Re: Politeness please, people [WAS Re: just saying]

[tomas]

On Sun, Nov 27, 2022 at 11:03:04AM -0500, Jeffrey Walton wrote:
> On Sun, Nov 27, 2022 at 10:38 AM Andrew M.A. Cater  
> wrote:

[...]

> > People,
> >
> > It is worth thinking that this list is often the first place people come to 
> > who
> > are new to Debian. We all need to be polite even when arguing and be
> > helpful above all.

Thanks, Andrew, for the reminder.

> I think that thread was doomed with the "Please prove me wrong"
> challenge. That's not how things work, and it looked like bait to me.
> I was hoping the thread would be quickly forgotten.

Yes, the thread was always bordering the "they're all after me" line.
I tried to pull it into a more interesting zone (which is also relevant
to the Debian community: trust, reproducible builds, etc).

It seems I failed. Sorry.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Politeness please, people [WAS Re: just saying]

[Jeffrey Walton]

On Sun, Nov 27, 2022 at 10:38 AM Andrew M.A. Cater  wrote:
>
> On Sun, Nov 27, 2022 at 01:22:04PM -, Curt wrote:
> > On 2022-11-25,   wrote:
> > > I don't think it's productive to shout the C word yet: there /are/
> >
> > I think you people should take your OT bullshit elsewhere. That's
> > more than enough from you and all the others.
>
> People,
>
> It is worth thinking that this list is often the first place people come to 
> who
> are new to Debian. We all need to be polite even when arguing and be
> helpful above all.
>
> This list is subject to the Debian Code of Conduct. There are also all
> ages and varieties of people who may come across this list and other
> Debian information resources. This list has a few very regular posters and a
> regular larger set of readers and occasional commenters.
>
> Similar off-topicness seems generic round about now when a major release
> is in prospect, and especially when the freeze is imposed for the release
> itself: it's always worth thinking again before sending any message as to
> whether it continues to add value.
>
> It is not uncommon for people to go off-topic for a while on this list.
> This thread may have come to the end of its usefulness: I'd ask those
> involved to consider wrapping it up here.
>
> A little more consideration, please?
>
> With best regards, as ever,

I think that thread was doomed with the "Please prove me wrong"
challenge. That's not how things work, and it looked like bait to me.
I was hoping the thread would be quickly forgotten.

Jeff

Politeness please, people [WAS Re: just saying]

[Andrew M.A. Cater]

On Sun, Nov 27, 2022 at 01:22:04PM -, Curt wrote:
> On 2022-11-25,   wrote:
> >
> >
> > I don't think it's productive to shout the C word yet: there /are/
> 
> I think you people should take your OT bullshit elsewhere. That's
> more than enough from you and all the others.  
>

People,

It is worth thinking that this list is often the first place people come to who
are new to Debian. We all need to be polite even when arguing and be 
helpful above all. 

This list is subject to the Debian Code of Conduct. There are also all
ages and varieties of people who may come across this list and other 
Debian information resources. This list has a few very regular posters and a
regular larger set of readers and occasional commenters.

Similar off-topicness seems generic round about now when a major release
is in prospect, and especially when the freeze is imposed for the release
itself: it's always worth thinking again before sending any message as to
whether it continues to add value.

It is not uncommon for people to go off-topic for a while on this list.
This thread may have come to the end of its usefulness: I'd ask those
involved to consider wrapping it up here.

A little more consideration, please?

With best regards, as ever,

Andy Cater

[For the Debian Community team].
 

Re: just saying

[Curt]

On 2022-11-25,   wrote:
>
>
> I don't think it's productive to shout the C word yet: there /are/

I think you people should take your OT bullshit elsewhere. That's
more than enough from you and all the others.  

Re: just saying

[tomas]

On Sat, Nov 26, 2022 at 02:44:51PM -, Curt wrote:
> On 2022-11-25,   wrote:
> >
> > If you care about your results, better find ways of, well,
> > auditing your code.
> >
> 
> Are you aware of this?
> 
> https://github.com/advisories/GHSA-97m3-w2cp-4xx6

I don't follow those node messups very closely. But they seem to
be pretty frequent (some of them even quite spectacular, like
the event-stream case):

  https://lwn.net/Articles/773121/

This case is particularly beautiful, because:

 * it was a legit package which was orphaned by the original
   author and taken over by a volunteer "nice enough" to take
   on the burden (harr, harr)

 * the malicious change was targeted at exactly one application
   (Copay). It deployed itself only when "building" that app
   (surprisingly, you kinda "compile" javascript applications
   these days: go figure). So it harks back nicely to Ken
   Thompson's classic "Trusting Trust" article (already mentioned
   in this thread)

As far as I remember the LWN article linked to above, it got
caught before stealing any bitcoin, but just by a slim margin.

Worth a read.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: just saying

[Curt]

On 2022-11-25,   wrote:
>
> If you care about your results, better find ways of, well,
> auditing your code.
>

Are you aware of this?

https://github.com/advisories/GHSA-97m3-w2cp-4xx6

The developer wanted to get back at the Russians, I guess, due to the
war. I think he even documented the maliciousness of the software
somewhere (but who reads the docs)?

Anyhow, somebody did notice.

Re: just saying

[tomas]

On Sat, Nov 26, 2022 at 01:39:33AM -0500, pa...@quillandmouse.com wrote:

[...]

> [snip]
> 
> This was sort of my point. Jeremy objected that open source was
> completely analyzable. And while this is true, it does require a
> certain expertise to do so. We trust our "experts" (as in, not me)

[...]

The difference between free software and proprietary is that
in the first case you get to choose your "experts". You can
even decide to become one. In the second case, only "experts"
approved by the vendor get to play.

I think it is a significant difference.

Does it make all the world good? No. And powerful vendors are
constantly finding ways to re-gain power over their users.

