ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    RemixOS -- Android for the PC

    IT Discussion
    android desktop android
    12
    131
    42.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @Kelly
      last edited by

      @Kelly said:

      I get that you're happy with your phone and Nexus @johnhooks. That is fine with me. I have my platform preference, and I'm happy to explain what it is and why, but I don't think it is germane to this discussion.

      Actually I think it is germane. What makes any platform potentially more secure than the Nexus (again assuming that all code it comes with from the factory is 100% open source)?

      KellyK 1 Reply Last reply Reply Quote 0
      • DashrenderD
        Dashrender
        last edited by

        I feel like we've had this discussion before. What makes open source fundamentally more secure than closed source? The fact that more eyes can be on it? But like my example of Open SSL, it was out there, for 15 years, and no one looked at it, at least, no one reported it.

        For that case I'd argue that closed source is more secure because at least you have to hack on it to find the problems, with open source, you can go digging for problems in the code directly, and then exploit them.

        It's probably a tit for tat type thing.

        scottalanmillerS stacksofplatesS 4 Replies Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said:

          I feel like we've had this discussion before. What makes open source fundamentally more secure than closed source? The fact that more eyes can be on it? But like my example of Open SSL, it was out there, for 15 years, and no one looked at it, at least, no one reported it.

          What you are missing is that that example in no way whatsoever disputes the point that open source is more secure. Open source is simply a more secure method. There is no means of disputing it with examples. It covers every possible means of making closed source secure and adds more. No number of examples are relevant.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by

            @Dashrender said:

            For that case I'd argue that closed source is more secure because at least you have to hack on it to find the problems, with open source, you can go digging for problems in the code directly, and then exploit them.

            That's not the correct logical assumption. People have access to the code of closed source, just not the right people.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Dashrender
              last edited by

              @Dashrender said:

              It's probably a tit for tat type thing.

              Not really. Open source is critical for good security. Closed source is fundamentally abhorrent to security.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller
                last edited by

                Any argument that closed source has a benefit, is simply a rewording of a belief in security through obscurity. If you want to argue that obscurity is the premier security methodology, do so openly discussing it as obscurity. Trying to hide it in a discussion of closed source is misleading and confusing.

                Unless you disagree with the idea that obscurity is the enemy of security and that security through obscurity is a myth, then I don't see how closed source could be seen as in any way logically security minded.

                1 Reply Last reply Reply Quote 0
                • stacksofplatesS
                  stacksofplates @Dashrender
                  last edited by

                  @Dashrender said:

                  I feel like we've had this discussion before. What makes open source fundamentally more secure than closed source? The fact that more eyes can be on it? But like my example of Open SSL, it was out there, for 15 years, and no one looked at it, at least, no one reported it.

                  For that case I'd argue that closed source is more secure because at least you have to hack on it to find the problems, with open source, you can go digging for problems in the code directly, and then exploit them.

                  It's probably a tit for tat type thing.

                  What if the shoe was on the other foot. What if it heartbleed was closed source developed by Microsoft? Would it have been fixed, and how long would it have taken to be fixed?

                  With heartbleed it was discovered and patched in the same day, and you could update immediately. Would Microsoft send out an update immediately or would you have to wait until patch tuesday?

                  scottalanmillerS 1 Reply Last reply Reply Quote 1
                  • DashrenderD
                    Dashrender
                    last edited by

                    I agree that security through obscurity is a myth.

                    And that Open Source proves everything closed does plus more.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @stacksofplates
                      last edited by

                      @johnhooks said:

                      What if the shoe was on the other foot. What if it heartbleed was closed source developed by Microsoft? Would it have been fixed, and how long would it have taken to be fixed?

                      With heartbleed it was discovered and patched in the same day, and you could update immediately. Would Microsoft send out an update immediately or would you have to wait until patch tuesday?

                      More importantly... how often HAS THIS HAPPENED and we weren't told? How many times were these same vulnerabilities or ones like them fixed or even ignored internally with closed source?

                      The idea that open source being open with vulnerabilities and reporting them being bad is way off base. It highlights just how security open source is, not how bad it is. It shows how much risk we are under from closed source not needing to tell us things like this.

                      stacksofplatesS 1 Reply Last reply Reply Quote 2
                      • stacksofplatesS
                        stacksofplates @scottalanmiller
                        last edited by

                        @scottalanmiller said:

                        @johnhooks said:

                        What if the shoe was on the other foot. What if it heartbleed was closed source developed by Microsoft? Would it have been fixed, and how long would it have taken to be fixed?

