- #Little snitch for windows worth it reddit full
- #Little snitch for windows worth it reddit software
- #Little snitch for windows worth it reddit code
#Little snitch for windows worth it reddit software
That's who proprietary security software helps. Save for the extremely dedicated intelligence agencies who may have the people and desire to exert the effort to find it. If a similar bug were to exist in proprietary software, there's a good chance it would never come to light at all. Yes, this is not instant, yes, it takes time and leaves people vulnerable in that time, but it did work out in the end. Had it not been, such a bug would have been much much more difficult to find. This just shows that security is hard and that reviews don't always catch everything.īut the only reason that heartbleed ever came to light was that OpenSSL is open source. I think this is a blatant counterexample actually.
#Little snitch for windows worth it reddit code
Nobody reviewed the code change by that guy. This is likely not a part of your threat model, but its harder to serve an open source project with a national security letter. On an open source project, theres a good chance someone will volunteer to close at least the widest holes. It will require pentests and likely a partial rewrite. If you aren't designing with security in mind from the start, its not just a feature you can build into your app. Appsec is expensive, its not always something you can afford to pay for. (For the software at least open source support plans can still suck.)ģ. I understand virus companies have a heavy workload, but what exactly were we paying for? With open source, you always get your monies worth. This is the job antivirus software is meant to automate. At it was, we had to bring the computers down one at a time, boot them into Linux, and run a script to delete the files and registry keys. (Probably a prank or experiment I work at a school.) If we used open source software, and the community shrugged at us, we could at least make our own signature. This was before my time, but from my understanding it was a custom-tailored attack that was made in a virus creator - a drag-and-drop not-so-advanced persistent threat. At my work, we were hit by as USB virus that McCaffe ignored despite our very premium support plan because it didn't exist anywhere else. It is often more nimble and can respond to new threats which closed-source projects ignore. You cannot secure something if you cannot understand its attack surface insecure undocumented features (ie the recent iPhone discoveries) and binaries accidentally (or "accidentally") compiled with debug flags are only detectable if the source is available.Ģ. It is more resistant to backdoor attacks (related to trustworthiness) and more effectively hardened. It is not just that open source software is inherently more trustworthy than closed source software.ġ.
This is even easier to do to closed-source products, and if you're worried about security than compiling your own binaries is a pretty basic measure. > If I were to screw you, I can very well do it with an open source product and pre-compiled binaries. Unfortunately, being pretty is not the same as being easy to use. I wanted to love it, because it looks like it's good for beginners. They found it difficult to know when something confusing was inherent or a bug. People would ask me stuff like 'how do I discard changes?' and I'd discover they'd gotten into a state where the menu would not appear until the software was restarted. Very sluggish and occasionally unresponsive on smaller repositories, too, especially with large single commits.ĥ. It crashed repeatedly while trying to handle large (1GB) repositories. It can't do merges, so you end up needing to use the git CLI anyways.Ĥ.
#Little snitch for windows worth it reddit full
There's no option to do the initial clone via ssh, which was a problem because http was failing to download the full repository.ģ. It spit out vague error messages, requiring repeating the action in the CLI to see git's actual, specific problem.Ģ. In migrating some technical writers to git, I thought it might be a good tool to introduce people to git.ġ.