undefined | Better HN

0 pointsfixxer12y ago0 comments

I don't think it is wise to trust any system, open or not, so I agree with your thesis.

However, the fact that Linux source is available for review does make it more secure on a relative basis. Sure, it is naive to think a zero day couldn't be buried in there, but at least there is the opportunity for review. With a closed-source OS, we don't even have the luxury of a false sense of security.

Not to get all tin foily, but I'd be more concerned about hardware exploits if you're thinking in terms of "man on the moon" resources... where are all those chips made again?

0 comments

gutnor12y ago

And that's what those 3 letters agencies do or at least should do. In addition of planting backdoors their job is also to make sure that their system are backdoor free.

In any case, the Microsoft is providing government with the source code of at least Windows (not sure about Office), so from a source code point of view, that is somewhat ok (minus finding people experienced enough to digest an enormous code base)

The main problem that is common with both Microsoft and OSS is actually checking the binaries. Except for China (to some extend), there is no government that is actually forking the project they use in order to create custom, controlled distro. So they are always going to have to trust their binary source. And that is the weak link.

gtirloni12y ago

When was the last time you reviewed the Linux kernel code looking for possible backdoors, found none and compiled your own kernel? Btw, when was the last time you reviewed the GCC code looking for possible backdoors, found none and built it from scratch? Btw, when was the last time...

Most companies and users get their pre-compiled distros and never bother because it's an impossible task so I don't see how open source is any better in this regard.

j / k navigate · click thread line to collapse