Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski:
On 9/13/2022 4:14 PM, Thiemo Kellner wrote:
I think Megha is emphasizing, and possibly over-emphasizing, the fact
that the persons
who actually commit the code in free software projects can operate with little
or
no oversight when they are just volunteers not really accountable to anyone.
And I very much think she is wrong there. Being software developer
myself, unfortunately closed source mainly, I can tell that oversight is
not related to the licensing model or the pay of the developer. I would
go to the length to say that volunteers take, in general, a bigger pride
in the quality of their work, because they are not payed for it. The few
quite fruitless attempts in writing OSS, I took, failed sometimes
because I intend to create the perfect solution and thus not
progressing, whereas in the work for money I am often forced to
implement a working solution I can tell from the start, it will not be
easily maintainable or extendable.
to think the situation might be better if either 1) open source projects
exercised more
oversight than they currently do over the persons who actually write the code
and
release the software
As I already told. In over 25 years of experience, I do not have
complaints about the oversight taken by OSS projects, where as I
regularly can complain about closed source payed for software. In the
past two weeks I was hunting down a problem we had with IBM DataStage.
One of the parallel subprocess terminated unexpectedly and all the
message DataStage cared to give was that the subprocess received a
SIGINT. We hope to have work around, because we could not find the
source. To me, one of the worst things one can do as developer not to
have proper error reporting - unless you know, you will not get bothered
when the shit starts to hit the fan.
, or 2) free/oss software never became ubiquitous. We just cannot
know without being able to do a time machine experiment and see how the software
world would have developed if free/oss software had not become as ubiquitous as
it is
today.
I cannot agree with you at all on this point. Omnipresence of OSS does
not mean there are more error in the code. It just means there are more
users to detect problems, thus more possiblities for the bugs to get
fixed. Sure, if OSS developers are overloaded the will not get to fix
all the problems, just as developers on CSS (closed source software).
Much more, because the sales man can sell better new shiny features even
if useless, than stable code. The buyer expects that flaws get fixed for
free, maybe rightly so, thus the CSS company will fix as few bugs it can
get away with (exageration).
If there was not a serious problem of malware, identity theft, ransomware, etc.,
I would be more inclined to question what Megha Verma wrote, but based on what
I see in how free/oss projects are governed, I am not surprised that a world
that relies
on so much free/oss software also suffers from so much malware, ransomware,
identity
theft, etc.
Again, my experience with OSS is not this one. And I very much think,
that malware, ransomware usually is software on its own not built-in any
software. Maybe exploiting a backdoor a company put in their products
for ease of maintenance or just by negligence. Identity theft sounds
like social engineering or man in the middle attack. The latter not
necessarily being a problem of OSS.
Just because *you* have not experienced malware in the software you use
does not mean that there are no cases where free/oss software is being deployed
elsewhere in a stealthy way for malicious purposes.
I did not state that OSS was free of flaws and bugs. I am make a point
to state that in my experience there are fewer bugs therein than in CSS.
I am fairly sure I was a victim of
the breach of Yahoo that affected hundreds of millions of its users.
I am sorry for you. I do not know this case, so I cannot tell whether
OSS or CSS components of their service were breached, or even a social
engineering case.
I know people will reply and say it is much worse with proprietary software.
But we
really cannot know for sure, because free/oss is so ubiquitous now it is hard to
separate free/oss software from proprietary software.
I certainly can tell my experience comparing OSS to CSS. And there I OSS
gets better off. And for the rest, well I cannot tell it is this or the
other way around at all.
For example, most web
browsers are based on chromium, a free oss project that comes in large part from
Google, but some of the most-used browsers in the world based on chromium
are proprietary, such as chrome and edge.
I am not sure that this holds true. I would be quite surprised that
chromium or edged can legally use code of a OSS browser, being CSS. But
I am not an attorney.
I recommend everyone be very aware of the risks of using any software, whether
it be proprietary software or free/oss software in today's world of so much
malware.
Nice final point.
--
Signal (Safer than WhatsApp): +49 1578 7723737
Threema (Safer than WhatsApp): A76MKH3J
Handy: +49 1578 772 37 37
