|
i know this is a forum for taking the piss at computers but can we agree that the open source phenomenon is pretty great overall? if you're a programmer with a network connection anywhere in the world, and have any question whatsoever about how computers are made to do a thing, you have access to an immense library of code that people actually use every day to do that thing sadly i've seen so many programmers who refuse to use this resource to better themselves but what can you do, take their jobs i guess
|
#
?
Apr 5, 2017 09:04
|
|
|
|
| # ? Apr 18, 2024 15:48 |
|
|
Also if you've contributed code to open source projects that are widely used then you're p cool
|
|
#
?
Apr 5, 2017 09:12
|
|
|
nah its a piece of poo poo
|
|
#
?
Apr 5, 2017 09:31
|
|
|
Alternative opinion: When everyone can contribute to a piece of code, no one will.
|
|
#
?
Apr 5, 2017 09:43
|
|
|
Personal anecdote: I tried using Qubes-OS out of curiousity (I was OS-curious but now identify as macOS) and the window manager didn't scale well with my then dell xps 13 with terminally ill high resolution. When I asked on the on-line messaging board if this was a priority the answer came back: "It's open source, write it yourself".
|
|
#
?
Apr 5, 2017 09:45
|
|
|
Boiled Water posted:(I was OS-curious but now identify as macOS)
|
|
#
?
Apr 5, 2017 13:52
|
|
|
Gazpacho posted:Also if you've contributed code to open source projects that are widely used then you're p cool i made a bug report and somebody else made a 1 line fix, so i'm basically linus
|
|
#
?
Apr 5, 2017 15:19
|
|
|
open source is bad because anyone can hack the code op
|
|
#
?
Apr 5, 2017 15:53
|
|
|
open sores is cool if you're not concerned about Getting Paid OP
|
|
#
?
Apr 5, 2017 16:00
|
|
|
I technically write open source code because my company releases the source to some things I work on. but lol at doing it without getting paid.
|
|
#
?
Apr 5, 2017 16:09
|
|
|
graph posted:open sores is cool if you're not concerned about Getting Paid OP how else is anyone gonna learn to program stuff if they don't have a bunch of code to read? the trade press? lmao
|
|
#
?
Apr 5, 2017 16:11
|
|
|
graph posted:open sores is cool if you're not concerned about Getting Paid OP
|
|
#
?
Apr 5, 2017 16:19
|
|
|
open source sucks. close thread ban op gas yospos
|
|
#
?
Apr 5, 2017 16:27
|
|
|
my goth gf posted:open source is bad because anyone can hack the code op
|
|
#
?
Apr 5, 2017 16:41
|
|
|
Like have you already forgotten heartbleed, and the situation that produced it, and the cleanup work that was possible only because people could come in and hack on the code
Gazpacho fucked around with this message at 18:11 on Apr 5, 2017 |
|
#
?
Apr 5, 2017 17:37
|
|
|
my goth gf posted:open source sucks. close source ban op gas thread
|
|
#
?
Apr 5, 2017 18:13
|
|
|
nope. nope. nope. nope.
|
|
#
?
Apr 5, 2017 18:29
|
|
|
Gazpacho posted:Like have you already forgotten heartbleed, and the situation that produced it, and the cleanup work that was possible only because people could come in and hack on the code heartbleed was an open sores failure cause everyone assumed everyone else was checking the software for bugs.
|
|
#
?
Apr 5, 2017 18:56
|
|
|
Shaggar posted:heartbleed was an open sores failure cause everyone assumed everyone else was checking the software for bugs.
|
|
#
?
Apr 5, 2017 19:06
|
|
|
Shaggar posted:heartbleed was an open sores failure cause everyone assumed everyone else was checking the software for bugs. it was a good wakeup call that triggered the creation of the core infrastructure initiative
|
|
#
?
Apr 5, 2017 19:26
|
|
|
Shaggar posted:heartbleed was an open sores failure cause everyone assumed everyone else was checking the software for bugs.
|
|
#
?
Apr 5, 2017 19:29
|
|
|
lol @ FIPS
|
|
#
?
Apr 5, 2017 19:33
|
|
|
refusing to use or otherwise interact with open source is a good way to ensure that you will never grow as a developer
|
|
#
?
Apr 5, 2017 19:37
|
|
|
Gazpacho posted:nooooo, the FIPS validation process made it impossible for anyone to fix bugs even when they wanted to, which is why FIPS compliance was one of the first things LibreSSL threw out so what you're saying is openssl was a bad project that wouldn't pass audits so people gave up on it.
|
|
#
?
Apr 5, 2017 21:32
|
|
|
Shaggar posted:so what you're saying is openssl was a bad project that wouldn't pass audits so people gave up on it. btw stop using maven you hypocrite (it's bad btw)
|
|
#
?
