this post was submitted on 10 Aug 2023
590 points (97.9% liked)

Technology

59438 readers
3350 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

cross-posted from: https://kbin.projectsegfau.lt/m/[email protected]/t/26889

Google just announced that all RCS conversations in Messages are now fully end-to-end encrypted, even in group chats. RCS stands for Rich Communication Services and is replacing traditional text and picture messaging, providing you with more dynamic and secure features. With RCS enabled, you can share high-res photos and videos, see typing indicators for your...

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 1 year ago (1 children)

If you can't trust peer review from experts in a field, many aspects of society break down. For example:

  • How can we trust the word of an engineer that says a bridge is safe? Did you verify the calculations yourself? Have you personally tested the tensile strength of that rebar? Better to just avoid bridges to be safe.
  • How can we trust the word of a doctor when they prescribe something? Did you personally look up all the possible side effects and made sure you'll be safe? Do you research clinical trials yourself to verify efficacy? If you don't trust your doctor, you'll be right at home with the anti-vaxxers.
  • How can you trust a lawyer to argue your best case? There's thousands of pages of law that most people haven't read. Do you know for yourself that there isn't some past precedent that completely flips your case? Defending yourself is a bad idea for a lot of reasons.

Nobody can be an expert in every field. It's completely unfeasible for most people to verify source code themselves, but that doesn't mean open source doesn't matter. Society operates on a degree of trust in our fellow humans that ARE experts in their field. The more experts in agreement the better, since nobody is infallible.

I'm not sure what you're suggesting people do? Go live in a hole by themselves because the world is full of liars and deceivers? Or become superhuman and hand verify every possible thing that could negatively effect them?

[–] [email protected] -1 points 1 year ago (2 children)

No of course not. I'm sorry if I'm expressing this badly, my point was merely that open source tends to add a false sense of security for people. The relevant ability to verify is factually never used, and experts that review the code might as well have had access to it without it being open sources (see Whatsapp's audit a while back).

That is not to say that Open Source is not a good thing, don't get me wrong. But I feel we tend to massively overstate what it adds for us personally. We put too much value on that side of it, as if it automatically means every user has personally verified everything.

[–] [email protected] 4 points 1 year ago

It doesn't add a false sense of security at all. It forces the devs to put their name on the line with every pull request. They are publicly accountable for any and all code that is added to the product, in an open and transparent repository. If they try any shenanigans, and if anyone catches them, the developer, the project, and the community will all suffer.

It also gives the community a chance to fork the code and remove the problem. You can carefully rebuild with a new dev or new team.

Using open source software is a real sense of security, because it was built for you, not for money.

[–] [email protected] 3 points 1 year ago

That's a fair statement to say open source on it's own doesn't add any security. I will say that any developer who's intentionally adding vulnerabilities to their code is less likely to publish the source, simply because someone COULD see it. With the number of automated vulnerability scanners on Github, it would require a lot of extra work to go undetected, when simply going closed source is an option. Once again, the more open the better, since there's fewer places to hide things.