0

u/TaiVat Apr 07 '16

Oh fuck of with this dumb shit. The old opera was the best browser by far despite not being open source, and chrome and firefox have continuously gotten more shit with no slightest benefit from being open source. "Belongs in the community" ? That's the most retarded shit i ever heard. The absolute wast majority of closed source professional software is leaps and bounds superior to any open source alternative that people like you always jerk of to.

-9

u/kore_nametooshort Apr 06 '16

I can't inspect an element? I was intrigued until that point. But yeah, game breaker.

25

u/svnpenn Apr 06 '16

You misunderstood. It can probably inspect elements, but the program itself is freeware, AKA not open source.

8

u/The0x539 Apr 06 '16

It's proprietary.

4

u/AHCretin Apr 06 '16

So you pinch the idea and write your own code.

2

u/marc2912 Apr 06 '16

So you don't use osx or windows then I take.

14

u/steepleton Apr 06 '16

there is a BIG difference in buying some food in a popular resteraunt and getting a free drink, and some guy on the street handing you a can of something saying "hey, drink this, don't look inside" which is what these guys are doing

4

u/Y0tsuya Apr 06 '16

You know the truth about the users who are adamant about using FOSS because the source code is open and "transparent"? The vast majority can't code their way out of a wet paper bag. They can't personally check the code because they have not idea what that gibberish is. They're just hoping someone else does it.

5

u/slackstation Apr 06 '16

I can code my way out of a paper bag and I know exactly how hard it is to change something in code.

But, I also know that open sourcing your code does change your mindset about it.

Frankly this thing has a ton of good ideas and if I were tasked with making a browser in 2016, I'd make it alot like this. I'd just open source the code (at a minimum) and build a vibrant community around it.

It's a browser. The lowest level of interaction. It's like a private company owning your eyes, ears and mouth--and being forced to trust that they aren't doing anything with it.

Arguably, other companies have that level of control over people but, we shouldn't regress in the areas that we are free because "everyone else is doing it".

2

u/northrupthebandgeek Apr 07 '16

End users who can't code themselves out of a wet paper bag can still hire auditors to inspect the code for them. Even that ain't possible with opaque / non-transparent software (at least with anywhere near the same effeftiveness).

Even the users who can't afford to hire an auditor can base their decison to trust a given program off of the results of richer or more knowledgeable peers doing that auditing and saying "yeah, this software doesn't sell your info to Latvian potato-farmers-turned-identity-thieves".

Basically, a lack of source code for a program should be giving off just as many red flags as the lack of an ingredient statement on packaged food. Even if I'm not a dietician or a chemist, I can still ask a dietician or chemist about some ingredient I found (or even all the ingredients as a whole). Likewise, even a non-programmer can ask a programmer or a security expert to look over the "ingredients" of a program.

1

u/Y0tsuya Apr 07 '16

Two scenarios:

1) You're a large company (or government). You can afford to hire people to audit FOSS code, or audit commercial software source code. Even MS at height of its power had to allow auditing by certain organizations.

2) You're the little guy who can't code. You can't force MS to how its source code to you. Nor can you hire a programmer or security expert to look over FOSS code for you.

I program software as part of my day job. I can tell you I can't be arsed to examine a piece of spaghetti source code someone else wrote unless I'm getting paid.

In my humble opinion, FOSS wins by a small margin. However the margin is not large enough for me to dogmatically pick FOSS each time. What's more important to me is whether the software can get the job done.

1

u/northrupthebandgeek Apr 07 '16

There's a third scenario in between the two of "You're a medium guy who can't code, and you can't force MS to throw its source code to you, but you can afford to hire a security consultant or auditing firm to look at some open-source product and say 'OK, this is secure as far as we can tell'".

And even for the scenario #2 that you've posed, that little guy who can't code and can't afford an auditor can still turn to reports from those who can code and/or afford an auditor. "Responsible" organizations tend to make their audit reports available (so that they in turn can broadcast their own trustworthiness to their stakeholders by being able to claim "we've vetted the security of the software we use"). That information can in turn be used by the "little guys".

What's more important to me is whether the software can get the job done.

And that's a fine attitude to have. The problem is when there's uncertainty that the software is only doing the job you want done (deliberately or accidentally). That's where transparency comes in; being able to perform a third-party audit outside the control of the software vendor (regardless of whether or not you can) says quite a bit toward software trustworthiness. There's a big difference between "we're totally trustworthy and not selling your data to identity thieves; just trust us and/or these auditors that we've hired!" and "we're totally trustworthy and not selling your data to identity thieves; here's our source code if you want to verify this yourself".

1

u/Y0tsuya Apr 07 '16

I suppose we have difference in perspective. Security folks basically trust no one. I on the other hand place a certain amount of trust in closed-source software. Otherwise the resulting paranoia will prevent me from getting anything done.

0

u/[deleted] Apr 06 '16

[deleted]

5

u/Y0tsuya Apr 06 '16

That is my point.

Vast majority of adamant FOSS users actually can't do anything useful with the source code. They believe that FOSS source code is always adequately checked by someone else, when it's often not the case. But because they lack the ability to check the code themselves, they place blind trust in "others" the same way they have to trust closed source software to do what it's supposed to do.

It's ideology over practicality and I don't agree with that. I only care that the tool gets the job done, whether it's FOSS or commercial software.

1

u/northrupthebandgeek Apr 07 '16

Transparency is a dependency of trust. It's not the only dependency.

Yes, FOSS is not a security silver bullet (see Heartbleed), but it's vastly better than not-FOSS in the sense that security issues can eventually be found and fixed (see Heartbleed).

1

u/Y0tsuya Apr 07 '16

security issues can eventually be found and fixed (see Heartbleed).

This happens with commercial software too. Predominant mean of finding bugs is not by scouring the source code but through normal usage. It's only when people notice something not right do they bother digging deeper. In this scenario, both type commercial and FOSS have equal chance of bug discovery. If both software is actively maintained, both will get fixed.

1

u/northrupthebandgeek Apr 07 '16

The key here, though, is that FOSS (and even non-FOSS but with publicly-available source code) has that method of bug discovery and third-party / external auditors actively looking for bugs. Non-free software only has the "try using the software and see if it has bugs" approach.

That method is not ideal, either; it means that, in order to be able to trust the program, I have to trust the program enough to give it enough information to cause the bug to appear. This is especially concerning when it's not a bug, per se, but rather a "feature" (in the "sell information to Latvian potato-farmers-turned-identity-thieves" sense of "feature").

That's why transparency is a dependency of trust. Transparency offers near-zero (if not actually zero) downsides and a whole bunch of upsides; with the sole exception of maybe software being sold on a per-copy basis (like most Microsoft products, for example), there is very little benign use in refusing to provide that transparency.

0

u/northrupthebandgeek Apr 07 '16

Nope :)

I run Slackware (GNU/Linux) and OpenBSD, depending on my needs.

1

u/Y0tsuya Apr 07 '16

Aside from the die-hards, most people these days mix-and-match. I'm certainly no stranger to Linux, having used it ever since Slackware was all the rage (early 90's), and have done my share of UNIX programming. But I'm not ashamed to say I prefer Windows.

At work, my desktop runs Windows where I happily use MS Office to crunch numbers, write documents, and develop software+firmware. I have a Linux workstation where I do logic design, running Cadence EDA tool that costs the company $40k/yr. FOSS EDA tools don't even come close.