Red pill on security on open source!Wouldn't having you

>>59408875
>red pill
So you want lies and memes?

File: The_Peaceful_Pill_Handbook_cover.jpg (60KB, 440x664px)

60KB, 440x664px

>>59408875
I suggest you take the Peace Pill instead.

>>59408896
No,i want answer to my question with arguments and evidence
>>59408915
sounds pretty gay,m8

Let's put it like this, OP. White hat hackers don't like black box pen-testing. If you're trying to compromise a machine for nefarious purposes, you will grin and bear having to go through disassembled, possibly obfuscated code, just to fuck someone up. And then you'll probably keep that vulnerability a secret, or only share it with a select few people (like the CIA) in exchange for money. By contrast, with open source code, there are a lot more eyes on the source. Not just hackers, but regular coders who might be interested in contributing to the project, or randos who just want to know how the code works. In open source software, there are many times more people with a vested interest in keeping the software secure, who are able to access the source code, than there are malicious actors looking through the codebase.

>>59409776
You actually seem like you know what you're talking about.
doesn't Free/open source stuff stuff have more of an incentive to fix their problems?
Problem gets reported hurts it's reputation people want to use it so they fix it.
If a big money OS has a problem, they try to hide it for as long as possible and just hope no one figures out, because it'll hurt sales if they announce it has problems so it'll go unfixed as long as it doesn't get reported and they don't feel people really know about it enough for it to hurt sales.

>>59408875
That's kind of the point. Why waste all of your time on finding security holes when an entire community of people can do it for you, report them, and you just patch them? Open source is also great because if the original dev abandons software you like, you can fork it and update it yourself. Open source is all about sharing and learning to work with others. Another advantage of FOSS is that it provides transparency, meaning that you can make sure that the software is not malicious. It's also gratis.

TLDR help from others, gives you control, transparency, costs nothing

>>59408875
go fuck putin in the ass, russian bitch

>>59408875
The tits are out, but the bussy (private keys) are still hidden on a per-system basis.

>>59409776
QUESTION!
What if company which open sourced their product does some tweaks before compiling code and adds some malicious code (backdoors i.e.).
There is no possible way to find this out, or is it? (Like compiling source code by yourself and comparing binary sizes?)

>>59408875
You're describing security through obscurity. You will find multiple articles why it is bad.

>my front door is secure because no-one knows where the key is!

Protip: Everyone knows how your door lock works.

>>59411519
A key with thousands of holes, falls and other deformities.

>>59411393
Of course you can do this.
And its fairly difficult to ensure that a binary version is compiled from a specific source. If you can replicate the compilation settings you should be able to diff the binaries in theory. I'm sure tools could be made that are more lax and can properly determine if the application does the same thing in essence or not. But I haven't seen them.

But you shouldn't run binaries from people you can't trust if you care about security.

>>59411393
You can just compile the open source code, stupid.
>someone gives you a brownie
>"I didn't cum in it I swear, look, here's the recipe"
>"This is totally the recipe I used"

File: 10int.jpg (28KB, 303x311px) Image search: [Google]

28KB, 303x311px

>>59411586
I know I can...
My question were related to majority of people who uses open source and does NOT compile themselve.
Because it's more convenient to just install software.

Just wanted to know if there is a way to make sure that software is compiled from public source code.

Even though I specifically acknowledged compiling source code you still had to post your stupid answer, didn't you.

>>59411783
>Just wanted to know if there is a way to make sure that software is compiled from public source code.
Isn't it all signed?

>>59410040
it is common sense
the thing about open source is most projects are not funded or have limited funds. so if a patch is taking too long to come out someone else can submit a patch until an official one comes out

>>59411783
what are pgp signatures and checksums

>>59411783
>if there is a way to make sure that software is compiled from public source code
You compile it from public source code. The process of mapping source to binary is called compilation (or decompilation going the other way). Your question is like asking "Is there a way to compile the source code without compiling the source code?"

>>59408875
>would mean anyone can just take it and fuck with it?

That is exactly the point. Anyone can see the code so anyone can find a bug and fix it.

>>59411841
This. If two different people compile the same source code the output files will have the same checksums and signature information.
All you need is for one person to compile the source code and test against the released binaries to find out if they have altered the code before compiling.

>>59408875
>>59405170

>>59412101
uh...
Nevermind.

>>59409673
Well, the Red pill on cyber security is that the chemicals in the CPU turn you gay and cause you to hate Jesus

Repent and turn off your computer

If you disagree with this you're a shill

Proprietary code probably fucks more guys but she does it behind your back. She also might have AIDS, but you'll only get to know this after

>>59408896
>thinking right is wrong
lad you're a fucking meme, you regressive leftist nigger

>>59410066
h-how do you know i am russian

>>59412743
It seems Tay has arrived!

File: 1488379290328.jpg (153KB, 1080x720px) Image search: [Google]

153KB, 1080x720px

>open source
Is like having a whore with her tits out, so then everyone can view and inspect them to make sure they are real and not implants.

>closed source
A whore who takes your money and you will never see her tits, maybe she is better, but you will never know for sure whats under her dress.


What is better?:
closed: if you actually want to make money
open: if you actually want to help the community