Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Not sure who the market is here? (Score 1) 116

Knowing how to "code" isn't enough, you need to study the codebase. A tiny fraction of those who know how to code have studied the mailpile codebase enough to catch a backdoor. I would say, practially speaking... 0 outside the core developers.

Right now, you're probably right. As far as I can see it's not much used yet. But as usage grows, so would the number of contributors looking at the code, to add a new feature of fix a bug, each time increasing the chance malicious code or vulnerability would be found.

Backdoors or snooping are best hidden with plausible deniability. Even if you discover one, it won't be obvious that it was intentional, it will be no more newsworthy than a typical vulnerability report.

Right. Open source does not magically guarantee the absence of vulnerabilities (accidental or intentional). But it makes them easier to detect by the community, and harder to hide malicious code. Take the snooping revealed to be happening in Skype. Would it be that easy to do with open-source clients and servers?

Comment Re:Not sure who the market is here? (Score 4, Interesting) 116

You can read the source code and confirm that it's all legit? The average user can't read source code! These claims are all worthless.

An answer to that is that even though only 0.1% of users can read source code, ...

  • - 5% know somebody who can read code;
  • - 30% know somebody who knows somebody who can read code;
  • - ...
  • - 100% know a newspaper who would publish the story if a single expert read the source code and discovered there is snooping hidden in it (by then a host of other experts can simply confirm this fact)

Given this, it's quite likely that if an open source tool contains malicious code, and it is widely used, this will be revealed eventually. Of course there is no 100% guarantee. But this claim is far from worthless. You can have much higher confidence that an open-source tool does not have hidden snooping compared to closed-source, and this even if you can't or won't read the source code yourself.

Comment Re:So (Score 3, Insightful) 308

Yes you'll have to press a key to approve the Linux bootloader, every time it boots. Not kidding, RTFA.

I don't think so. From TFA: "To facilitate repeat booting (and to make the pre-bootloader useful for booting hard disks as well as USB keys or DVDs) the pre-bootloader will also check to see if the platform is booting in Setup Mode and if it is, will ask the user for permission to install the signature of loader.efi into the authorized signatures database. If the user gives permission, the signature will be installed and loader.efi will then boot up without any present user tests on all subsequent occasions even after the platform is placed back into secure boot mode."

Comment Re:Question the whole premise (Score 1) 667

What program? What evidence.

I know many believe that's the case, but there's no conclusive evidence - at least none that isn't the "just trust us wink-wink, our all knowing leaders would never lie to you, and we're perfectly trust-worthy" kind. You know, don't let the problem of actual *evidence* worry your pretty little head. Leave that to the big serious folks. [Who incidentally have financial ties to the military-industrial complex and are hauling home cash by the truck-load.]

Actually, even the U.S. Agencies See No Move by Iran to Build a Bomb.

Comment Re:the 16 scientists are not climatologists (Score 1) 1367

Interesting point: you should not only consider the risk (for instance of climate change), but rather compare the cost of doing something and the cost of doing nothing. Of course that process alone does not guarantee it is objective: it matters greatly how you define and estimate such costs. This specific economist is accused by some of bias in this regard.

Comment Re:Open Source (Almost) Everything (Score 2, Informative) 325

I'm not sure if this is on-topic or not, but this one of the reasons why the BSD license is better than the GPL. It allows you to open source everything except the code with the business value. The GPL forces you to open source everything.

Wrong. The GPL doesn't force the copyright owner to do anything, it only give obligations (and rights) to people accepting the license.

They could BSD or GPL the non-business value code, and still release the whole under whatever license they choose (including proprietary).

Alternatively, they could relase the business value code under the GPL, which might solve their dilema. This would attract attention and allow community contributions, but proprietary competitor could not legally use it in their produce. This is where the GPL shines.

Slashdot Top Deals

Any given program will expand to fill available memory.