On Fri, December 8, 2006 12:28 pm, Robert Potts said: > In response to Vim's recent questions I had a tangential discussion with > dedicated Mac user who is also a Flash developer. I forwarded him parts > of Vim's message with some points about how Flash is good in some > applications, but it's kind of frowned on by this community: > > I said: >> oh and by the way any security holes [people] can't fix because > you're not allowed to touch the source... > > he replied: > <quote> Isn't that potentially a good thing? Provided the > source is not trying to pull any underhanded shit the flash file should > be pretty secure, anyway? (?) I wouldn't give up using flash anyway- it's > too much fun as a tool. I'll check this GNASH thing out. </quote> > > anybody care to take this hot little potato and have fun with it? > > I'm posting this for my own and his educational needs. I'm all ears. > Please, feel free! > > -Robert
I don't particularly mind closed code, necessarily (and I use OS X in several places), but that's an excuse that doesn't hold water. He is assuming it is harder to crack closed source code. Which has a grain of truth: it is _very_ slightly harder to find a vulnerability in closed source programs. But _very_ slightly. Most exploits even in Open Source programs are discovered through analysis of the program produced. So programs from closed and open source have basically the same level of vulnerability, since that is how you find exploits in closed-source code. So, with the closed source, we have to trust the company when they say the program doesn't deliberately do anything underhanded, and we can't fix any problems we find ourselves. From a security standpoint, that's the _entire difference._ Any extra vulnerability from being able to see the code is so minuscule that it has never mattered. So... Tell me why I should trust Adobe? ;) Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --------------------------------------------------------------- _______________________________________________ Openbsd-newbies mailing list [email protected] http://mailman.theapt.org/listinfo/openbsd-newbies