Apr 5, 2017 22:19
|
|
|
graph posted:open sores is cool if you're not concerned about Getting Paid OP 
|
|
#
?
Apr 5, 2017 22:55
|
|
|
Gazpacho posted:turns out that having all your fixes held hostage to a 12-month $50,000 validation process actually does tend to kill bug fixing initiatives. proprietary devs handle this by having the code validated bugs & all and then not letting anyone look at it. it guarantees you will get an exploitable product maven is great but mostly because its used by professionals for development and those professionals contribute to it. openssl is garbo because it was built for and by amateurs. also according to the openssl web site fips compliance isn't part of default openssl and is a separate module meaning they could have patched this and then informed people they would need to decide between a quick patch or fips compliance. then eventually get re-certified. however they didn't discover the bug for years. this has nothing to do with fips and everything to do w/ amateur open sores development
|
|
#
?
Apr 5, 2017 23:26
|
|
|
Open sores are alright I guess
|
|
#
?
Apr 5, 2017 23:26
|
|
|
Shaggar posted:maven is great but mostly because its used by professionals for development and those professionals contribute to it.
|
|
#
?
Apr 5, 2017 23:54
|
|
|
open source is great, apart from when i use it for personal use
|
|
#
?
Apr 5, 2017 23:56
|
|
|
Gazpacho posted:Also if you've contributed code to open source projects that are widely used then you're p cool graph posted:open sores is cool if you're not concerned about Getting Paid OP
|
|
#
?
Apr 6, 2017 00:15
|
|
|
Gazpacho posted:looks like it would be a waste of time to refer you to the remarks from libressl folks that contradict you, but i notice you didn't deny what I said about proprietary devs hiding their dirty laundry how would they refute the fact that nobody caught the bug for years? or are you saying because openssl has a fips module nobody competent ever examined the source?
|
|
#
?
Apr 6, 2017 01:25
|
|
|
Shaggar posted:how would they refute the fact that nobody caught the bug for years? or are you saying because openssl has a fips module nobody competent ever examined the source? quote:There are huge disincentives to fixing (or discovering) bugs and vulnerabilities in already validated software. If a vulnerability is found it is for all practical purposes not fixable — been there done that with the (effective) revocation of validation #733[1]. That validation was for an open source derivative of OpenSSL publicly advertised and disclosed as such from the beginning. When we were privately informed of the (very minor) vulnerability we started the process of trying to negotiate approval of the fix with the CMVP [Cryptographic Module Validation Program]. The patch was prepared the same day that we learned of the vulnerability. Several weeks later we were still trying to figure out what hoops needed to be jumped with the CMVP bureaucracy. Since the vulnerability was in open source our options for suppressing its existence were limited. When our internally agreed time limit expired, we announced. The CMVP almost immediately revoked [2] the validation. This occurred after at least several commercial vendors were well along with plans to ship products based on the validated module. LibreSSL concurs here you can sit on the sidelines saying "durr hurr nobody fixed the code" all you want, but when the bureaucrats were finally pushed out of the way it got fixed
|
|
#
?
Apr 6, 2017 03:06
|
|
|
open source software is v. educational. maven for example shows how to make build specifications unreadable and also how to pass off lack of functionality as "opinions"
|
|
#
?
Apr 6, 2017 05:31
|
|
|
Gazpacho posted:Like have you already forgotten heartbleed, and the situation that produced it, and the cleanup work that was possible only because people could come in and hack on the code
|
|
#
?
Apr 6, 2017 10:09
|
|
|
Gazpacho posted:From Steve Marquess (OpenSSL co-founder): it sounds like a bullshit excuse for why he was too lazy to check openssl for bugs. they also had the choice of not doing fips at all or creating non-fips patches that get rolled up into a yearly fix pack that does get validated for fips. its just lazy and bad like most open sores.
|
|
#
?
Apr 6, 2017 15:00
|
|
|
Gazpacho posted:open source software is v. educational. maven for example shows how to make build specifications unreadable and also how to pass off lack of functionality as "opinions" if u think maven builds are unreadable you've never seen any other build system.
|
|
#
?
Apr 6, 2017 15:01
|
|
|
mavens great cause not only is it the best build system in the world, but if you have a "programmer" that doesn't get it its a red flag that they dont know anything about programming.
|
|
#
?
Apr 6, 2017 15:02
|
|
|
Shaggar posted:heartbleed was an open sores failure cause everyone assumed everyone else was checking the software for bugs. something something sendmail
|
|
#
?
Apr 6, 2017 16:17
|
|
|
|
| # ? Apr 18, 2024 15:48 |
|
|
Shaggar posted:if u think maven builds are unreadable you've never seen any other build system. the dependency is: the group is ..., that was the group the artifact ID is ..., that was the artifact ID the version is ..., that was the version that was the dependency gradle: the dependency is: group:artifact:version
|
|
#
?
Apr 6, 2017 17:52
|
|