• 0 Posts
Joined 2Y ago
Cake day: Oct 28, 2020


Nonetheless, the concept of supply chain applies perfectly.

As SoCs constantly increase both in complexity and power, the amount and size of firmware has been increasing as well. It becomes more difficult to find hardware that runs without any close source component.

The majority of closed source software is not innovative at all. It’s usually just a rehash of existing ideas and functions with a new UI.

Cloning it is also not innovative but FOSS is hardly to blame here. If anything, breaking users free from lock-in is the main innovative aspect.

First you release something, wait until is widely adopted and then add ways to control users or capture their data, for example host contents on a CDN you control, or add paid extras, or switch license for later releases. All of this examples happened in the past. The good old embrace-extend-lock-in.

…but it does not federate with Lemmy and other platforms on the fediverse. Meh :(

I’m surprised the author did not mention NNTP, the protocol that ran the larges federated discussion system since 1986.

ActivityPub reinvented NNTP with less efficiency and very poor documentation.

If anything, there’s nothing more democratic that allowing for infinitely different “views” on the contents. Besides, there is nothing lazy in such implementation, on the contrary.

That would only generate echo chambers. Instead, each user should see a personalized ranking of contents based on what they want and who they trust (and who their “friends” trust and so on).

Because it’s stable and reliable. Other protocols come and go every 10 years.

While the article provides good description of fuzzing, static analysis etc it focuses only on a set of threats and mitigations. There is much more:

  • “How security fixes work”: Linux distributions do a ton of work to implement security fixes for stable releases without input from upstream developers. (And sometimes projects are completely abandoned by upstream developers). The ability for 3rd parties to produce security patches depends on having access to source code and it’s absolutely crucial for high-security environments (e.g. banks, payment processors…). Some companies pay a lot of money for such service. This aspect is a bit understated under “Good counter-arguments”.
  • Software supply chain attacks are a big issue. Open source mitigates the problem by creating transparency on what is used in a build. OS distributions solve the problem by doing reviews and freeze periods.
  • Some Linux distributions go even further and provide reproducible builds. This is not possible with closed source.
  • A transparent development process creates accountability and limits the ability for a malicious developer to insert backdoors/bugdoors. This is quite important.
  • Access to source code, commit history and bug trackers allows end users to quickly gain an understanding of the quality of the development process and the handling of security issues in the past.
  • …it also enable authorship and trust between developers and users.
  • End users and 3rd parties can contribute security-related improvements e.g. sandboxing.
  • Companies can suddenly terminate or slow down development or security support. Community driven projects, and the ability to fork projects strongly mitigates such risk.

I agree that claiming that something is secure just because it’s FLOSS is an oversimplification. Security is a much bigger and broader process than just analyzing a binary or some sources.

Debian, if you flip around the “based on” requirement.

Besides, what uses significant amounts of RAM is not “the distro” but the primarily the window manager, some daemons and little more. You can try LXDE as a window manager. Good luck with browsers tho.