But we gotta keep trying :)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: just saying

[paulf]

On Thu, 24 Nov 2022 20:11:15 -0500
Greg Wooledge  wrote:

> On Thu, Nov 24, 2022 at 06:17:23PM -0500, pa...@quillandmouse.com
> wrote:
> > On Thu, 24 Nov 2022 16:05:31 -0500
> > Jeremy Hendricks  wrote:
> > 
> > > I have no idea what you mean. It’s open source and you can analyze
> > > the code line by line.
> > 
> > Does that include the blobs we're forced to run to make Nvidia cards
> > run really well?
> 
> No.
> 

[snip]

> 
> > I also have to wonder why Ubuntu (a Debian derivative) seems to be
> > better at working on random hardware than straight Debian.
> 
> Ubuntu and Debian have different policies regarding non-free firmware
> and microcode.  Debian does not include these in the official
> installer, because they're not Free by Debian's definition.  Ubuntu
> has a more relaxed policy, and *does* include non-free firmware in its
> installer.
> 

[snip]

This was sort of my point. Jeremy objected that open source was
completely analyzable. And while this is true, it does require a
certain expertise to do so. We trust our "experts" (as in, not me) to do
that for us. However, my point was that, while FOSS is transparent,
some or much of the code you're running may be closed source, like
Nvidia's drivers and the graphics code for Broadcom Raspberry Pi chips.
I don't object to Debian's stance on this; it's principled. But
Ubuntu's policy points up that in order to live in the world of current
hardware, it is sometimes necessary to use proprietary blobs, which are
definitely *not* transparent. Not ideal, but there you have it.

Paul

-- 
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

Re: just saying

[tomas]

On Fri, Nov 25, 2022 at 04:35:25PM +, Andy Smith wrote:
> Hello,
> 
> On Fri, Nov 25, 2022 at 10:48:42AM +0100, to...@tuxteam.de wrote:
> > On Fri, Nov 25, 2022 at 09:21:51AM +, Andy Smith wrote:
> > > Nevertheless, not all of the licenses we might discuss in the context of
> > > this thread are considered Free by the FSF, so there is a need for other
> > > terminology.
> > 
> > Example?
> 
> There are plenty of licenses that allow viewing and reuse of the source,
> which some people might think of as being "open source", but contain
> other stipulations that FSF deem incompatible with their concept of Free
> Software.
> 
> Here's FSF's list:
> 
> https://www.gnu.org/licenses/license-list.html#NonFreeSoftwareLicenses

I know about this list. It kind of makes sense: each of those
licenses have restrictions on how one's supposed to distribute
the software (or a changed version thereof).

> I don't think there is (or could be) any that are OSDL-approved that
> could be considered by FSF as non-Free. But OSI's definition of what
> "open source" means isn't the same as everyone else's understanding of
> that word.
> 
> > Moreover, since this is a Debian list: is there anything DFSG
> > which isn't free according to the FSF definition?
> 
> I don't think that could happen,

That was my take, too.

>   but going the other way, there's
> GFDL-licensed documentation with invariant sections that say they must
> not be altered, which then makes them not-DFSG-free, so Debian strips
> them out of packages.

I knew that. That's unfortunate, but difficult to avoid.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: just saying

[tomas]

On Fri, Nov 25, 2022 at 12:29:07PM -0500, Stefan Monnier wrote:
> > I personally would expect every serious compiler in the world to have
> > been corrupted by one government or another.
> 
> FWIW, there are ways to circumvent/mitigate Ken's trusting-trust
> problem, e.g. https://dwheeler.com/trusting-trust/ who haven't found GCC
> to be victim of a trusting trust attack.
> 
> I suspect it's easier to get trojans in the BIOS of every PC out there.

Huh? I thought the BIOS /was/ the trojan ;-P

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: just saying

[tomas]

On Fri, Nov 25, 2022 at 12:38:01PM +0100, Mario Marietto wrote:
> Why not ? Think about this : you can put the malicious code where there is
> the lowest chance for someone to look.

And then, you can tie your shoes the wrong way, topple and fall.

Well, duh.

All that rambling is pretty useless if you don't go /look/ what
is out there.

Yes, source code injection is a thing. It seems to happen
every other week in node.js; nowadays PyPI seems also to
be active in that department.

If you care about your results, better find ways of, well,
auditing your code.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: just saying

[tomas]

On Fri, Nov 25, 2022 at 11:15:26AM +, Joe wrote:
> On Thu, 24 Nov 2022 16:05:31 -0500
> Jeremy Hendricks  wrote:
> 
> > I have no idea what you mean. It’s open source and you can analyze
> > the code line by line.
> > 
> You can analyse the *source* code. The machine code it allegedly
> produces cannot be analysed any more easily than can closed-source
> software. Assembler maps one-to-one to machine code, statements in a
> compiled language do not come close to that.
> 
> Ken Thompson showed how it's done nearly forty years ago:
> 
> https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf

Sigh. The world has moved on since then. If you quote this
(really good, seminal) article, you should at least know
about David A. Wheeler[0]'s "Countering Trusting Trust
through Diverse Double-Compiling (DDC] [1].

You might also be interested in the Reproducible Builds [2]
initiative (which is more and more important in Debian).

You'll never be able to actually /prove/ that the world out
there actually exists. But you can get that >< close.

Cheers

[0] https://dwheeler.com/dwheeler.html
[1] https://dwheeler.com/trusting-trust
[2] https://reproducible-builds.org/

-- 
t


signature.asc
Description: PGP signature

Re: just saying

[Stefan Monnier]

> I personally would expect every serious compiler in the world to have
> been corrupted by one government or another.

FWIW, there are ways to circumvent/mitigate Ken's trusting-trust
problem, e.g. https://dwheeler.com/trusting-trust/ who haven't found GCC
to be victim of a trusting trust attack.

I suspect it's easier to get trojans in the BIOS of every PC out there.


Stefan

Re: just saying

[Andy Smith]

Hello,

On Fri, Nov 25, 2022 at 10:48:42AM +0100, to...@tuxteam.de wrote:
> On Fri, Nov 25, 2022 at 09:21:51AM +, Andy Smith wrote:
> > Nevertheless, not all of the licenses we might discuss in the context of
> > this thread are considered Free by the FSF, so there is a need for other
> > terminology.
> 
> Example?

There are plenty of licenses that allow viewing and reuse of the source,
which some people might think of as being "open source", but contain
other stipulations that FSF deem incompatible with their concept of Free
Software.

Here's FSF's list:

https://www.gnu.org/licenses/license-list.html#NonFreeSoftwareLicenses

I don't think there is (or could be) any that are OSDL-approved that
could be considered by FSF as non-Free. But OSI's definition of what
"open source" means isn't the same as everyone else's understanding of
that word.

> Moreover, since this is a Debian list: is there anything DFSG
> which isn't free according to the FSF definition?

I don't think that could happen, but going the other way, there's
GFDL-licensed documentation with invariant sections that say they must
not be altered, which then makes them not-DFSG-free, so Debian strips
them out of packages.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: just saying

[Curt]

On 2022-11-25, Andy Smith  wrote:
>
> Frankly, this whole "the software is designed to take away my control
> and must be made that way by the concerted effort of dark forces!" thing
> sounds lke a thinly-veiled reference to one of Gene's favourite rants.

