[Gllug] p2p programs

Simon Morris mozrat at gmail.com
Mon Nov 14 11:51:43 UTC 2005 

On 14/11/05, Shakthi Kannan <cyborg4k at yahoo.com> wrote:
> Hi Simon,
>

Hullo,

> > When was the last time you read the source code for
> > any Linux kernel
>
> 5 minutes back?
>
> Please. I am a device driver developer ... [1]
>

Yay for you. Can I assume you haven't read the code for all the
application you are using?

My point was you can't rubbish software from a vendor just on the
basis that you don't have the source code.

Having the source code doesn't automatically mean secure applications.

> > or application before using it to ensure it is
> > secure?
>
> When the source code is open, you can very well see
> what is happening, atleast, programmers do.

The thread was referring to the security of Linux as a desktop OS for
someone who has just started to use it. Again, I don't argue that Open
Source isn't a good thing (Which I hope is obvious) but for this kind
of person that particular benefit isn't going to help her keep her
system secure.


> >  I didn't understand that sentence fully.. "looking
> > at the source code
> > of all of " what exactly?
>
> windoze kernel, firewall, anti-virus.

So you roll on the floor laughing at my suggestion that I could run
Windows securely if I chose to and the weak point in these systems are
clueless users?

Cisco PIX is a closed source firewall application - do you deem this
insecure until you have read the source code?

> > Having the source code for the software I use is an
> > essential part of
> > my freedom but I don't consider it a security
> > benefit at all really,
> > from the point of view as a home user
>
> There are millions of programmers who work on these
> projects who are brought up in different education
> environments. Their mindsets are different, their
> approach to problem solving are different. When these
> programmers get together and brainstorm with ideas, a
> lot of experience and man-hours goes into it, as
> opposed to very few engineers working on closed source
> products.

Apart from the "millions" of programmers exaggeration I don't disagree
with this.

Open Source in my experience patch security holes a lot faster than
closed vendors. However vulnerabilities do exist in these products (as
with all products)

Henry's faith that Linux as a desktop OS is 100% bulletproof is misplaced.

--
~sm
Jabber: mozrat at gmail.com
www: http://beerandspeech.org
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list