• oce 🐆
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    9 months ago

    No I don’t think you said I was entirely wrong, that part was clear enough.

    My issue is more with your argument from authority and personal experience. It is very easy to be biased by personal experience, especially when it brings good money.

    access controls and supply chain management and traditional security mechanisms.

    So I’ll put my personal experience too (which is also a low value argument). From the outside it may seem this is well done in big companies. But the reality is that this is often a big mess and security often depends on some guy, if any, actually having some standards and enforcing them, until they leave because the company doesn’t value those tasks. But since it’s closed source, nobody knows about it. With open source, there’s more chance more people will look at this system and find issues.
    I don’t doubt some ultra sensitive systems like nuclear weapons have a functional closed source security process because the government understands the risk well enough. But I think there are way more closed source systems, at lower danger level but which still impacts people’s security, that are managed with a much lower standard than if they were open-sourced.

    • prettybunnys@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      9 months ago

      I do agree that your words are in fact a low value argument. We’ve found common ground.

      Your heart is in the right place but there is nuance you’re clobbering by not being willing to be open minded.

      • oce 🐆
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        9 months ago

        You have provided no valuable argument except “believe my experience”, so I am answering with an equally weak one. Provide me some good quality study and I will be happy to change my mind. I recognize this lack of enlightening information is pretty aligned with closed source philosophy.

        • prettybunnys@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          9 months ago

          I think you asking me for “quality study” informs me that I don’t want to talk to you about this anymore.

          I understand ideologically you’re all for open source software (so am I, but you can’t see that) and you believe there is no merit to close sourced software. You believe open source software is inherently more secure and nothing will convince you otherwise and to be honest I just don’t care.

          In the real world your argument falls flat, the ideology is great but practically it doesn’t shake out that way. If you’re incapable of recognizing the merits AND flaws in both systems then I don’t have any desire to continue talking to myself.

          I’ve not at one moment argued against anything other than your narrow view, I am a proponent of open source software and am a contributor to a project I guarantee impacts your life every day. I’m not shitting on open source and never would.

          All of the things you say CAN make it better and many times do. That said it doesn’t inherently make it better and just because you crowdsource doesn’t mean you got it right. There is nuance. Democracy always fails on the idea that 1 Million Voices are smarter than 1, which isn’t always the case.

          Open Source Software ought to be used EVERYWHERE IT MAKES SENSE and not used where it doesn’t.

          The problem is when people make statements that just aren’t true to push for something that can stand on its own without false narratives.

          • oce 🐆
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            9 months ago

            A lot of straw man arguments. Overall, I think we agree on the value of open source.