Sounds kind of like *The Matrix* to me, when you carry the thing to the
usual facetious extremes. 

> Cheers,
> Andy
>


-- 

Re: just saying

[Mario Marietto]

Why not ? Think about this : you can put the malicious code where there is
the lowest chance for someone to look. A lot of eyes are pointed at the
closed source,because there are less eyes that can look inside there (at
least less eyes than the eyes which look on the source code) and for this
reason the chance to hide it is high. But even the contrary can be true :
everyone knows that there are a lot of eyes which look inside the source
code and this can be the reason for someone to think that no one will look
if he/she thinks that there are a lot of eyes that look :D At the end,the
question is : are we sure that a lot of eyes look in some sections of the
open source code ? Everyone says that this happens for sure,but is this
really true ? Maybe a lot of eyes are pointed in some portions of the
code,but is it valid for every section of it ? I don't know if I managed to
make myself understood, because mine is an attempt to make a
counter-intuitive speech,since I've understood that the counterintuitive
speeches are often interesting.

Il giorno ven 25 nov 2022 alle ore 12:15 Joe  ha
scritto:

> On Thu, 24 Nov 2022 16:05:31 -0500
> Jeremy Hendricks  wrote:
>
> > I have no idea what you mean. It’s open source and you can analyze
> > the code line by line.
> >
> You can analyse the *source* code. The machine code it allegedly
> produces cannot be analysed any more easily than can closed-source
> software. Assembler maps one-to-one to machine code, statements in a
> compiled language do not come close to that.
>
> Ken Thompson showed how it's done nearly forty years ago:
>
>
> https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
>
> "You can't trust code that you did not totally create yourself.
> (Especially code from companies that employ people like me.) No
> amount of source-level verification or scrutiny will protect you
> from using untrusted code."
>
> I personally would expect every serious compiler in the world to have
> been corrupted by one government or another. If something nefarious can
> technically be done, a government will do it without a second thought.
>
> Look at it this way: would the CIA/FBI/MI5/etc. allow the use of Linux
> to put people beyond their surveillance?
>
> --
> Joe
>
>

-- 
Mario.

Re: just saying

[tomas]

On Fri, Nov 25, 2022 at 09:21:51AM +, Andy Smith wrote:
> Hello,
> 
> On Fri, Nov 25, 2022 at 06:01:30AM +0100, to...@tuxteam.de wrote:
> > Life is messy, alas. It's still better with Free Software (I much prefer
> > /that/ spelling than the always coy "open source", so there you go;
> > I think the latter was invented by spooks!).
> 
> Even worse than that! ESR was involved.

And Bruce Perens. But he thought it over, later.

> Nevertheless, not all of the licenses we might discuss in the context of
> this thread are considered Free by the FSF, so there is a need for other
> terminology.

Example?

Moreover, since this is a Debian list: is there anything DFSG
which isn't free according to the FSF definition?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: just saying

[Andy Smith]

Hello,

On Fri, Nov 25, 2022 at 06:01:30AM +0100, to...@tuxteam.de wrote:
> Life is messy, alas. It's still better with Free Software (I much prefer
> /that/ spelling than the always coy "open source", so there you go;
> I think the latter was invented by spooks!).

Even worse than that! ESR was involved.

Nevertheless, not all of the licenses we might discuss in the context of
this thread are considered Free by the FSF, so there is a need for other
terminology.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: just saying

[Thomas Schmitt]

Hi,

David wrote:
> I'm a spook, and proud of it!

A true rosicrucian like me would never admit to be one.


Have a nice day :)

Thomas

Re: just saying

[Nicolas George]

to...@tuxteam.de (12022-11-25):
> Life is messy, alas. It's still better with Free Software

So many people are unable to make that obvious reasoning. “SUVs are bad?
But you know, producing your bike polluted too, you're just as bad as
me!”

>   (I much prefer
> /that/ spelling than the always coy "open source", so there you go;
> I think the latter was invented by spooks!).

Hear, hear! Open Source is what Free Software becomes when it is
appropriated by industrials who want to ride the Public Relation boost
and benefit from all the gratis code without giving anything in return.

But there is even better than “Free Software”: Libre Software, because
it avoids all the “as in free beer” / “as in free speech” shenanigans.

Regards,

-- 
  Nicolas George

Re: just saying

[mick.crane]

On 2022-11-25 05:01, to...@tuxteam.de wrote:

On Thu, Nov 24, 2022 at 09:03:00PM +, mick.crane wrote:
I love open source, more than you might think, but I have a niggling 
feeling

it's been infiltrated to make user control difficult.


That is no different from everything else in society. There are spooks,
there are folks with good intentions, and sometimes, both sets overlap!

Then there are spooks from "this side", spooks from "the other side", 
and

some try to make you think someone else is a spook, although she ain't.

Life is messy, alas. It's still better with Free Software (I much 
prefer

/that/ spelling than the always coy "open source", so there you go;
I think the latter was invented by spooks!).


If I was a spook it's what I'd do.
Please prove me wrong.


There ain't nothing to prove. There /are/ spooks. But not everything
you see is the work of spooks. Take care, have good friends, and...
live your life.

All generalizations suck.


The cabbages glisten in the moonlight.
mick

Re: just saying

[David]

On Fri, Nov 25, 2022 at 06:07, to...@tuxteam.de wrote:

On Fri, Nov 25, 2022 at 12:01:52AM +0100, Mario Marietto wrote:
 For most users it makes no real difference using closed or open 
source

 code [...]


This is a very dangerous fallacy. Free software does make a
difference for all. I have installed and maintained free software
for many friends who at the time weren't up to the task to look
into it. Most of them are still using Gnu/Linux after years. One
of them even studied bioinformatics and is now in the position
to help others.

A rising tide floats all boats and all that.

So don't say such things without thinkiing before. Use your
brains.

Or are you one of the spooks Mick was talking about and are
trying to demoralize us?

;-)

(No, just kidding: I don't think that seriously)


I'm a spook, and proud of it!
I come from a long line of spooks and there are many of us on here.
There are secret signs we give out that the rest of you don't know 
about.
And, we're always watching to make sure you run a straight line on the 
one side.

Or the other ...
Cheers!

Re: just saying

[tomas]

On Fri, Nov 25, 2022 at 12:28:00AM +, Andy Smith wrote:
> Hello,
> 
> On Thu, Nov 24, 2022 at 09:03:00PM +, mick.crane wrote:
> > I love open source, more than you might think, but I have a niggling feeling
> > it's been infiltrated to make user control difficult.
> > If I was a spook it's what I'd do.
> > Please prove me wrong.
> 
> Conspiracy theories aren't falsifiable so there is no way to prove you
> wrong.

