this post was submitted on 30 Mar 2024
1551 points (97.7% liked)

linuxmemes

21393 readers
1360 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
  •  

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't fork-bomb your computer.

    founded 1 year ago
    MODERATORS
    you are viewing a single comment's thread
    view the rest of the comments
    [–] communism@lemmy.ml 2 points 7 months ago (1 children)

    What are you saying? That there are people doing the top version ("I want a backdoor / I ask the corpo to grant me access") for FOSS but they're less likely to get caught if they don't do all the gymnastics?

    [–] sbv@sh.itjust.works 5 points 7 months ago (2 children)

    OP is referring to a backdoor that was found. It apparently modified behaviour in a way that was noticeable to humans, suggesting that it was built by an unskilled adversary.

    It's a safe bet that there are others (in FOSS) that remain undiscovered. We know that skilled adversaries can produce pretty amazing attacks (e.g. stuxnet), so it seems likely that similar vulnerabilities remain in other FOSS packages.

    [–] MataVatnik@lemmy.world 1 points 7 months ago

    Stuxnet was done by a literal army assembled by state actors with massive funding hoarding zero days. If an attack like that came at you there is very little you can do.

    [–] communism@lemmy.ml 1 points 7 months ago* (last edited 7 months ago) (1 children)

    It’s a safe bet that there are others (in FOSS) that remain undiscovered.

    I agree, but I don't think that image (about survivors' bias) applies to the op meme then, as that would imply that it only seems like open source backdoors are convoluted because we've not found the simple/obvious ones

    [–] sbv@sh.itjust.works 1 points 7 months ago

    Survivorship bias or survival bias is the logical error of concentrating on entities that passed a selection process while overlooking those that did not. This can lead to incorrect conclusions because of incomplete data.

    In this case, the selection process is discovering human-evident back doors. It fits by my reading.