this post was submitted on 07 Jul 2023
1616 points (92.8% liked)

Memes

45893 readers
2019 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
1616
It's Open Source! (lemmy.dbzer0.com)
submitted 1 year ago* (last edited 1 year ago) by 001100010010@lemmy.dbzer0.com to c/memes@lemmy.ml
 

Not discrediting Open Source Software, but nothing is 100% safe.

you are viewing a single comment's thread
view the rest of the comments
[–] theblueredditrefugee@lemmy.dbzer0.com 6 points 1 year ago (1 children)

Closed source software can still be audited using reverse engineering techniques such as static analysis (reading the disassembly) or dynamic analysis (using a debugger to walk through the assembly at runtime) or both.

How are you going to do that if it's software-as-a-service?

[–] DrJenkem@lemmy.blugatch.tube 13 points 1 year ago (2 children)

See the first bullet point. I was referring to any code that is distributed.

Yeah, there's no way to really audit code running on a remote server with the exception of fuzzing. Hell, even FOSS can't be properly audited on a remote server because you kind of have to trust that they're running the version of the source code they say they are.

[–] EuphoricPenguin22@normalcity.life 1 points 1 year ago (1 children)

You can always brute force the SSH login and take a look around yourself. If you leave an apology.txt file in /home, I'm sure the admin won't mind.

[–] DrJenkem@lemmy.blugatch.tube 1 points 1 year ago (1 children)

Lol, unlikely SSH is exposed to the net. You'll probably need an RCE in the service to pop a shell.

[–] EuphoricPenguin22@normalcity.life 1 points 1 year ago* (last edited 1 year ago)

That's not universally true, at least if you're not on the same LAN. For example, most small-scale apps hosted on VPSs are typically configured with a public-facing SSH login.

Ohhh, code that is distributed. The implication of that word flew over my head lmao, thanks for the clarification.