For what it's worth, the author of Thorium has made a reply which includes a public apology and explanation: https://alex313031.blogspot.com/2024/01/the-good-bad-and-ugly.html
I'm using his Firefox clone, the Mercury browser, and am happy with it. - Evan On Sun, Jan 7, 2024 at 6:47 PM D. Hugh Redelmeier via talk <[email protected]> wrote: > This video was recommended to me: > > Chris Titus Tech: The Dark Side of Open Source > <https://www.youtube.com/watch?v=Q-02fW-n4qg> > > Apparently Titus recommended Thorium, a mod of the Chromium browser. > Now he feel burned because of a couple of non-mainstream Easter eggs. > > It seems mostly overwrought silliness to me. But you can decide for > yourself. > > The story isn't really about open source. It is about trust and > verification of software. The bigger / more complex the object, the > harder it is to trust. A very very deep problem. > > How does open source relate to this? > > - (we think that) it is harder to sue an open source project than a > commercial software producer. > > - the infrastructure for open source (GitHub, for example) lets you build > and distribute new mixes things without a lot of effort. So one oddball > can create and distribute a useful system > > - a larger team, needed in the past, would probably have an average > weirdness that is less than some random single creator. > > - open source software can be examined. This is likely how the > "problems" with Thorium were discovered. > > I don't even know why Thorium was interesting. It is a hacked version > of Chromium. Are the hacks interesting? Apparently its main > advantage is that it is compiled with higher optimization. If they > judged it worth doing, the Chrome project could do this itself. As > could the distros that package Chrome or Chromium. > > The only browsers that I (reluctantly) trust enough to use are > FireFox, Chrome, Chromium. Links or Lynx when desperate. > Browser-of-the-month isn't a club for me since the browser is my main > exposure to security threats. > > There is a very interesting question here: how can software earn trust? > Any software, including open source software. > > A recent enthusiasm has been to implement procedures to prevent "supply > chain attacks". Things like "software bills of materials" (provenance of > components). The (deserved) whipping boy has been NPM, the repo for open > source JavaScript. Equally scary things exist for Python, Perl, and Rust, > for example. > > The Thorium browser problem could be classified as a supply chain problem. > > Reliable software is hard. We have to work on it any way that is > effective. > > PS: I'm looking at Titus' video recommending Thorium in the first place. > <https://www.youtube.com/watch?v=naDYUVFs1-8> > - He gushes about how much faster it is than Chromium and Chrome. > - He suggests that the author has added accelerators not in chromium. > - A few nice little things. > - He mentions "multi-threading improvements" which seems unlikely. > --- > Post to this mailing list [email protected] > Unsubscribe from this mailing list > https://gtalug.org/mailman/listinfo/talk > -- Evan Leibovitch, Toronto Canada @evanleibovitch / @el56
--- Post to this mailing list [email protected] Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
