Bitches about proprietary software

What has proprietary software to do with security? The word proprietary implies that it is somehow not up to me to decide how I run it on my systems (as in, the software doesn't respect my four freedoms).

>use free software because of the four freedoms
>"you don't love freedom"
wat?

>alpha
>bug literally found by its users
>users points to the exact line of code causing the bug
FOSS literally gives people who know how to code the power to check, fix and improve the software they use. I trust a global army of passionate engineers and hackers more than some pajeets that do some stupid waterfall or agile sprint lead by an incompetent project leader.

retard

Attached: 964.jpg (211x310, 17K)

>bitches about proprietary software
>doesn't just reverse engineer everything with IDA which would probably be easier to do compared to trying to figure out how to compile the convoluted codebase

Why post a picture of a happy dwarf?

I was trying to illustrate the hypocrisy of all the freetards out there that bash closed-source software with all its lack of user control as you say, while at the same time just blindly installing whatever packages they like and just assuming it's safer without actually knowing for themselves.

You mean that's not Karl Marx?

Attached: 1498523176155.jpg (1280x1500, 980K)

I contributed to a few free software projects by sending small patches back.

??
What am I missing? The user pointed out what the error was because he had the source code at hand. Now he's able to send a fix upstream, or redistribute fixed versions if he wants to.

Attached: favorite cover.jpg (597x960, 160K)

User control has nothing to do with safety... You are conflating separate issues. Also, downloading binaries is not the same thing as downloading proprietary software. Those binaries are signed and verified by maintainers, and you can easily use stuff like checksums and certificates to verify the validity of the precompiled binary.

By your logic, it would be silly to even compile from scratch, as you could not be certain that the compiler didn't act sinister and inject malicious code. That would just be bait.

See

they blindly ran it

Yeah so? aren't you doing the same with proprietary shitware?
They saw there was an issue and took a look under the hood to see what's wrong. Atleast it got immediately fixed.
There are plenty of people that involve them self with the code. Atleast the opportunity is present, thus making it safer.

this. What OP and the other slaves ITT are proposing is to use only proprietary software because most people don’t read the source. Well, most people don’t become CEOs, win noble prizes, or work as carpenters. Should we remove the ability to do these things because of that? Why don’t we remove the “innocent until proven guilty” clause since most people don’t get falsely accused/arrested. If you want to be a slave to proprietary software, then that’s your right, but don’t try to bring me with you.

I guess it boils down to who you trust more, people programming for free for the fun of it, or corporations with large departments of well-trained and funded programmers with regulation and oversight, not to mention whistleblowers.

What the fuck did you just fucking say about me, you proprietary slave? I’ll have you know I graduated top of my class at Harvard, and I’ve been involved in numerous free software projects, and I have contributed to over 300 core-utils for GNU. I am skilled in Lisp and I’m St. IGNU-cius, saint of the Church of Emacs. You are nothing to me but just another unethical non-free software advocate. I will distribute the fuck out of your source code with freedom the likes of which has never been seen before on this Earth, mark my fucking words. You think you can get away with saying that shit about me and the GPL on the Internet? Think again, fucker. As we speak I am contacting my colleagues at FSF and your binaries are being reversed engineered right now so you better prepare for the storm, maggot. The storm that wipes out the pathetic little thing you call your copyright. You're fucking dead, kid. Free software can be anywhere, anytime, and it can ensure your freedom in over four ways, and that’s just with the GPLv2. Not only am I extensively skilled at C hacking, but I have access to the source of the entire GNU userland and core-utils and I will use it to its full extent to wipe your miserable proprietary code off the face of the continent, you little shit. If only you could have known what ethical retribution your little “clever” program was about to bring down upon you, maybe you would have ensured your users' freedom. But you couldn’t, you didn’t, and now you’re paying the price, you goddamn idiot. I will shit free as in freedom all over you and you will drown in it. You’re fucking dead, kiddo.

Attached: rms-disgust2.jpg (1024x682, 126K)

what would happen if i put botnet in my open source, barely used program?

Attached: 1505809554408.png (800x800, 305K)

Are you talking about nongnu Firefox?

>There are plenty of people that involve them self with the code. Atleast the opportunity is present, thus making it safer.
It took people to run the script and see it destroy their system that it got discovered. Now imagine the script did something invisible to the user. How long would that take to discover?

Heartbleed was introduced into OpenSSL in 2012 and nobody "involved them self with the code" until after it became a huge problem 2 years later. And it's not like OpenSSL is some kind of hobby project worked on by 10 people.

>Heartbleed was introduced into OpenSSL in 2012 and nobody "involved them self with the code"
That's because it was hidden deep in the cryptography shit and only triggered in some edge case where the protocol string was empty (not allowed by the protocol).

>And it's not like OpenSSL is some kind of hobby project worked on by 10 people.
It actually was maintained by a single developer.

>Now imagine the script did something invisible to the user. How long would that take to discover?
shorter than proprietary programs, why are you diminishing the FOSS community. Are you just angry that we keep shitting on proprietary shitware?

