Hacker News new | ask | show | jobs
by Diederich 3413 days ago
I totally agree with you.

From your initial comment, I got the impression that you were claiming that closed source software could not be excellent..meaning secure.

By the way, I'm a big GPL/free software nut. However, I understand the place of closed source software, and under the right circumstances, it can indeed be excellent.
1 comments
peatmoss 3413 days ago
This is where I've come around to appreciating the FSF's moral argument for Free software a bit more than the instrumental-utility argument of the Open Source movement.

Open Source can be bad, in terms of quality. Closed source can be good, in terms of quality.

Security is an interesting case where I don't believe that you can be trustworthy and closed. Could the code be good? Yes. Can I validate in any meaningful sense that it doesn't violate my expectations? No.

Of course it's possible to have obfuscated malicious behavior in Free/Open Source software. But, there is at least the possibility of descovery of such defects. With closed source, there isn't.

link
Diederich 3412 days ago
We'll have to diverge a little, then, but not too much.

In some cases, such as the security sensitive code written at Google, there are far more eyes on the code than there are with all too much of the critical, security sensitive open source code.

In my mind, it's a matter of alignment of interests.

For the cases of 'run of the mill' security questions, such as buffer overflows, password leaks and the like, Google, Facebook and I have fully aligned interests. None of us want those things in anybody's code.

Things get harder for other security questions, such as data collection, and cooperation with surveillance, legal and otherwise.

In the latter case, state surveillance, Google (and other like entities) have interests that are mostly aligned with mine, but not entirely. They're pushing back on warrant-less, Patriot Act type crap, while efficiently complying with traditional directed warrant disclosures. (As far as we know!)

Fully open source and free software will almost always have full alignment with my interests, and so is better in that regard.

As far as code-level bugs, I think the general rule is that closed source code is pretty poor at companies, with a few notable exceptions, where I think things are a heck of a lot better.

Finally: Wow, I just reminded myself that this thread talking about a new Amazon product. Crazy. (:

link