Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
I host FOSS stuff on my own server at my own home, and in some cases I modify it to do some extra stuff I need from it.
I can't do that with software hosted by companies, and I do end up reading the code when I modify it.
So I suppose this sort of software is a really good fit for me, my skillset and my time allocation. It's obviously not for everyone, but It's good It's an option, I personally appreciate it a ton. -
@netikras but you personally, do you read it?
-
I think this is also on topic: I don't do it all the time, but I also sometimes just pull the projects and search for some basic stuff like "http", or language dependant classes loke URL or Requests when I know the project is supposed to be offline... Stuff like that. You don't need to read everything all the time, because usually the Numbers of releases, the active issues and the history of the project can tell you enough about safety. And then if It's a smaller starting project then a rudimentary keyword check can tell you all the important stuff.
It's not 100% safe, but it's easy to do if in doubt. -
@Hazarth when was the last time you read source code for a tool that you used for personal purposes, and what tool was that?
-
-
@kiki Last one I looked closer at was the source for moosefs since I was setting up my own distributed file server and it had some issues so I took part of it apart to check how it looks, fixed and reported a bug I found and am still kinda looking at optimizing it for my setup specifically. That was 4-5 Weeks ago? Still on/off looking at it
Also looking at the Catima app for card storage, that Im just starting
I also took apart and recompiled ollama a couple months ago since I had some optimization concerns and disliked they left debug logs on then. Took that opportunity to also check it doesn't connnect to anything weird then.
Those are the most recent and biggest ones. I don't remember many of the small projects and libs that I just skim to see of they are what Im looking for :D -
@jestdotty since they were introduced, there wasn’t a single instance when they were successfully used to spy on someone/take someone down. Literally not once. It was always some other vulnerability, a much simpler and dumber one on software level
-
@Hazarth thanks! That’s amazing
-
@retoor tell me exactly how can I secure a computer that I don’t control physical access to
open source this, open source that… do you realize that you have no way of verifying whether the “cloud” version of a self-hostable tool is identical to what’s on github? they might as well have a special version of their app running on their servers, filled with spyware.
They don’t need it though, because you never read the code in the first place. Spyware might as well be there, in plain sight, never to be discovered by you because they know people don’t read source code.
Also, when are you going to get it hosted? Because cloud is just someone else’s computer, remember that. If someone else has unrestricted physical access to your computer, it’s not your computer anymore. Your hoster can see everything that happens on your VPS.
Unless you’ve read the code and hosting it from your own home from your own physical server, it’s not your data. Check with your data provider — they often do offer fixed IP service for a small fee.
I host my own tools on my computer and let my phone sync with them through my home wifi. Yes, I can’t sync shit when I’m out there with my phone, but who needs that, I’ll just do that when I come home.
I’m about to vibe-audit the source code of Notesnook with AI!
random