                        With heartbleed it was discovered and patched in the same day, and you could update immediately. Would Microsoft send out an update immediately or would you have to wait until patch tuesday?

                        More importantly... how often HAS THIS HAPPENED and we weren't told? How many times were these same vulnerabilities or ones like them fixed or even ignored internally with closed source?

                        The idea that open source being open with vulnerabilities and reporting them being bad is way off base. It highlights just how security open source is, not how bad it is. It shows how much risk we are under from closed source not needing to tell us things like this.

                        And how many times have they been fixed within another patch. You have to trust that the patch is what they tell you it is. Why couldn't they say KB800348 fixes an error in MS Paint when it's actually "oh we accidentally hardcoded leaving port 3389 open?"

                        DashrenderD 1 Reply Last reply Reply Quote 1
                        • stacksofplatesS
                          stacksofplates
                          last edited by

                          Here's another good example:

                          http://arstechnica.com/security/2016/01/et-tu-fortinet-hard-coded-password-raises-new-backdoor-eavesdropping-fears/

                          1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @stacksofplates
                            last edited by

                            @johnhooks said:

                            @scottalanmiller said:

                            @johnhooks said:

                            What if the shoe was on the other foot. What if it heartbleed was closed source developed by Microsoft? Would it have been fixed, and how long would it have taken to be fixed?

                            With heartbleed it was discovered and patched in the same day, and you could update immediately. Would Microsoft send out an update immediately or would you have to wait until patch tuesday?

                            More importantly... how often HAS THIS HAPPENED and we weren't told? How many times were these same vulnerabilities or ones like them fixed or even ignored internally with closed source?

                            The idea that open source being open with vulnerabilities and reporting them being bad is way off base. It highlights just how security open source is, not how bad it is. It shows how much risk we are under from closed source not needing to tell us things like this.

                            And how many times have they been fixed within another patch. You have to trust that the patch is what they tell you it is. Why couldn't they say KB800348 fixes an error in MS Paint when it's actually "oh we accidentally hardcoded leaving port 3389 open?"

                            Does that really matter?

                            The days of picking and choosing what updates to install seem over. you should install them all. At least if they are security updates, boy I hope they aren't lying about that!

                            scottalanmillerS stacksofplatesS 2 Replies Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said:

                              @johnhooks said:

                              @scottalanmiller said:

                              @johnhooks said:

                              What if the shoe was on the other foot. What if it heartbleed was closed source developed by Microsoft? Would it have been fixed, and how long would it have taken to be fixed?

                              With heartbleed it was discovered and patched in the same day, and you could update immediately. Would Microsoft send out an update immediately or would you have to wait until patch tuesday?

                              More importantly... how often HAS THIS HAPPENED and we weren't told? How many times were these same vulnerabilities or ones like them fixed or even ignored internally with closed source?

                              The idea that open source being open with vulnerabilities and reporting them being bad is way off base. It highlights just how security open source is, not how bad it is. It shows how much risk we are under from closed source not needing to tell us things like this.

                              And how many times have they been fixed within another patch. You have to trust that the patch is what they tell you it is. Why couldn't they say KB800348 fixes an error in MS Paint when it's actually "oh we accidentally hardcoded leaving port 3389 open?"

                              Does that really matter?

                              The days of picking and choosing what updates to install seem over. you should install them all. At least if they are security updates, boy I hope they aren't lying about that!

                              It matters when you start pointing out open source reports. Because the closed source ones don't get reported. So pointing out an open source one forces us to discuss all the ways that this can be buried in the closed source world.

