this post was submitted on 14 Jan 2024
1126 points (97.4% liked)

linuxmemes

21226 readers
74 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS
    1126
    submitted 10 months ago* (last edited 10 months ago) by Zeon to c/linuxmemes
     
    you are viewing a single comment's thread
    view the rest of the comments
    [–] [email protected] 2 points 9 months ago

    Easy, since it's open source, anyone could, if they're inclined, edit the code to do something just differently enough to cause a problem, or unlock features they're not supposed to have access to, or spoof something that they shouldn't be able to spoof.

    This was a big argument against Windows getting a full Unix style socket in Windows 10, I believe. MS did it anyway and basically nothing changed. The blunt realty is that if an attacker is so inclined, they will find a way. Whether anyone wants them to or not. In the case of Unix style sockets, simply pushing the attack onto a Linux VM running on the windows system is usually enough, at most, moving the attack to a Linux or Unix system is also pretty easy but requires additional hardware (even a raspberry Pi) to complete.

    As simply as I can, there's enough software defined radios out there that you can hack to accurately spoof a genuine (closed source) device with enough effort, that this argument dies on the table to anyone with the technical knowledge to know what it actually means. It's the same argument as outlawing guns. If you outlaw guns, only outlaws will have guns; which is also total horseshit in it's own right, but makes a point. They're making it hard for people (the non-malicious public) to get access to services in the way they want on the basis that it would "make it easier" for hackers to do the illegal. While it may be true that hackers will be able to do some things easier, by not requiring specialized hardware to do whatever malicious thing they want, they're effectively punishing thousands or hundreds of thousands of people who are not malicious and want open source by prohibiting it, just to make the small number of hackers work harder to do things.

    Fact is, if they allow it, they need to invest time and effort into implementing safeguards to ensure that any abuse is caught and stopped. They don't want to put in that effort. The idiotic thing is that they need to put in those safeguards anyways because other tools exist that can still attack in the same manner. So they've saved themselves nothing in the prohibition, made the job of malicious hackers "harder", and punished a large percentage of their client base for no good reason.