I don't think it's productive to shout the C word yet: there /are/
spooks (not a conspiracy theory) vs. "the whole world is made of
spooks" (definitely one) vs "all those spooks work for THEM and
are out to get ME" (probably a medical condition).

> We can come up with rational arguments as to why any such
> conspiracy is unlikely, but if you want to believe it you'll find a way.

Note that mick didn't go so far. You may read that insinuation in
his post, but then, you may also not.
> 
> I think the most obvious counter-argument is that it would be a waste of
> effort and human assets to put exploits in open source software where
> they stand a good chance of being found [...]

Even this has been done in the Linux kernel. There was one case
which made quite a splash.

> Frankly, this whole "the software is designed to take away my control
> and must be made that way by the concerted effort of dark forces!" thing
> sounds lke a thinly-veiled reference to one of Gene's favourite rants.

Sometimes it is. It would be foolish to deny that. Humans are
like that, trying to exert power on others, using every tool
we can get hold of. Even (GASP!) software.

Most of the time it ain't. And "THEM" is a very diverse bunch.

Things become conspiracy theory whenever I start to think that
"THEM" are all conspiring, i.e. all together.

Again, all generalizations suck :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: just saying

[tomas]

On Thu, Nov 24, 2022 at 06:17:23PM -0500, pa...@quillandmouse.com wrote:
> On Thu, 24 Nov 2022 16:05:31 -0500
> Jeremy Hendricks  wrote:
> 
> > I have no idea what you mean. It’s open source and you can analyze
> > the code line by line.
> 
> Does that include the blobs we're forced to run to make Nvidia cards
> run really well?

The brave folks at Nouveau [1] do exactly this: they try to reverse-
engineer whatever they can get hold of. Did you ever think of supporting
them?

> I also have to wonder why Ubuntu (a Debian derivative) seems to be
> better at working on random hardware than straight Debian. Ever tried
> to run straight Debian on a Raspberry Pi? I just wonder how much of
> what makes these other distros work is proprietary blobs of code. I
> could be wrong; I'm not an OS developer.

It is true that Ubuntu imposes on itself less restrictions than Debian.
I see this as a fruitful division of labor: Debian's strictness makes
it easy to make derivatives (as Ubuntu is one, but also as Devuan),
the latte explore places where Debian can't go. Ideas flow back. In
Ubuntu's case, Ubuntu provides a financial lifeline for more than
one Debian developer. Not bad, if you ask me.

Debian runs fine on Raspberry Pi. It does need a blob which runs on
Pi's graphic coprocessor (which strangely, also manages the boot
process). There are some reverse engineering projects around that,
which, of course, have been made easier because the Pi comes with
a Debian derivative, Raspbian. Raspi's chip maker, Broadcom, has
been slowly pushed into releasing more docs.

It's a slow work and requires patience and many people.

Cheers

[1] https://nouveau.freedesktop.org/
-- 
t


signature.asc
Description: PGP signature

Re: just saying

[tomas]

On Fri, Nov 25, 2022 at 12:01:52AM +0100, Mario Marietto wrote:
> For most users it makes no real difference using closed or open source
> code [...]

This is a very dangerous fallacy. Free software does make a
difference for all. I have installed and maintained free software
for many friends who at the time weren't up to the task to look
into it. Most of them are still using Gnu/Linux after years. One
of them even studied bioinformatics and is now in the position
to help others.

A rising tide floats all boats and all that.

So don't say such things without thinkiing before. Use your
brains.

Or are you one of the spooks Mick was talking about and are
trying to demoralize us?

;-)

(No, just kidding: I don't think that seriously)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: just saying

[tomas]

On Thu, Nov 24, 2022 at 09:03:00PM +, mick.crane wrote:
> I love open source, more than you might think, but I have a niggling feeling
> it's been infiltrated to make user control difficult.

That is no different from everything else in society. There are spooks,
there are folks with good intentions, and sometimes, both sets overlap!

Then there are spooks from "this side", spooks from "the other side", and
some try to make you think someone else is a spook, although she ain't.

Life is messy, alas. It's still better with Free Software (I much prefer
/that/ spelling than the always coy "open source", so there you go;
I think the latter was invented by spooks!).

> If I was a spook it's what I'd do.
> Please prove me wrong.

There ain't nothing to prove. There /are/ spooks. But not everything
you see is the work of spooks. Take care, have good friends, and...
live your life.

All generalizations suck.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: just saying

[Andy Smith]

Hello,

On Thu, Nov 24, 2022 at 08:08:46PM -0500, Jeffrey Walton wrote:
> On Thu, Nov 24, 2022 at 7:28 PM Andy Smith  wrote:
> > ...
> > I think the most obvious counter-argument is that it would be a waste of
> > effort and human assets to put exploits in open source software where
> > they stand a good chance of being found, while there is so much closed
> > source software (firmware, drivers, agents, …) and similar targets that
> > can be used instead. If you have a developer (or a whole corporation) in
> > your pocket, why do you want to burn them by having them put something
> > malicious in an open source project?
> 
> https://www.theregister.com/2003/11/07/linux_kernel_backdoor_blocked/

That isn't a conspiracy to design an entire application that is hostile
to the user, it was an example of an opportunistic attempt to insert a
backdoor by an anonymous identity with no standing within the project.
No conspiracy needed, and no assets burned.

It's also been tried many times since. It (submitting kernel patches
with security flaws in them) has even been tried by university
researchers to try to determine how easy or difficult it is for a paper.
The fact that it was quite easily spotted shows how fruitless this is
for the most part. And also shows how likely it is that closed source
software does contain these things, since far fewer people will ever be
able to tell.

It's obviously not impossible to slip something by from time to time,
it's just not that effective. Outside of cryptocurrency, anyway!

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: just saying

[Greg Wooledge]

On Thu, Nov 24, 2022 at 06:17:23PM -0500, pa...@quillandmouse.com wrote:
> On Thu, 24 Nov 2022 16:05:31 -0500
> Jeremy Hendricks  wrote:
> 
> > I have no idea what you mean. It’s open source and you can analyze
> > the code line by line.
> 
> Does that include the blobs we're forced to run to make Nvidia cards
> run really well?

No.

There are basically three types of "software" in a modern desktop or
laptop computer system:

 1) Firmware.
 2) Microcode.
 3) Everything else.

Firmware is "software" that gets loaded inside a device, such as a network
interface, or a graphics chipset.  It's executed by that device, and it
tells the device how to function.

