installation-Disc,news-42098.html


LOL! That's classic! (Surprised there's not an option to "reboot computer in MS-DOS mode")


And Martin, that USB keyboard issue is a BIOS related issue, not a Win specific one. ;-) (The man should have chosen "halt on all- except keyboard")
____________
-Dave #2

3.2.0-33

WinterKnight
Volunteer tester
Send message
Joined: 18 May 99
Posts: 8644
Credit: 24,374,638
RAC: 25,779
United Kingdom
Message 1327994 - Posted: 16 Jan 2013, 17:30:36 UTC

Here's one way of possibly making the code insecure.

US employee 'outsourced job to China'

Profile Gary CharpentierProject donor
Volunteer tester
Avatar
Send message
Joined: 25 Dec 00
Posts: 12569
Credit: 6,878,924
RAC: 6,708
United States
Message 1328059 - Posted: 16 Jan 2013, 20:37:16 UTC - in response to Message 1327895.

Which is where the power of the peer review from those ten thousand eyeballs avoids the susceptible or shoddy design problems in the first place.

It is only a peer review if the ten thousand eyeballs are trained in security reviews. If they all learned the same bad programming habits to begin with ...

____________

Sirius B
Volunteer tester
Avatar
Send message
Joined: 26 Dec 00
Posts: 11261
Credit: 1,680,556
RAC: 3,529
Israel
Message 1328106 - Posted: 16 Jan 2013, 23:53:03 UTC - in response to Message 1327994.

Here's one way of possibly making the code insecure.

US employee 'outsourced job to China'


Interesting report. Brings it right back to the original thread post & a "rogue engineer".

The question one now has to ask is: -

Just how many more like those 2 in the I.T. industry?
____________

Previous · 1 . . . 14 · 15 · 16 · 17

Message boards : Politics : Can we really trust the software we use?

Copyright © 2014 University of California