• EthicalAI@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I think FOSS is enough because as long as you can fully read the code, it can be audited and even forked to remove BS. So I’m fine with companies developing FOSS. I don’t even really care about EEE. We can always maintain a fork of the standard at the moment you fucked with it. We can even still get your upstream changes just with the shit cherry picked out! It’s always a win.

    • IriYan@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Have you audited any of it? Would you like to try gcc or systemd for that matter? By the time you go through 1% of it the code has changed already. How many times in the past years has tremendous security breaches been caused by FOSS and was discovered months after it was in effect, and some of this by coincidence, or corporate teams that review code.

      • EthicalAI@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        The fact I haven’t doesn’t mean I can’t read auditors who have, who do keep track of these changes. Zero days are usually caused by things no one noticed, not things that were intentionally added by corporate overlords to spy or back door a FOSS app.

        • IriYan@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Speck was pushed and provided by Google to linux, they added the content to the kernel having your naive belief, it was later found containing a backdoor to ALL systems, and Google raised their hands up and said it was passed to us by NSA. Is this what happened? Or did I dream all this up?

          Facebook provided 0 FOSS, not a bit, suddenly they make an algorithm they “bought” including the author, and make it foss, to build it it needs google software, like a bush fire more than half of distributions adopt it and all data provided as comparative to xz are false, based on poor use of xz to make zstd appear better, while still admitting zstd can never attain the level of compression, but it is fast (ONLY when xz is run on a single thread while zstd is multithread by default). They claim xz sums are different when run on 1 cpu or many, still not true.

          Just wait for that bomb to explode, the guy who wrote the code for zstd doesn’t seem possible to have enough knowledge to write it, he appears as a front for something.

          Things that smell like shit don’t have to be actually tasted to be called shit.