← Back to context

Comment by embedding-shape

1 day ago

Aha, wasn't that argument more about that closed source software is more likely to hide stuff you don't agree with, than FOSS? Not necessarily that FOSS won't have any viruses or malware, but it's at least less likely. That was my take away, but long time ago I read the book admittedly, I might misremember or transformed it automagically over time.

6 comments

embedding-shape

Reply
CapsAdmin  1 day ago

This is my takeaway as well. Having the source code open makes it auditable, if not by you, maybe the community.

The free software license specifically gives the software an extra advantage in that changes to the software must be shared openly, if distributed as as binaries.

  • jankdc  1 day ago

    > source code open makes it auditable, if not by you, maybe the community

    I think part of why this social engineering works so well is it takes advantage of that "many eyes" trust, where people are prone to delegating the responsibility of checking to the community and not do due diligence on themselves. I know I'm susceptible to it if I see a Github repo with more than 10k stars on it.

    • embedding-shape  1 day ago

      I don't know, I feel like the "numbers" like upvotes, stars, favorites or whatever stops working for me the second I see it being obviously gamed, and when there is a ton of services for buying "higher $number". GitHub stars probably stopped mattering around 2016-17 sometime, I think that's the first time I came across one of those "increase $number" services.

      By now (imo), the entire web is gamed and no number can be trusted, I operate completely on a qualitative basis rather than quantitative, basically the only way I can get something out of the web. Ignore all and any numbers as any indication of anything.

  • emodendroket  18 hours ago

    I know. But the problem is that in reality the only way to get people to audit software reliably is to pay them to do it, so it's not really true as a general principle that open-source software is more thoroughly vetted.

    • CapsAdmin  16 hours ago

      I'd say it's objectively true to say that open source software is easier to audit compared to closed source software, which you can extrapolate to mean that it's less prone to malicious code injection.

      It's not perfect, but surely it's easier to audit for malicious code than closed source.

      Also, there is no shortage of volunteers looking out for code changes in established open source software. I think it's fair to exclude software that is very new and/or that has no users, which may be closer to equal footing with proprietary software.

      Even for established proprietary software, you get volunteers watching out for changes in releases. Though, far less than open source, and more reserved for people who know reverse engineering.

      1 reply →