>not using a minimal setup

>That's because it was hidden deep in the cryptography shit and only triggered in some edge case where the protocol string was empty (not allowed by the protocol).
Yeah, how silly of me to expect the maintainer(s) of one of internet's most important libraries to check if the code they're introducing into the main branch works correctly. Especially edge cases which are always a problem.

I know very well the benefits of free software, the point I'm arguing is that people blindly accept and use FOSS code without reviewing it beforehand. Yes, free software will usually get fixed sooner and glaring security flaws are more likely to be discovered, but that doesn't mean free software can't be used for malicious purposes, especially when so many scripts and programs require admin permissions.

>muh heartbleed
And everyone is forgetting that Windows had a privilege escalation + remote code execution bug that was present in NT for several years before it was discovered.

threatpost.com/microsoft-patches-critical-windows-dns-client-vulnerabilities/128344/

bishopfox.com/blog/2017/10/a-bug-has-no-name-multiple-heap-buffer-overflows-in-the-windows-dns-client/

See Bugs happen.

>free software will usually get fixed sooner and glaring security flaws are more likely to be discovered, but that doesn't mean free software can't be used for malicious purposes
True, but this should be obvious for anyone with a slight programming background and a brain. Most users are okay with just an slight increase in security, few are actually capable or in need for total anonymity and maximum security. Security is a mindset, I think most of Jow Forums's internet browsing behavior is absolutely not security focused.

Stop connecting linux and open source with freedom.

Masterful pasta.

Attached: 1468456308665.png (491x585, 56K)

>Free software can be anywhere, anytime, and it can ensure your freedom in over four ways, and that’s just with the GPLv2.

Attached: laugh-milk.gif (285x235, 739K)

>remote code execution as superuser simply by spoofing DNS responses
Holy shit, that's horrifying.

>commit rm -rf /usr /somedirectory into the install script
>nobody checks the commit before running it
>it's literally a basic linux mistake yet nobody notices
>excellent
>people's installations get fucked up
>prank worked
>pretend it was a typo
>bugs happen
freetards will defend this

That's not how open source contributions happen though, you're not given push permissions unless you are a trusted maintainer.

Usually you create a patch and send it manually to one of the maintainers, or you do it the neo-git way and create a pull request.

Luckily such bugs only affect vidya children

github.com/MrMEEE/bumblebee-Old-and-abbandoned/issues/123

>RPMfusion
is managed by people who are also packagers for Fedora. I'm one of this people.

>pull request a convenient piece of code that will allow you to steal encryption keys, passwords and hijack sessions
>it's conveniently hidden in crypto shit 99% of freetards can't understand
>not even the maintainers verify it
>2 years of ez access to sensitive data
>bugs happen

Which is proprietary software btw.

It's not so much that you will audit it yourself, it's knowing that there are autists who will make sure to audit it themselves.

>maintainer isn't able to read/understand your code
>merge request denied
Problem solved.

too bad that's not what happened

I like how you used an example that literally happened with proprietary software and then trying to use that example to demonstrate why free software is bad.

Are you talking about OpenSSL?

That wasn't caused by intentional malicious code. That was a bug that affected a handful of ancient and outdated browsers that didn't support SSL2 and newer.

And it wasn't caused by a pull request either.

>keeping your gun in a safe
>vs
>keeping your gun in a geocache

>major tech companies announcing their hardware is vulnerable
>major web sites announcing that they were vulnerable and urging people to change passwords
>lots of popular software also vulnerable
>biggest security bug of 2014
>I- it only affected ancient browsers!!!

>still harping on heartbleed despite the fact that proprietary software and hardware has had several serious flaws in the wild for several years
But I'm sure your Windows installation is completely safe, right? After all, it's made by PROFESSIONALS, right?

Users of proprietary software have the problem of relying on the ethics of the software company.

With open source, you don't have to rely on a software company's ethics. You have hundreds of people looking at the code, and therefore a much lower chance of unethical code making it to release.

It's like writing a law and making the contents of the law public. Sure, very few are probably going to read the law, but the few who do can spread the word of anything wrong with the law, hopefully effecting change.

>be freetard
>proclaim superiority of FOSS
>scream at the top of your lungs that free software is great because neckbeards all over the world audit the code and there's no way it can be insecure
>fall victim to someone's "accidentally introduced" buggy code that none of the dedicated neckbeard code auditors picked up
>B- BUT PROPRIETARY SOFTWARE HAS THIS PROBLEM TOO

>auditors
Again, OpenSSL was maintained by a SINGLE developer. This should be a huge red flag for everyone, but they still used it because they were lazy and/or retarded.

But sure, buddy. Blame the entire FOSS community because people were too lazy to pick a proper SSL implementation.

>there's no way it can be insecure
Nobody ever said this. Cuckedfags are really grasping for straws.

