The HeartBleed bug is an example of a serious, unintentional, problem in
an open source package. In that case, even though the software was
available to millions of eyeballs, not that many actually looked at it.
I suspect only the mainstream big programs (such as Apache) are closely
examined. Since I usually find the programs I want through word of mouth
from people I trust, I don't worry much about it and have not yet
regretted it. Also, I use a Mac.
—Barry
On 3 Jul 2014, at 6:59, Marcus G. Daniels wrote:
Open source software is less to have spyware or viruses. That's
because the
software is in its preferred high-level form - the recipe is
published.
Proprietary software, in contrast, is delivered as a binary. To know
whether bad stuff is in a binary program, a difficult decompilation
and
reverse engineering process is needed to get back to something like
the
preferred form. Like having to run spectroscopy to find out what is
in a
cake. In the open source case, you just bake your own cake. If you
know
the ingredients are plausible, and the structure of the recipe makes
sense,
then you can feel good about having a piece of cake. And even if you
are
not a baker, you may know some bakers that can give an opinion on the
recipe
. That doesn't mean there aren't bugs or bad oversights, but malicious
behavior is harder to hide.
From: Friam [mailto:friam-boun...@redfish.com] On Behalf Of Nick
Thompson
Sent: Wednesday, July 02, 2014 9:43 PM
To: Friam
Subject: [FRIAM] Source Forge, inter alia
Sorry, everybody.
I guess my question could be stated more broadly, with perhaps some
saving
of your time in the long run. How do I decide if a piece of software,
available on the internet is safe or not? I guess one can look for
reviews
on "reputable" sites, but then how does one recognize a reviewing site
as
reputable. ? I suppose one could look at the webpage of the software
maker
and see if the software is being regularly updated, etc. What about
the
site on which the software is hosted? Does that give a clue Does
Source
Forge screen it's software? If so, I couldn't see any sign of that on
the
Source forge page.
Perhaps if one of you would provide an answer to me on this general
question, it would you all being bothered by particular versions of it
later
on.
Thanks,
Nick
Nicholas S. Thompson
Emeritus Professor of Psychology and Biology
Clark University
http://home.earthlink.net/~nickthompson/naturaldesigns/
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
