Why do you trust open source software and open source operating systems if you've never audited or reviewed the source...

Why do you trust open source software and open source operating systems if you've never audited or reviewed the source code yourself?
You'd rather trust possible opportunistic script kiddies making your software over large companies that get large banner headlines and heavy criticism
if violations of privacy rights are discovered?

Attached: OS.jpg (1200x400, 180K)

What if a company is behind the open source software?

I trust a diverse group of people with competing interests more than a unified monolithic entity that may have perverse incentives that don't align with me.

You may not audit open source.
You can NEVER audit closed source.

>Why do you trust open source software and open source operating systems if you've never audited or reviewed the source code yourself?
but i have

>large companies that get large banner headlines and heavy criticism if violations of privacy rights are discovered?
you mean the companies that are so big they either own the media and search platforms outright and can just remove any negative press that they don't want you seeing?

I did, and some things you can see there are horrifying.

I don't, I trust very few developers and developer groups
core OpenBSD devs in particular
>never audited or reviewed the source code yourself
I did but there is just too much of it, even properly auditing Xorg would take me months, in this sense Plan 9 is trustworthy usable system
there are also some security researchers much more experienced and skillful than me whos work I appreciate

I dont, im not a fucking retarded faggot

trusting open source software is foolish, there can and will be bugs that can be exploited, intentional or not. the difference is that with closed source software you can just put a backdoor in and none will be wiser, with open source you'll have to make some effort to hide it and even then it's just a matter of time before it's discovered.

remember how Debian and Debian based distributions were generating weak SSL keys because of a "mistake"? I suspect it wasn't a "mistake". If it was or wasn't intentional is irrelevant, it happened. And it was exposed and fixed.

>You'd rather trust possible opportunistic script kiddies
>script kiddies
I like how nobody on Jow Forums knows what this term means anymore and just throws it around as an insult

>but i have
have you reviewed all of the multi-million line linux source code?

people can discover back doors in closed source software too, and backdoors need to be hidden for closed source as well.

both open source and closed source are susceptible to backdoors.

besides the examples you cite, also remember heartbleed, which was right out in the open for how long?

Seriously, if a hacker/attacker can obfuscate a backdoor/rootkit in software, they are by very definition not a script kiddy.

OP is a fucking FAGGOT who has no idea what he's talking about. Opinions discarded.

op is a faggot, but open soruce software is not trustworthy

Attached: Screenshot from 2018-12-10 22-44-24.png (437x102, 12K)

>le OP FAG meme
>but open soruce software is not trustworthy
How so? Remember this:
>You may not audit open source.
>You can NEVER audit closed source.

okay? did i say open source was less auditable than closed source? open source IS more auditable than closed source. that doesn't make it trustworthy.

the whole reason why auditability is a desirable property is so you DONT HAVE TO TRUST.

This

Compared to companies who are ran solely for money, it's much easier to trust a person or group of people with a common interest who came together to create something in a transparent way to share. You do have companies who create open source programs, and they do profit from supporting said programs. It isn't particularly fair to say that the creators of software whose source has not been released to the public have 'things to hide' or are generally malicious, but why take that chance in this day and age where companies prove themselves to be greedy, malicious and anti-competitive? The headlines part may be true, but I did not see any 'heavy' criticism when privacy violations were discovered.

Normal people (sort-of) trust companies to do the right thing because they've made millions of dollars doing something (so we know it's good, because people are willing to pay for it) - and that would get destroyed rapidly if they tried to screw me (or the rest of their user base) over, possibly ending in jail time for the management depending on how egregious. In the end, that trust is lost, and the company goes under.

But freetards (and to a far lesser - but still detectable - extent, Macfags) aren't normal people - they're a type of sheep. They run more like cults than businesses. Because Great Leader (be it some crazy hippy with a hyperinflated ego, or some toe-fungus eating guy who somehow ignorant of the invention of the razor) says something is great, it's great. Great Leader can say latest iToy is a breakthrough, and it's a breakthrough. Great Leader can say all this code is wonderful because ManyEyes(TM) - and it's wonderful. Great Leader could say anal rape is awesome - and it's awesome. No correspondence can be entered into, and they bleat and kick if Great Leader is ever contradicted. No actual evidence is allowed to indicate whether something is good or not (is it successful in the market? Are people who use it happy with it? How about objective measurements of quality, performance, etc?) - because they are incapable of that level of analysis. They just trust someone else to do it for them.

Because they are fucking stupid.

yes
have you reviewed all of the multi-million lines of the windows 10 source code? and if so, can you send it to me so i can audit it too?

linuxbaby btfo

wintoddler status
[ ] Not Told
[ ] Told
[ ] Really Told
[X] TOLDASAURUS REX
[X] Cash4told.com
[X] No country for told men
[X] Knights of the told Republic
[X] ToldSpice
[x] The Elder Tolds IV: Oblivious
[x] Command & Conquer: Toldberian Sun
[x] GuiTold Hero: World Told
[X] Told King of Boletaria
[x] Countold Strike
[x] Unreal Toldament
[x] Stone-told Steve Austin
[X] Half Life 2: Episode Told
[X] Roller Coaster Toldcoon
[x] Assassin's Creed: Tolderhood
[x] Battletolds
[x] S.T.A.L.K.E.R.: Shatold of Chernobyl
[X] Toldasauraus Rex 2: Electric Toldaloo
[x] Told of Duty 4: Modern Toldfare
[X] Pokemon Told and Silver
[x] The Legend of Eldorado : The Lost City of Told
[X] Rampage: Toldal Destruction
[x] Told Fortress Classic
[x] Toldman: Arkham Told
[X] The Good, The Bad, and The Told
[x] Super Mario SunTold
[x] Legend of Zelda: Toldacarnia of Time
[X] Toldstone creamery
[x] Mario Golf: Toldstool Tour
[X] Super Told Boy

If you're not compiling from source you can only speculate that what your installing contains only code under a open source license. Frankly I don't think it matters, binary blobs in your kernel.


This.