Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
view the rest of the comments
What is more secure, a secret knock or an actual lock?
The lock is something that everyone can lookup, research and learn about. Sure, it means that people can learn to lockpick, but a well designed lock can stumble even the best lockpicks.
A secret knock is not secure at all, it sounds secure but in reality it is just obscure, and if anyone learns it or it's simple enough to guess, it becomes meaningless. Even a bad lock will show signs that it was picked.
So that's an analogy, here is the actual explanation:
Let's assume we have a closed source product named C and an open source product named O and that the security and quality of the code is the same. Both products are compiled and have been in active development for years. Both products have a total of 2 different people going over the code change of each new version, one person writes it, another reviews the code and approves it. After years of development you probably have about 10 people in total who have actually seen the code, anything that they missed will go unnoticed, any corners that they decided to cut will be approved, any bad decisions that they made will not be criticized. Here is where C and O differ: C will forever stay in this situation, only getting feedback rarely from researchers who found vulnerabilities and decided to report them. O will get small parts of it reviewed by hundreds of developers, and maybe even fully reviewed by a few people. Any corners that O cuts will be criticized, any backdoor that O tries to implemented will be clear to see. C on the other hand has one small advantage, bad actors will have a harder time finding vulnerabilities in it because it is compiled and they would have to reverse engineer it, while O is clear for the bad actors to read. But, bad actors are a very small minority, any vulnerability in O is far more likely to be caught by good actors, while C is very unlikely to be reversed by any good actors at all and so if it has any vulnerabilities, they are far more likely to be found by bad actors first.
And it is important to note the conflict of interests that often exists in closed source software. A company that sells a product for profit and believes that its code is hidden, has very little interest in security and almost no interest in end user security, but if the code is not hidden, the company has an interest to produce reasonably secure code to maintain a reputation.
So almost always, open source leads to safer code for all parties involved.