                              1 Reply Last reply Reply Quote 0
                              • hobbit666H
                                hobbit666
                                last edited by

                                Downloaded, unzipped, created USB didn't boot lol.
                                Will have a play later

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller
                                  last edited by

                                  The thing is, you should have reacted to OpenSSH announcing the bug with these thoughts:

                                  • Damn, software is hard and any software could have massive bugs that no one has seen yet!
                                  • It's so awesome that this is open source and this wasn't hidden from the end users!
                                  • Open source is amazing, this was announce and fixed the same day!
                                  • OMG, imagine if this was closed source, we'd be in so much danger!
                                  1 Reply Last reply Reply Quote 0
                                  • stacksofplatesS
                                    stacksofplates @Dashrender
                                    last edited by stacksofplates

                                    @Dashrender said:

                                    @johnhooks said:

                                    @scottalanmiller said:

                                    @johnhooks said:

                                    What if the shoe was on the other foot. What if it heartbleed was closed source developed by Microsoft? Would it have been fixed, and how long would it have taken to be fixed?

                                    With heartbleed it was discovered and patched in the same day, and you could update immediately. Would Microsoft send out an update immediately or would you have to wait until patch tuesday?

                                    More importantly... how often HAS THIS HAPPENED and we weren't told? How many times were these same vulnerabilities or ones like them fixed or even ignored internally with closed source?

                                    The idea that open source being open with vulnerabilities and reporting them being bad is way off base. It highlights just how security open source is, not how bad it is. It shows how much risk we are under from closed source not needing to tell us things like this.

                                    And how many times have they been fixed within another patch. You have to trust that the patch is what they tell you it is. Why couldn't they say KB800348 fixes an error in MS Paint when it's actually "oh we accidentally hardcoded leaving port 3389 open?"

                                    Does that really matter?

                                    The days of picking and choosing what updates to install seem over. you should install them all. At least if they are security updates, boy I hope they aren't lying about that!

                                    It's not that it matters in this context whether you apply the update, but whether they were forthcoming about it or not. If they say we released a patch for MS paint, you wouldn't think twice. But if they said "oh we accidentally hard coded a backup password for the admin as 12345" then you would most likely be concerned that someone had been in your system.

                                    If that's the case, why even explain what the patches are for, just blindly accept them, and then when it breaks WSUS like it did that one time you can't do much about it, and hope they they give you another fix.

                                    1 Reply Last reply Reply Quote 0
                                    • KellyK
                                      Kelly @Dashrender
                                      last edited by

                                      @Dashrender said:

                                      @Kelly said:

                                      I get that you're happy with your phone and Nexus @johnhooks. That is fine with me. I have my platform preference, and I'm happy to explain what it is and why, but I don't think it is germane to this discussion.

                                      Actually I think it is germane. What makes any platform potentially more secure than the Nexus (again assuming that all code it comes with from the factory is 100% open source)?

                                      I said that my preferred platform (never referenced relative levels of security) is not germane. Again, relative security should not be a standard we allow vendors to rest on. It doesn't matter which platform is the most secure (from the perspective of trying to be secure, not purchasing), but whether or not a specific vendor has a secure product and is continuing to secure it in a timely and proactive manner.

                                      1 Reply Last reply Reply Quote 0
                                      • quicky2gQ
                                        quicky2g @DustinB3403
                                        last edited by

                                        @DustinB3403 said:

                                        @Kelly said:

                                        There aren't easy or cheap solutions, but not doing anything is worse. Maybe we should make carriers fiscally responsible for identity breaches provably caused by out of date OS versions.

                                        How would you force the update on the phone, constant prompting, and after so many prompts it's just forced?

                                        I'd rather suck dog farts than have my rooted Samsung phone updated automatically and go back to stock bloatware that I can't rid of.

                                        DustinB3403D 1 Reply Last reply Reply Quote 1
                                        • DustinB3403D
                                          DustinB3403 @quicky2g
                                          last edited by

                                          @quicky2g said:

                                          @DustinB3403 said:

                                          @Kelly said:

                                          There aren't easy or cheap solutions, but not doing anything is worse. Maybe we should make carriers fiscally responsible for identity breaches provably caused by out of date OS versions.

                                          How would you force the update on the phone, constant prompting, and after so many prompts it's just forced?

                                          I'd rather suck dog farts than have my rooted Samsung phone updated automatically and go back to stock bloatware that I can't rid of.

                                          Exactly.

                                          1 Reply Last reply Reply Quote 0
                                          • mlnewsM
                                            mlnews
                                            last edited by

                                            http://news.softpedia.com/news/remix-os-brings-android-as-a-linux-desktop-and-it-s-available-for-download-screenshot-tour-498808.shtml

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 3 / 7
                                            • First post
                                              Last post