3 Feb
2025
3 Feb
'25
1:01 p.m.
To all, i do think the meaning of “Safer” needs to be explained in the context of this
debate.
Sent from my iPhone
On Feb 3, 2025, at 12:57, Ethan Dicks via cctalk
<cctalk(a)classiccmp.org> wrote:
On Mon, Feb 3, 2025 at 2:08 PM Donald Whittemore via cctalk
<cctalk(a)classiccmp.org> wrote:
I am an old mainframe guy. I could give you my
COBOL deck of cards or the compile listing. You could pour through the code looking for
nefarious/malicious code. I then hand you the object deck. You have no idea if it matches
the code you looked at. The only way you could be sure is to compile the code I gave you
and use your own object deck.
That's basically true but "why Open Source" goes way beyond that.
From the start, Open Source wasn't focused on "this is good for
security" but "I should have the right to repair". In the face of
100% proprietary software, users have to beg the vendor to fix bugs,
add features, then there's what happens to products that are abandoned
and the OS moves on and updates are mandatory (system calls, adding
SMP spinlocking (done that myself), and more).
At the root of Open Source is you, the user, have the right to the source code.
In the early days, that's as far as it went but especially after the
Morris Worm, security became very important, Open Source afforded
users the ability to inspect the code for vulnerabilities in ways that
you could not if all you had was the binaries.
.
So why is open source these days such a
beneficial thing?
Because it allows those folks with skills (or money to hire out) the
_ability_ to modify software, to build on the work of others. Now,
it's not just one person or company writing code, anyone it touches
can have a shot.
DeepSeek may be open source but I have no way to
create my own executable. Besides, I don’t know what language it is written in but I bet I
have no expertise in it. No way to for me to identify nasty code.
Not all things are for all people. I don't know COBOL (I decided that
back in 1978) so I would be the wrong person to evaluate or extend
that, but there's plenty of stuff I can and do work on. I'm a
contributor to several Open Source projects. I'm happy to help on
them because I have the skills and I have the interest. Not everyone
does. Some people just download and consume, and that's fine too.
Yes, many people may have reviewed the code but
that does not mean what I am running is the result of that code.
That's on you.
-ethan