>be cuckedfag
>proclaim how bad FOSS is
>scream at the top of your lungs how bad the FOSS development style is because of a bug that was found in 2014
>ignore the fact that Windows had a bug that compromised EVERY Windows version between 2011 and 2016 by allowing remote code execution in ring0 / as the system user (above administrator privileges)
>B-BUT HEARTBLEED WAS SO BAD, AM I RIGHT?

> there's no way it can be insecure
said no one ever
I don't know why you're relating security issues with license issues. They are completely different things.

Attached: fag.png (348x278, 106K)

>I don't know why you're relating security issues with license issues
This

People don't use FOSS because it is inherently "more secure", people use it because it's free software and doesn't have silly terms and conditions or EULAs.

So what if there's just one maintainer if the supposed benefit of open source software is that everyone on the planet can verify the source code and see the changes? IIRC the change that caused heartbleed was not even introduced by the maintainer, but was instead contributed by an outsider and then merged into the main branch.

>So what if there's just one maintainer if the supposed benefit of open source software is that everyone on the planet can verify the source code and see the changes
The fact that people CAN do this does not mean that all open source projects are inherently perfect without flaws.

Only an autist would believe such a thing. Are you autistic?

>IIRC the change that caused heartbleed was not even introduced by the maintainer, but was instead contributed by an outsider and then merged into the main branch.
Post proof or begone. Also, see

Oh shit good point we should all switch to un-maintained forks.

Attached: autism-asshole-disease.jpg (600x750, 45K)

but it has autism

The point was to switch AWAY from unmaintained forks, which is why everyone adopted the LibreSSL fork instead, which is actually being maintained by more than one person. The OpenSSL implementation was beyond salvation, which is why Theo de Radt & co basically rewrote everything when they forked it.

>Post proof or begone.
It's literally on wikipedia, some egghead wrote a heartbeat extension which then got introduced into OpenSSL

>People claim open source is a superior development method because fewer bugs
>Bugs still exist
>Therefore open source is not viable

Attached: fallacies.jpg (1365x2048, 391K)

>doesn't post it

>its free!!! I mean it has freedom in the name, right???
hmmmm

i'm not going to spoonfeed a redditor

It's free because it respects the four freedoms, you fucking imbecile.

en.wikipedia.org/wiki/The_Free_Software_Definition#The_definition_and_the_Four_Freedoms

If by rewrote everything you mean removed most of the features so they could then ignore developing it.

Sure.

And I'm not going to trust a random fucktard who thinks that since bugs still occur in open source software, we're better off by just throwing everything FOSS out the window entirely.

>removing deprecated shit that was responsible for the bug in the first place = removing features
unironically kill yourself, Jordan.

Something about BSD must attract schizos.

Attached: torvaldsbsd.png (620x413, 272K)

>OpenSSL is inherently unsafe, you shouldn't use it
>n-n-no, stop using alternatives like LibreSSL, it's bad for you

Your dishonesty is transparent as fuck.

Attached: foss.jpg (599x769, 56K)

>won't trust a random guy who told him to go educate himself
>will trust random neckbeard freetards with his entire OS without question

Lets see, trusting a underage faggot on 4chins sending me on a wild goose hunt or trusting a seasoned maintainer with actual merits and people vouching for him..... Geee, what a difficult choice.

You know they fixed OpenSSL right?

Like before they made LibreSSL lol.

Attached: tard.jpg (1024x512, 71K)

>heartbeat article on wikipedia
>scroll down to the history section
>entire paragraph devoted to how the bug was introduced with a million citations
>wild goose hunt
how does it feel having IQ below room temperature

>these are the freedoms because i told you so :)
hmmmmm

>don't use OpenSSL, you can't trust it after heartbleed
>actually you should use OpenSSL, because it's fixed now

Attached: bait-hand.jpg (625x626, 33K)

>claims it isn't a wild goose hunt
>but refuses to link it because "damn those redditors" amirite :^)
Quality post user.

So, stop using any software that has ever had a security related bug fixed.

Gotcha.

Pic is you btw.

Attached: sheep.jpg (650x488, 145K)

>this is the definition of FOSS
>no, let me tell you the real definition of FOSS

Attached: weev-alt-right-jew.jpg (414x420, 64K)

>So, stop using any software that has ever had a security related bug fixed.
What kind of fucking autistic neckbeard would do apply that logic?

>!BE/4wes0mE
Oh, nevermind.

>lemme write inane replies while waiting to be spoonfed instead of taking those 30 seconds off my time to find the wikipedia article myself

Attached: 1522396232895.jpg (650x649, 47K)

Who said anything about switching to unmaintained forks?

>he still thinks I'm going to be bothered to be commanded around by a literal retard who thinks open source is flawed because sometimes bugs occur and that FOSS is somehow related to security
You need to up your bait game, I aint fallin for it :^)

>What kind of fucking autistic neckbeard would do apply that logic?
The same that uses FDE, i3, Gentoo, anime stickers, even when he never walks out with his laptop, i.e. your average Jow Forums, freeboo shitposter

You forgot "tripfagging on Jow Forums" in that list.

>pull request

nigga you mean fork?