[pingou]

I know most people here hate that, but I think this makes a much stronger case for security by obscurity (not releasing the source code) in these changing times.

Of course security by obscurity by itself is by no mean sufficient.

[whynotmaybe]

How?

In the 90's most software was closed source but cracks/trainer were always available.

Even for Rayman that had multiple (26?) cd-check during the game.

Security is mainly slowing the attacker because there's a maximum amount of stuff a human can do in 24hours. But now if you can simulate thousands of human attacking a system in different ways, it will crack.

Just like many stores have lock on their doors and, insurance if someone breaks the lock.

I'm guessing data security insurance will become a huge market in the years to come.

[pingou]

Aren't we in agreement then? Taking your lock analogy again, people don't put locks on their bikes because they protect them completely, but because they slow down someone who wants to steal them. Given enough resources everything will be cracked, it doesn't mean that making it harder is useless. People cracking games in the 90's may not have had the source code but they had the machine code and knew what to look for and where.

[iugtmkbdfil834]

I think part of the concern is that it turns into truly unmaintainable arms that might evolve in some unpredictable ways with potential branches like:

- a lot of open source goes closed source to increase security - open source is effectively forced to use LLM to keep up

I am not really arguing against it, because I understand the arguments on both ends and I am not sure what a good solution here is.

[RadiozRadioz]

This is assuming that project owners and good actors won't also be using LLM tools to protect open code.

Open does not mean vulnerable, open simply means it's a more obvious cat-and-mouse game.

[pingou]

I absolutely assume that project owners will use LLM tools to protect themselves, but it seems like it whoever spends more will find more security issues. And potentially a malicious actor could decide to spend more tokens on one specific part of the program, while the owner has to protect everything. I think with open source the idea is that there are more eyes looking at the potential problems, and more of those eyes are benevolent, but LLM change that as it's not about the number of people but whoever is ready to spend the most resources.