Microcode is "software" that gets loaded inside the CPU, and is executed
by the internal portions of the CPU.  It's a lot like firmware for the CPU.

Everything else (boot loader, kernel, init system, services, applications,
and so on) gets executed by the CPU.  When we talk about a distribution
like Debian, this is the software that's in the Debian packages.

> I also have to wonder why Ubuntu (a Debian derivative) seems to be
> better at working on random hardware than straight Debian.

Ubuntu and Debian have different policies regarding non-free firmware
and microcode.  Debian does not include these in the official
installer, because they're not Free by Debian's definition.  Ubuntu has
a more relaxed policy, and *does* include non-free firmware in its
installer.

In addition to that, Ubuntu has a more frequent release cycle.  At any
given moment, on average, the "age" of Debian packages that matter
for hardware support (kernel, X server, Wayland, video drivers, graphics
libraries, etc.) is higher than the "age" of analogous Ubuntu packages.

Of course, right after a Debian release, the "age" of its packages is
going to be at a minimum, and Debian will be more likely to work on
(relatively) newer hardware at that point.  This changes over time, as
we get further away from the last stable release date.

Debian also has semi-official backported packages, that can help in many
of these cases.  See  for details.

Re: just saying

[Jeffrey Walton]

On Thu, Nov 24, 2022 at 7:28 PM Andy Smith  wrote:
> ...
> I think the most obvious counter-argument is that it would be a waste of
> effort and human assets to put exploits in open source software where
> they stand a good chance of being found, while there is so much closed
> source software (firmware, drivers, agents, …) and similar targets that
> can be used instead. If you have a developer (or a whole corporation) in
> your pocket, why do you want to burn them by having them put something
> malicious in an open source project?

https://www.theregister.com/2003/11/07/linux_kernel_backdoor_blocked/

Jeff

Re: just saying

[Nicholas Geovanis]

On Thu, Nov 24, 2022, 6:28 PM Mario Marietto  wrote:

> Everytime I say to someone That are skilled I always get the same reply.
> Im not. So what ? there arent skilled people all around anymore ? there are
> many. but likely they dont want to be called like this. Most of the times
> there isnt a large numbers of choices when the time to chose a job is came.
> Often it seems that something make the choice for you. And this choice can
> be different from what you would like to do. You cant really ignore that
> kind of calling. I think the bigger earning comes for example from the
> programmers that are close to linus,they can modify the linux source code,
> they work for big companies,they make the best earnings. A lot of linux
> users dont earn well. In theory the open source code gives an opportunity
> that the closed source does not give,but pratically this opportunity is
> reserved for a very small number of programmers that will earn few money.
>

And I think here is where you are losing the trail a bit. The business
world doesn't want to pay lots of expensive software developers. That's why
far less than 1% of the USA workforce work are  software developers.
Businesses want to solve the IT problems that they need solved. Authoring
new software to solve those problem is less necessary over time, yet more
expensive over time.

Open source did not make that situation, the evolution of technology made
it happen. Just because linux, say, may be the beneficiary of that
evolution, does not imply that linux-related employment is noticeable.

I suspect that you didnt understood what I mean with "socialyze' ; please
> read again.
>
> Il ven 25 nov 2022, 01:05 David  ha scritto:
>
>>
>>
>> On Fri, Nov 25, 2022 at 00:51, Mario Marietto 
>> wrote:
>>
>> you missed the fact that Im not Talking about you or about the users that
>> are very skilled. I use linux from the '90s and I never used one of the
>> tools you are using. But im not a total newbie. So,think About how many
>> categories of users can use linux without to have a good understanding
>> about what they are doing. Can they understand what part of the source code
>> does what ? open source code is not tailored for the majority of the linux
>> users. The real advantage is for the skilled programmers. So,this also
>> means that concepts like freedom and openess and security still sounds
>> good,but they can be implemented by the majority. This also mean that ok a
>> lot of users can use linux for free,but they have no access to the most
>> opportunities in terms of earnings. Infact I suspect that only few skilled
>> people can change the source code and commit the changes and only these
>> persons earns a lot of money. An interesting idea could be to socialize the
>> source code of linux with its applications. I mean,to create a method that
>> hellp every person with medium intellectual abilities to understand what
>> the souce code does to propose a bigger amount of changes. In this way
>> linux and the tools can grow in quality and quantity.
>>
>>
>> I'm not missing anything.
>> I am pointing out that I'm not skilled, other than a modest ability with
>> LaTeX.
>> If people want to become familiar with things on the code level, they
>> have that opportunity.
>> If they don't, they're going to have to depend on the abilities of those
>> who have, aren't they.
>> We all have our priorities, but at least with open source, the
>> opportunity is there.
>> Please show me where that facility is available with closed source code.
>> And, the vast majority of open source developers are not `earning big
>> money'.
>> They do it for the broader spectrum definition of wealth. And if you
>> don't think that the source code is socialised, I think you need to look at
>> your definitions.
>> I can't think of any other asset, off the top of my head which is
>> socialised to the same degree.
>> The code is the medium by way in which open source tools grow'.
>> It's not a paint by numbers scenario.
>> You are either prepared to learn the language or you are not.
>> No return without investment.
>> Cheers!
>>
>>
>> Il ven 25 nov 2022, 00:16 David  ha scritto:
>>
>>>
>>>
>>> On Fri, Nov 25, 2022 at 00:01, Mario Marietto 
>>> wrote:
>>>
>>> For most users it makes no real difference using closed or open source
>>> code,because yes,they can look inside the code,but to understand what the
>>> code does they need a master degree. So,for all these users,maybe it's a
>>> better idea to use the closed source OS,at least they will be able to use
>>> the OS in a more functional way. For sure someone else will work to find
>>> the backdoors,but again : a newbie will not be able to understand if a
>>> backdoor has been found or if their os is patched. They can only trust what
>>> the programmers say. At this point a psychological attitude is needed to
>>> gain the real advantage of the open source code : to believe in the
>>> good faith of the "good" programmers,but ehy,even this can be

Fwd: just saying

[Mario Marietto]

Its not totally wrong to think that the software do what it wants to do
even if you dont want. A software is a piece of code that respect the
directives of the creator, so its easy that it did what he wants and not
what you want. At least partially.

-- Forwarded message -
Da: Andy Smith 
Date: ven 25 nov 2022, 01:28
Subject: Re: just saying
To: 


Hello,

On Thu, Nov 24, 2022 at 09:03:00PM +, mick.crane wrote:
> I love open source, more than you might think, but I have a niggling
feeling
> it's been infiltrated to make user control difficult.
> If I was a spook it's what I'd do.
> Please prove me wrong.

