Use this with the encryption, sync to local filesystem, and with syncthing or similar and you can have an entire "second brain" tree of knowledge written in markdown. On your phone, on your laptop, pc at work, etc.... all for free because devs
So one of the most wonderful things about relying on their proprietary closed source operating system is that you can't have external code audits. You just kind of wait for ethical people to come forward and explain bugs they've found and wonder, 1, how long has it been there, 2, how long have bad actors known about this, 3, how many other bugs are just like this or worse that they haven't found yet, 4, do I need to recreate VM images or can I trust the internal patch process to get it installed before I've been exploited, 5, does the patch actually fix the underlying security flaw or is it something they're calling a "feature" now that will always be an issue... I'm so grateful to not be a janitor for Microsoft Windows software anymore.
You're mixing a lot of things for no reason, the problem you describe really have very little or even nothing with open source or proprietary or even OSes.
Points 2/3/4 are exactly the same on other OSes, even open sources ones.
Point 1 might be easier to answer by yourself/someone who is not the vendor with open source OSes, while for Windows or OSX you depend on the vendor to tell you with certitude "starting with X" (which they always do). But on the other hand the centralized and streamlined patching model makes it much much easier to identify just which patch caused it, compared to "which level of package mainter or upstream caused it, is it a flaw in SOFT or in debian's SOFT-up3 or what ?"
Point 5 has nothing to do with open source either, on either you can easily test if it's fixed or not.
Whether it's considered bug of feature-wont-fix is pretty much always answered so you don't have to actually ask yourself (but if they do consider it normal then you can't fix it yourself on closed source proprietary, though they usually give you a config change to get what you want).
> You just kind of wait for ethical people to come forward and explain bugs they've found
And the same apply to open source software. It's not like all the bugs in open source software was fixed in audits or that you somehow magically know how long time the issue has been attacked by bad actors.
Microsoft Windows is proprietary software yes, but they have something called the Shared Source Initiative.
> Through the Shared Source Initiative Microsoft licenses product source code to qualified customers, enterprises, governments, and partners for debugging and reference purposes.
I say this as someone who doesn’t like Windows and doesn’t run Windows. We still need to admit that Microsoft does indeed let others read the source code, only that they decide who gets to read it and not.
The problem is that it would be dangerous for any FOSS developer to be chosen among those who can see their sources for obvious legal reason. Anyone willing to be exposed to Microsoft's IP and NDAs that way is probably already so tied to them that we couldn't count on any independent security auditing and reporting without Microsoft authorizing it.
The key question is: would they let people who want to find bugs? Because that is the point here, if you can read the software but not allowed to do an audit, it doesn't make any difference (for the issue that we're discussing).
Can you clarify the distinction? They share the source code so that other people can do auditing, obviously. But what would be the scenario where you are allowed to read the code, but you're not allowed to look for issues? Have you ever seen that set up anywhere? It would not make any sense.
If you're asking me personally, OpenSSL always had a funny smell even at the time, and so did TLS, simply because it seemed all way too complicated. TLS v1.3 agrees. As far as TLS implementations go I think pretty much all of them have had major, critical flaws. Microsoft's SChannel has had an RCE since it was born, patched the same year as Heartbleed, Apple's Secure Transport had goto fail (also in 2014 if I recall) etc.
Microsoft can easily pay for external software audits. They just need them to sign an NDA or other agreement that the access to code is only to be used to audit the code, and nothing else.
I mean if you're dumb enough to tie yourself to garbage proprietary software that constantly sucks, has majority security flaws as features, removes features, spies on you, and charges you money to use it on every computer, then you're getting what you asked for and you just don't realize it.
My two cents.... trying to profit via the business of artificial scarcity on an open source project that's going to end up a commoditization anyway, is kinda crappy. If they offered support or implementations or a specific customization for profit, I get it. That way the people doing work get rewarded and people don't end up paying for access to a feature because it's a carrot being used to get money.
A government that hides its actions is a government that is overstepping its bounds and needs to be slapped around a bit. I think we're decades behind in the slapping around department.
Make everyone a criminal and spy on everyone so you can control them and scared them to death. What a wonderful way to run the "land of the free"
I bet most people thought the spying was for terrorists.
One of the principal mechanisms used in the USA to maintain its system of oligarchy / tyranny is distraction of the population via "culture war" issues and identity politics.
As long as people vote based on who they'd rather have a beer with, or based on issues like homosexuality and religion, they will not vote based on issues of social justice, economic well being, or against the politics of corruption.
The culture war and identity politics are a classic divide and conquer technique. It's used because it works.
I note the above digression in this thread -- which incidentally is higher upvoted than the present thread -- wherein people marvel at how similar the recent abuses are to the plot of the TV show "The Wire".
>there is nothing you can do about these things.
It's gonna take generations of work to resolve it, but there's absolutely a way out of this. We may never find it, though.
https://joplinapp.org/
Use this with the encryption, sync to local filesystem, and with syncthing or similar and you can have an entire "second brain" tree of knowledge written in markdown. On your phone, on your laptop, pc at work, etc.... all for free because devs