1012
you are viewing a single comment's thread
view the rest of the comments
[-] frayedpickles@lemmy.cafe 1 points 1 day ago* (last edited 1 day ago)

Yes I've been to Ohio. It's as terrible as people say.

However the correct analogy is this: "I distrust alliant credit union, but I trust a random internet stranger that in theory is doing their work in public". That's the right number of employees and the right scale.

Your analogy is basically accepting my point. In this case, I'm trusting a random internet stranger not to lie to me, and you've very clearly illustrated why that doesn't work. Believing Ohio isn't real would require a large conspiracy. Ublock introducing something naughty would require one man. I trust that one man, but there's no reason to. If you think that's absurd do some research about recent software package changes that introduced backdoors.

[-] drosophila 1 points 20 hours ago

I trust a random internet stranger that in theory is doing their work in public

There's no 'in theory' about it.

I've actually had an extension I was using be revealed as spyware (it was hoverzoom, I immediately switched to an alternative afterward).

I don't read every line of every piece of software I use because that would be impossible, but I do actually look at some of it and modify it to suit my needs. It was because there are many thousands of people like me that do this that the problem in hoverzoom was caught. It's been ten years, so I don't have the best memory of the event, but I think it only took a few days to catch it as well, despite the fact that the offending code was left out of the GitHub repo and was only in the compiled extension.

The state of open source isn't perfect (not everything has reproducible builds yet) but in general I 'trust' that every other programmer in existence isn't in on a conspiracy to screw me over specifically.

[-] frayedpickles@lemmy.cafe 1 points 11 hours ago

Why would any of this be about you personally? I honestly can't take you seriously when this is your view of security, and it's made worse when you extend that to "we caught em once so the system works".

[-] drosophila 1 points 5 hours ago* (last edited 3 hours ago)

Why would any of this be about you personally?

Uh, hello? Do you want to think about why I wrote that? Do you need me to explain to you the idea that other users of the extension are mostly self interested but it is in their best interest to cooperate and share information if the extension is bad? That the greater the number of people with access to the source code the less likely it is that some subset of them could cooperate against some other subset? And therefore the more people looking at the source code there are, the less you have to trust any single person? You know, the same reason you won't follow a single person into a dark alleyway but are comfortable standing in a crowded street? Because the first subset being "everyone"' and the second one being "only you" is an extreme case that is basically impossible to happen, just like the Ohio conspiracy? Do you understand what a negative example is or are you gonna comment back "wow I can't believe you think Ohio doesn't exists and everyone in the world is out to get you, you must be a paranoid schizophrenic"?

I honestly can’t take you seriously when this is your view of security

This is the view of the majority of people that work in netsec. There's a general sentiment that we should be reviewing code more, relying less on single-developer projects, and getting reproducible builds for everything, but nobody serious thinks that access to source code is a bad thing and usually it's regarded as a positive.

So in that sense uBlock is kinda bad because Gorhill does the vast majority of the work, but it would be even worse if it was closed source on top of that.

"we caught em once so the system works”.

As opposed to your system where you throw your hands up and say "you're screwed either way, nothing you do matters, just admit it and give up!", which has famously done so much good in the world.

this post was submitted on 22 Dec 2024
1012 points (100.0% liked)

You Should Know

33418 readers
164 users here now

YSK - for all the things that can make your life easier!

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must begin with YSK.

All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.



Rule 2- Your post body text must include the reason "Why" YSK:

**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding non-YSK posts.

Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.



Rule 7- You can't harass or disturb other members.

If you harass or discriminate against any individual member, you will be removed.

If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.

For further explanation, clarification and feedback about this rule, you may follow this link.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- The majority of bots aren't allowed to participate here.

Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.



Partnered Communities:

You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.

Community Moderation

For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.

Credits

Our icon(masterpiece) was made by @clen15!

founded 2 years ago
MODERATORS