Conspiracy theories aren't falsifiable so there is no way to prove you
wrong. We can come up with rational arguments as to why any such
conspiracy is unlikely, but if you want to believe it you'll find a way.

I think the most obvious counter-argument is that it would be a waste of
effort and human assets to put exploits in open source software where
they stand a good chance of being found, while there is so much closed
source software (firmware, drivers, agents, …) and similar targets that
can be used instead. If you have a developer (or a whole corporation) in
your pocket, why do you want to burn them by having them put something
malicious in an open source project?

Frankly, this whole "the software is designed to take away my control
and must be made that way by the concerted effort of dark forces!" thing
sounds lke a thinly-veiled reference to one of Gene's favourite rants.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: just saying

[Mario Marietto]

Everytime I say to someone That are skilled I always get the same reply. Im
not. So what ? there arent skilled people all around anymore ? there are
many. but likely they dont want to be called like this. Most of the times
there isnt a large numbers of choices when the time to chose a job is came.
Often it seems that something make the choice for you. And this choice can
be different from what you would like to do. You cant really ignore that
kind of calling. I think the bigger earning comes for example from the
programmers that are close to linus,they can modify the linux source code,
they work for big companies,they make the best earnings. A lot of linux
users dont earn well. In theory the open source code gives an opportunity
that the closed source does not give,but pratically this opportunity is
reserved for a very small number of programmers that will earn few money. I
suspect that you didnt understood what I mean with "socialyze' ; please
read again.

Il ven 25 nov 2022, 01:05 David  ha scritto:

>
>
> On Fri, Nov 25, 2022 at 00:51, Mario Marietto 
> wrote:
>
> you missed the fact that Im not Talking about you or about the users that
> are very skilled. I use linux from the '90s and I never used one of the
> tools you are using. But im not a total newbie. So,think About how many
> categories of users can use linux without to have a good understanding
> about what they are doing. Can they understand what part of the source code
> does what ? open source code is not tailored for the majority of the linux
> users. The real advantage is for the skilled programmers. So,this also
> means that concepts like freedom and openess and security still sounds
> good,but they can be implemented by the majority. This also mean that ok a
> lot of users can use linux for free,but they have no access to the most
> opportunities in terms of earnings. Infact I suspect that only few skilled
> people can change the source code and commit the changes and only these
> persons earns a lot of money. An interesting idea could be to socialize the
> source code of linux with its applications. I mean,to create a method that
> hellp every person with medium intellectual abilities to understand what
> the souce code does to propose a bigger amount of changes. In this way
> linux and the tools can grow in quality and quantity.
>
>
> I'm not missing anything.
> I am pointing out that I'm not skilled, other than a modest ability with
> LaTeX.
> If people want to become familiar with things on the code level, they have
> that opportunity.
> If they don't, they're going to have to depend on the abilities of those
> who have, aren't they.
> We all have our priorities, but at least with open source, the opportunity
> is there.
> Please show me where that facility is available with closed source code.
> And, the vast majority of open source developers are not `earning big
> money'.
> They do it for the broader spectrum definition of wealth. And if you don't
> think that the source code is socialised, I think you need to look at your
> definitions.
> I can't think of any other asset, off the top of my head which is
> socialised to the same degree.
> The code is the medium by way in which open source tools grow'.
> It's not a paint by numbers scenario.
> You are either prepared to learn the language or you are not.
> No return without investment.
> Cheers!
>
>
> Il ven 25 nov 2022, 00:16 David  ha scritto:
>
>>
>>
>> On Fri, Nov 25, 2022 at 00:01, Mario Marietto 
>> wrote:
>>
>> For most users it makes no real difference using closed or open source
>> code,because yes,they can look inside the code,but to understand what the
>> code does they need a master degree. So,for all these users,maybe it's a
>> better idea to use the closed source OS,at least they will be able to use
>> the OS in a more functional way. For sure someone else will work to find
>> the backdoors,but again : a newbie will not be able to understand if a
>> backdoor has been found or if their os is patched. They can only trust what
>> the programmers say. At this point a psychological attitude is needed to
>> gain the real advantage of the open source code : to believe in the good
>> faith of the "good" programmers,but ehy,even this can be hard for someone.
>>
>>
>> I use Debian, with LaTeX to supply templates for all my communication
>> needs, a good email programme in Geary which isn't any more than it needs
>> to be, a couple of browsers in Firefox and Falkon, and Gnumeric and
>> Calligra Words in case somebody who isn't au fait with the situation sends
>> me a Windows doc or Excel file.
>> In other words, I operate the OS in `a fully functional' way and haven't
>> needed any other OS since I switched when XP first came out, over two
>> decades ago.
>> I couldn't read a line of C to save myself.
>> Perhaps you are missing something?
>> Cheers!
>>
>

Re: just saying

[Andy Smith]

Hello,

On Thu, Nov 24, 2022 at 09:03:00PM +, mick.crane wrote:
> I love open source, more than you might think, but I have a niggling feeling
> it's been infiltrated to make user control difficult.
> If I was a spook it's what I'd do.
> Please prove me wrong.

Conspiracy theories aren't falsifiable so there is no way to prove you
wrong. We can come up with rational arguments as to why any such
conspiracy is unlikely, but if you want to believe it you'll find a way.

I think the most obvious counter-argument is that it would be a waste of
effort and human assets to put exploits in open source software where
they stand a good chance of being found, while there is so much closed
source software (firmware, drivers, agents, …) and similar targets that
can be used instead. If you have a developer (or a whole corporation) in
your pocket, why do you want to burn them by having them put something
malicious in an open source project?

Frankly, this whole "the software is designed to take away my control
and must be made that way by the concerted effort of dark forces!" thing
sounds lke a thinly-veiled reference to one of Gene's favourite rants.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: just saying

[David]

On Fri, Nov 25, 2022 at 00:51, Mario Marietto  
wrote:
you missed the fact that Im not Talking about you or about the users 
that are very skilled. I use linux from the '90s and I never used one 
of the tools you are using. But im not a total newbie. So,think About 
how many categories of users can use linux without to have a good 
understanding about what they are doing. Can they understand what 
part of the source code does what ? open source code is not tailored 
for the majority of the linux users. The real advantage is for the 
skilled programmers. So,this also means that concepts like freedom 
and openess and security still sounds good,but they can be 
implemented by the majority. This also mean that ok a lot of users 
can use linux for free,but they have no access to the most 
opportunities in terms of earnings. Infact I suspect that only few 
skilled people can change the source code and commit the changes and 
only these persons earns a lot of money. An interesting idea could be 
to socialize the source code of linux with its applications. I 
mean,to create a method that hellp every person with medium 
intellectual abilities to understand what the souce code does to 
propose a bigger amount of changes. In this way linux and the tools 
can grow in quality and quantity.


