This video is not monetized. This video covers our serious concerns regarding the data accuracy of Linus Media Group, including Linus Tech Tips, ShortCircuit...
I actually think that was a really good moment to include in the series. People might understand that you can hose your machine and any time you use sudo you are taking your afternoon into your own hands. But also… how many of us have skimmed a script to set something up, figured enough people had run it that it must be fine, and just yolo’d it?
That is 100% the experience a linux newbie would have and including it in the series is great.
That said: it has been more than a minute and I have zero interest in going back to rewatch. But I vaguely recall linus got overly defensive and used it to shit on Manjaro (?) rather than just using it as a learning opportunity and a cautionary tale.
That’s what I hate about the open source crowd’s “everyone can check the source code” argument! How many users actually do that? It must be pretty fucking close to 0%! A dev with malicious intent could easily introduce shit in an update that no one would notice for an extended period of time if ever!
That’s what I hate about the open source crowd’s “everyone can check the source code” argument! How many users actually do that?
It’s still a decent argument. While many/most may not be able to read it and understand it it is still better to have some (outside the project) that can look at the code and check it independently.
It must be pretty fucking close to 0%!
It certainly depends on the project and how much it is used. A library someone threw together on an afternoon will unlike a bigger project like NGINX, have little to no external eyes on it.
Though it’s not just about reading it. Open source projects (depending on their size) can usually react faster when a bug or problem is found within it.
A dev with malicious intent could easily introduce shit in an update that no one would notice for an extended period of time if ever!
The same can be said with closed source applications. A dev or the entire company (if they where to go down such a path) could also easily introduce something nasty. In that case there would be no way at all to confirm that anything bad or upright malicious was introduced (unless it gets so bad that it would trigger an Anti-Virus or is easily noticeable).
Is Open Source alone making software more secure (or prevent malicious actions)?
No. But it can be a sizable improvement. Just like security through obscurity1/2 (when given as an isolated argument) is not making software more secure (dare I say it decreases its security; when used in isolation).
I actually think that was a really good moment to include in the series. People might understand that you can hose your machine and any time you use
sudo
you are taking your afternoon into your own hands. But also… how many of us have skimmed a script to set something up, figured enough people had run it that it must be fine, and just yolo’d it?That is 100% the experience a linux newbie would have and including it in the series is great.
That said: it has been more than a minute and I have zero interest in going back to rewatch. But I vaguely recall linus got overly defensive and used it to shit on Manjaro (?) rather than just using it as a learning opportunity and a cautionary tale.
That’s what I hate about the open source crowd’s “everyone can check the source code” argument! How many users actually do that? It must be pretty fucking close to 0%! A dev with malicious intent could easily introduce shit in an update that no one would notice for an extended period of time if ever!
https://www.veracode.com/security/dangers-open-source-risk
expired
It’s still a decent argument. While many/most may not be able to read it and understand it it is still better to have some (outside the project) that can look at the code and check it independently.
It certainly depends on the project and how much it is used. A library someone threw together on an afternoon will unlike a bigger project like NGINX, have little to no external eyes on it.
Though it’s not just about reading it. Open source projects (depending on their size) can usually react faster when a bug or problem is found within it.
The same can be said with closed source applications. A dev or the entire company (if they where to go down such a path) could also easily introduce something nasty. In that case there would be no way at all to confirm that anything bad or upright malicious was introduced (unless it gets so bad that it would trigger an Anti-Virus or is easily noticeable).
Is Open Source alone making software more secure (or prevent malicious actions)?
No. But it can be a sizable improvement. Just like security through obscurity1/2 (when given as an isolated argument) is not making software more secure (dare I say it decreases its security; when used in isolation).