Why not ? Think about this : you can put the malicious code where there is the lowest chance for someone to look. A lot of eyes are pointed at the closed source,because there are less eyes that can look inside there (at least less eyes than the eyes which look on the source code) and for this reason the chance to hide it is high. But even the contrary can be true : everyone knows that there are a lot of eyes which look inside the source code and this can be the reason for someone to think that no one will look if he/she thinks that there are a lot of eyes that look :D At the end,the question is : are we sure that a lot of eyes look in some sections of the open source code ? Everyone says that this happens for sure,but is this really true ? Maybe a lot of eyes are pointed in some portions of the code,but is it valid for every section of it ? I don't know if I managed to make myself understood, because mine is an attempt to make a counter-intuitive speech,since I've understood that the counterintuitive speeches are often interesting.
Il giorno ven 25 nov 2022 alle ore 12:15 Joe <j...@jretrading.com> ha scritto: > On Thu, 24 Nov 2022 16:05:31 -0500 > Jeremy Hendricks <jwh1...@gmail.com> wrote: > > > I have no idea what you mean. It’s open source and you can analyze > > the code line by line. > > > You can analyse the *source* code. The machine code it allegedly > produces cannot be analysed any more easily than can closed-source > software. Assembler maps one-to-one to machine code, statements in a > compiled language do not come close to that. > > Ken Thompson showed how it's done nearly forty years ago: > > > https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf > > "You can't trust code that you did not totally create yourself. > (Especially code from companies that employ people like me.) No > amount of source-level verification or scrutiny will protect you > from using untrusted code." > > I personally would expect every serious compiler in the world to have > been corrupted by one government or another. If something nefarious can > technically be done, a government will do it without a second thought. > > Look at it this way: would the CIA/FBI/MI5/etc. allow the use of Linux > to put people beyond their surveillance? > > -- > Joe > > -- Mario.