I'm not missing anything.
I am pointing out that I'm not skilled, other than a modest ability 
with LaTeX.
If people want to become familiar with things on the code level, they 
have that opportunity.
If they don't, they're going to have to depend on the abilities of 
those who have, aren't they.
We all have our priorities, but at least with open source, the 
opportunity is there.

Please show me where that facility is available with closed source code.
And, the vast majority of open source developers are not `earning big 
money'.
They do it for the broader spectrum definition of wealth. And if you 
don't think that the source code is socialised, I think you need to 
look at your definitions.
I can't think of any other asset, off the top of my head which is 
socialised to the same degree.

The code is the medium by way in which open source tools grow'.
It's not a paint by numbers scenario.
You are either prepared to learn the language or you are not.
No return without investment.
Cheers!



Il ven 25 nov 2022, 00:16 David > ha scritto:



On Fri, Nov 25, 2022 at 00:01, Mario Marietto 
mailto:marietto2...@gmail.com>> wrote:
For most users it makes no real difference using closed or open 
source code,because yes,they can look inside the code,but to 
understand what the code does they need a master degree. So,for all 
these users,maybe it's a better idea to use the closed source OS,at 
least they will be able to use the OS in a more functional way. For 
sure someone else will work to find the backdoors,but again : a 
newbie will not be able to understand if a backdoor has been found 
or if their os is patched. They can only trust what the programmers 
say. At this point a psychological attitude is needed to gain the 
real advantage of the open source code : to believe in thegood 
faith of the "good" programmers,but ehy,even this can be hard for 
someone.


I use Debian, with LaTeX to supply templates for all my 
communication needs, a good email programme in Geary which isn't any 
more than it needs to be, a couple of browsers in Firefox and 
Falkon, and Gnumeric and Calligra Words in case somebody who isn't 
au fait with the situation sends me a Windows doc or Excel file.
In other words, I operate the OS in `a fully functional' way and 
haven't needed any other OS since I switched when XP first came out, 
over two decades ago.

I couldn't read a line of C to save myself.
Perhaps you are missing something?
Cheers!

Re: just saying

[Mario Marietto]

you missed the fact that Im not Talking about you or about the users that
are very skilled. I use linux from the '90s and I never used one of the
tools you are using. But im not a total newbie. So,think About how many
categories of users can use linux without to have a good understanding
about what they are doing. Can they understand what part of the source code
does what ? open source code is not tailored for the majority of the linux
users. The real advantage is for the skilled programmers. So,this also
means that concepts like freedom and openess and security still sounds
good,but they can be implemented by the majority. This also mean that ok a
lot of users can use linux for free,but they have no access to the most
opportunities in terms of earnings. Infact I suspect that only few skilled
people can change the source code and commit the changes and only these
persons earns a lot of money. An interesting idea could be to socialize the
source code of linux with its applications. I mean,to create a method that
hellp every person with medium intellectual abilities to understand what
the souce code does to propose a bigger amount of changes. In this way
linux and the tools can grow in quality and quantity.

Il ven 25 nov 2022, 00:16 David  ha scritto:

>
>
> On Fri, Nov 25, 2022 at 00:01, Mario Marietto 
> wrote:
>
> For most users it makes no real difference using closed or open source
> code,because yes,they can look inside the code,but to understand what the
> code does they need a master degree. So,for all these users,maybe it's a
> better idea to use the closed source OS,at least they will be able to use
> the OS in a more functional way. For sure someone else will work to find
> the backdoors,but again : a newbie will not be able to understand if a
> backdoor has been found or if their os is patched. They can only trust what
> the programmers say. At this point a psychological attitude is needed to
> gain the real advantage of the open source code : to believe in the good
> faith of the "good" programmers,but ehy,even this can be hard for someone.
>
>
> I use Debian, with LaTeX to supply templates for all my communication
> needs, a good email programme in Geary which isn't any more than it needs
> to be, a couple of browsers in Firefox and Falkon, and Gnumeric and
> Calligra Words in case somebody who isn't au fait with the situation sends
> me a Windows doc or Excel file.
> In other words, I operate the OS in `a fully functional' way and haven't
> needed any other OS since I switched when XP first came out, over two
> decades ago.
> I couldn't read a line of C to save myself.
> Perhaps you are missing something?
> Cheers!
>

Re: just saying

[Larry Martell]

On Thu, Nov 24, 2022 at 4:53 PM Alain D D Williams 
wrote:

> On Thu, Nov 24, 2022 at 04:05:31PM -0500, Jeremy Hendricks wrote:
> > I have no idea what you mean. It’s open source and you can analyze the
> code
> > line by line.
>
> Very true ... but how much code have you analyzed line by line


Over the course of my career, literally hundreds of thousands of lines.

>
>

Re: just saying

[paulf]

On Thu, 24 Nov 2022 16:05:31 -0500
Jeremy Hendricks  wrote:

> I have no idea what you mean. It’s open source and you can analyze
> the code line by line.

Does that include the blobs we're forced to run to make Nvidia cards
run really well?

I also have to wonder why Ubuntu (a Debian derivative) seems to be
better at working on random hardware than straight Debian. Ever tried
to run straight Debian on a Raspberry Pi? I just wonder how much of
what makes these other distros work is proprietary blobs of code. I
could be wrong; I'm not an OS developer.

Paul

-- 
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

Re: just saying

[David]

On Fri, Nov 25, 2022 at 00:01, Mario Marietto  
wrote:
For most users it makes no real difference using closed or open 
source code,because yes,they can look inside the code,but to 
understand what the code does they need a master degree. So,for all 
these users,maybe it's a better idea to use the closed source OS,at 
least they will be able to use the OS in a more functional way. For 
sure someone else will work to find the backdoors,but again : a 
newbie will not be able to understand if a backdoor has been found or 
if their os is patched. They can only trust what the programmers say. 
At this point a psychological attitude is needed to gain the real 
advantage of the open source code : to believe in thegood faith of 
the "good" programmers,but ehy,even this can be hard for someone.


I use Debian, with LaTeX to supply templates for all my communication 
needs, a good email programme in Geary which isn't any more than it 
needs to be, a couple of browsers in Firefox and Falkon, and Gnumeric 
and Calligra Words in case somebody who isn't au fait with the 
situation sends me a Windows doc or Excel file.
In other words, I operate the OS in `a fully functional' way and 
haven't needed any other OS since I switched when XP first came out, 
over two decades ago.

