Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@irene Of course open sourceness can't fix that. But at least everyone is able to audit it (it's been widely audited) so it's very hard to implement backdoors.
The dangers of closed source firmwares (imo) are:
1. You can't check it for programming flaws/vulnerabilities
2. You can't check it for intentional backdoors.
Although I don't have the skill set to audit the software myself yet, at least other people can audit it and, if they're in there, discover backdoors.
Better rely on open software which can be audited and verified than closed software where the devs can slip in anything silently without other people (or, very difficultly) being able to discover them. -
Selinux977y@irene well atleast you get to look under the hood, and understand how it works, instead of having proprietary software, which might use you more than it helps you.
Atleast if you have the Stallman mindset that's usually how it is. Program for the user to use, or Program that uses the user. -
Selinux977y@irene that's a fair point, but if anything open source is equally just a principle, I use a lot of open source software, and some I look into and modify for my own needs, most I don't. You might not be safe, but you have no idea at all if you are safe if you use proprietary software, atleast with open source other devs and enthusiastis have the chance to spot errors and loop holes.
-
I'm pretty sure DD-WRT isn't fully FOSS. The web ui definitely isn't.
You might want to take a look at OpenWRT. It's like Arch Linux - annoying to set up, but you learn a lot. -
@irene It's simple to judge how likely open source software is secure/well 'audited'.
It does not depend on the number of users but on the number of independent contributors (and a bit on the complexity of the software). If you have many contributors, the code is looked at automatically by different people which a) have the skills to judge it and b) don't share the goals and interests of the maintainer/founder.
Of course, there can still be bugs that are not found, but malicious code is hard to hide that way. -
@irene Also, you say I'm paranoid, if we take the definition of paranoia, please explain to me how I fit in that 'category' :)
-
balte23207ytheory about open source:
I'd rather trust someone who allows me to check his work and I don't do it, than someone who doesn't allow me to check but I would find (theoretically) a way to do it and actually check it.
this, of course, says nothing about the quality of the work in itself. just a gut feeling. -
@irene There's no guarantee in this world (which we talked about numerous times by now, I believe (; ) and it is futile to demand it. Nothing is certain but death.
But there's probability and feasibility and it is a lot more feasible to hide malicious code in proprietary code.
And on a general note: If software is used for important purposes, you can at least judge if the devs know what they're doing if it is open source software.
A very good example are the ridiculous security flaws in the software used to exchange and collect election results in Germany (flaws which make the software appear as a total amateur project). -
-
dd-wrt is awesome. I flashed a router once so I could use it as an extender. I was blown away by how much more functionality it added to the $20 router.
-
pfish2697yIf you know what you're doing I can recommend pfSense, but I don't use it because of the Open Source aspect but more because it is pretty powerful in comparison to the price.
-
1. Yes, 99% of people won't properly understand the subject matter or don't really care.
2. For software that is used by millions (Linux distributions, Firefox, even VSCode) 1% still means that thousands are checking the code. I check Firefox code multiple times per week for example, reviewing, triaging & fixing bugs.
3. "But Microsoft also has thousands of engineers who check each other's work" -- Yes, and that makes it slightly safer from individual malicious behavior compared to small closed source software (let's say, ccleaner or utorrent, both malicious).
4. However, even big companies can effectively hide morally questionable decisions through indoctrination and NDAs (I was fired from Microsoft for blowing a certain sensitive whistle). These transgressions are often a bit more ambiguous though.
5. Open source has very diverse contributors and auditors. Leftwing hippies, hardcore libertarians, etc. This means that code is viewed through many different filters. -
6. Just because the code can be viewed publicly, often means that code is of better quality. An open kitchen in a restaurant will always be kept cleaner than a closed one.
7. Open source is not magically safe and stable, the point is that openness provides better mechanisms to solve problems efficiently. Serious security issues in Linux distributions are often solved in hours, if not minutes, after disclosure. -
8. Yes, you are responsible, and should probably review the code of sofware you use. Not all of it, but understanding parts of it helps you as well. It turns you into a better developer, you get some sense for the inner workings of the tools you use.
9. You don't need to be a car mechanic to own a car, but you should be able to replace a tire or fix a broken windshield wiper. Opening the hood might seem overwhelming, but just try it once it a while.
I used to buy routers and see if they were dd-wrt flashable afterwards.
Just bought a router based on flashability.
Flashing dd-wrt now so that I don't have any proprietary bullshit onto the device with controls my Internet 😍
Yay for open sourceness!
Now I just hope that the flashing won't fail 😅
rant