I couldn't read a line of C to save myself.
Perhaps you are missing something?
Cheers!

Re: just saying

[Alain D D Williams]

On Thu, Nov 24, 2022 at 10:43:19PM +, Peter von Kaehne wrote:
> 
> > 
> > Even if you have it can be very hard to find carefully constructed back 
> > doors.
> 
> Shrug.. as opposed to installing closed source programmes where you know you 
> are spied upon ? Which may of course have back doors but thanks tk being 
> closed you I’ll not even learn about? 

OK - I agree with you. FLOSS is much better from that point of view; my point
was that FLOSS is not a guarantee. The OP was talking about spooks, these guys
are well funded and capable of producing hard to detect back doors.

FLOSS is also more resistant to a government bribing or strong arming a closed
source company to include a spook produced back door.

"much better" != "perfect" - ie vigilance is still needed.

> > Some code has been carefully looked at but most has not.
> > 
> >>> On Thu, Nov 24, 2022 at 4:03 PM mick.crane  wrote:
> >>> 
> >>> I love open source, more than you might think, but I have a niggling
> >>> feeling it's been infiltrated to make user control difficult.
> >>> If I was a spook it's what I'd do.
> >>> Please prove me wrong.
> >>> mick

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: just saying

[Mario Marietto]

For most users it makes no real difference using closed or open source
code,because yes,they can look inside the code,but to understand what the
code does they need a master degree. So,for all these users,maybe it's a
better idea to use the closed source OS,at least they will be able to use
the OS in a more functional way. For sure someone else will work to find
the backdoors,but again : a newbie will not be able to understand if a
backdoor has been found or if their os is patched. They can only trust what
the programmers say. At this point a psychological attitude is needed to
gain the real advantage of the open source code : to believe in the good
faith of the "good" programmers,but ehy,even this can be hard for someone.

Il giorno gio 24 nov 2022 alle ore 23:43 Peter von Kaehne 
ha scritto:

>
> >
> > Even if you have it can be very hard to find carefully constructed back
> doors.
>
> Shrug.. as opposed to installing closed source programmes where you know
> you are spied upon ? Which may of course have back doors but thanks tk
> being closed you I’ll not even learn about?
>
>
>
>
>
>
> >
> > Some code has been carefully looked at but most has not.
> >
> >>> On Thu, Nov 24, 2022 at 4:03 PM mick.crane 
> wrote:
> >>>
> >>> I love open source, more than you might think, but I have a niggling
> >>> feeling it's been infiltrated to make user control difficult.
> >>> If I was a spook it's what I'd do.
> >>> Please prove me wrong.
> >>> mick
> >>>
> >>>
> >
> > --
> > Alain Williams
> > Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer,
> IT Lecturer.
> > +44 (0) 787 668 0256  https://www.phcomp.co.uk/
> > Parliament Hill Computers Ltd. Registration Information:
> https://www.phcomp.co.uk/Contact.html
> > #include 
> >
>
>

-- 
Mario.

Re: just saying

[Jeremy Hendricks]

This is my point of view also.

On Thu, Nov 24, 2022 at 5:43 PM Peter von Kaehne  wrote:

>
> >
> > Even if you have it can be very hard to find carefully constructed back
> doors.
>
> Shrug.. as opposed to installing closed source programmes where you know
> you are spied upon ? Which may of course have back doors but thanks tk
> being closed you I’ll not even learn about?
>
>
>
>
>
>
> >
> > Some code has been carefully looked at but most has not.
> >
> >>> On Thu, Nov 24, 2022 at 4:03 PM mick.crane 
> wrote:
> >>>
> >>> I love open source, more than you might think, but I have a niggling
> >>> feeling it's been infiltrated to make user control difficult.
> >>> If I was a spook it's what I'd do.
> >>> Please prove me wrong.
> >>> mick
> >>>
> >>>
> >
> > --
> > Alain Williams
> > Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer,
> IT Lecturer.
> > +44 (0) 787 668 0256  https://www.phcomp.co.uk/
> > Parliament Hill Computers Ltd. Registration Information:
> https://www.phcomp.co.uk/Contact.html
> > #include 
> >
>
>

Re: just saying

[Peter von Kaehne]

> 
> Even if you have it can be very hard to find carefully constructed back doors.

Shrug.. as opposed to installing closed source programmes where you know you 
are spied upon ? Which may of course have back doors but thanks tk being closed 
you I’ll not even learn about? 






> 
> Some code has been carefully looked at but most has not.
> 
>>> On Thu, Nov 24, 2022 at 4:03 PM mick.crane  wrote:
>>> 
>>> I love open source, more than you might think, but I have a niggling
>>> feeling it's been infiltrated to make user control difficult.
>>> If I was a spook it's what I'd do.
>>> Please prove me wrong.
>>> mick
>>> 
>>> 
> 
> -- 
> Alain Williams
> Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
> Lecturer.
> +44 (0) 787 668 0256  https://www.phcomp.co.uk/
> Parliament Hill Computers Ltd. Registration Information: 
> https://www.phcomp.co.uk/Contact.html
> #include 
> 

Re: just saying

[Alain D D Williams]

On Thu, Nov 24, 2022 at 04:05:31PM -0500, Jeremy Hendricks wrote:
> I have no idea what you mean. It’s open source and you can analyze the code
> line by line.

Very true ... but how much code have you analyzed line by line ?

Even if you have it can be very hard to find carefully constructed back doors.

Some code has been carefully looked at but most has not.

> On Thu, Nov 24, 2022 at 4:03 PM mick.crane  wrote:
> 
> > I love open source, more than you might think, but I have a niggling
> > feeling it's been infiltrated to make user control difficult.
> > If I was a spook it's what I'd do.
> > Please prove me wrong.
> > mick
> >
> >

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT 
Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: 
https://www.phcomp.co.uk/Contact.html
#include 

Re: just saying

[Jeremy Hendricks]

I have no idea what you mean. It’s open source and you can analyze the code
line by line.

On Thu, Nov 24, 2022 at 4:03 PM mick.crane  wrote:

> I love open source, more than you might think, but I have a niggling
> feeling it's been infiltrated to make user control difficult.
> If I was a spook it's what I'd do.
> Please prove me wrong.
> mick
>
>

just saying

[mick.crane]

I love open source, more than you might think, but I have a niggling 
feeling it's been infiltrated to make user control difficult.

If I was a spook it's what I'd do.
Please prove me wrong.
mick