The meta point here is that just in OSS folks assume that the code has been reviewed since it's open, but the reality is that unless someone actually does you really don't know. The popularity of a project doesn't mean there aren't fatal flaws.
No need to bring out that dead horse for a beating. No one in this thread has yet made the claim that OSS code is flawless; you're picking a fight with a straw man.
It's a genuine issue, and one that is made time and again by people who think "open == security" whenever there's a discussion about something like Google or iMessage, when the armchair security experts come out of the woodwork to promote their favourite whatever-it-is.
Sure, it mightn't be made in this thread yet, but that doesn't make it an irrelevant, invalid, or uninteresting observation. I think that the spirit of discussion, so integral to what separates HN from other websites, means we should not poo-poo this line of inquiry just because you're bored of it.
Yes, but I tend to view security as a somewhat epistemological phenomenon. It's not enough for the security to exist "somewhere out there in the universe" in an absolute, objective sense. If you have no way of verifying it, it could simply be a lie, and is thus useless for threat modelling.
> Sure, it mightn't be made in this thread yet, but that doesn't make it an irrelevant, invalid, or uninteresting observation.
I really think it does. It's like "the sky isn't green!" or "the earth isn't flat!" or "vaccines don't cause autism!" Sure, these are all true things, but they weren't exactly topics of discussion on this thread before you brought them up.
By all means, discuss the article, and rebut comments you feel espouse an inaccurate worldview. (IMO) preemptive rebuttals like this are only useful or interesting when they're somewhat novel, or represent some special insight into a particular field that outsiders wouldn't have. This one has neither.
My particular take on why this dead horse is irrelevant (as well as tedious and boring):
Fsync isn't a security issue, it's a data loss issue. Arguably, the Postgres behavior is quite reasonable and the article's headline is just inaccurate. Linux has been reviewed, e.g., https://danluu.com/file-consistency/ from 2017, summarizing research from 2001-2014, all of which pointed towards deficiencies in its data preservation behavior. The Linux community know they lose data and propose that users should accept it.[0]
The Postgres <-> Linux fsync investigation has been ongoing for a long time, with lots of eyeballs on both sides of the kernel/userspace boundary. This isn't really a "bug escapes major application developers for 20 years!" so much as "Linux can't agree to provide an API to make file data consistent."
> but these weren't exactly topics of discussion on this thread before you brought them up
Well, we're sorry we didn't recognise you as the discussion warden, but I think that's how a conversation works: people are free to bring up the points that they feel relevant, and people can either continue the train of thought or not. If it has no appeal to you, you're free to let it die a natural death rather than make pronouncements on what's relevant or not.
Humorously, someone in this thread has now actually made the claim that their open source database product has flawless crash reliability: https://news.ycombinator.com/item?id=19127011
Multiple independent research teams with their crash analysis/fuzzing tools confirmed the fact. Along with over 7 years deployment in large enterprises: Zero crash-induced corruption, zero startup/recovery time. Crash-proof by design.
The point is valid, but uninteresting. It's the default. Everyone who has skimmed HN for more than two weeks has seen this by example, if not by comment, time and time again.
Personally I assume if a project is at least somewhat popular it works most of the time and frequent/serious bugs are reported and researchable. For that to work I also report or second bugs I encounter. That doesn't mean there aren't any bugs in even the most popular OSS, especially in edge cases and rare scenarios.
With closed source though I often don't know the popularty and how many/what kind of bugs have been reported, but just the reputation of the vendor.
I prefer a popular software from a highly reputable vendor over a somewhat popular OSS. But I also prefer the most popular and battletested OSS, like postgresql and linux, over any closed system, e.g. SQL Server and Windows.
Any project can contain fatal flaws irrespective of its review policies. Particularly when we are concerned with the subtle behaviour of the interaction between write and fsync. Even if you read the standard it's not clear exactly how the system as a whole should behave; there are a number of situations which aren't mentioned in the standard at all.
It would be quite possible for a review, and even extensive testing, to fail to pick up on some system-specific subtleties.
This is a contrarian view and I will sound phobic but for this very reason- false sense of security + possibility of malicious check ins- I now place less emphasis on open/closed source and more on repute. I am happier to download exe's from good companies these days than a package from arch-aur
Or if we all get together and decide a company shouldn't behave in a certain way, that's another option. We call that government regulation when we everyone gets together to do that. You can think of it as voting with your money, just without the money part.
Governments have never consisted of "everyone getting together." That's a myth that smacks of socialism. The best way to get the products and services you want (and wipe out the ones you don't) is to vote with your pocketbook.
With Facebook and other "free" services, you are the product -- not the customer. Stopping this is very simple; just don't agree to be the product anymore.
No one needs a social network. There isn't one compelling reason for anyone to join one unless you are a shareholder. You don't need the government to protect you from social networks or fix their ills. You need to delete your account and take personal responsibility for your complicity.
No, sir. You are the product to be bought and sold on the free market and that's how they treat you. FB's software is free and therefore not the product. Your personal information is what's commercially valuable and therefore is the product. Google operates on the same model and you can quit that, too, if you'd like. If you don't, that's on you.
Don't ask government to save you from this when you can delete your FB account by yourself and get out of the game.
There isn't one personal or commercial benefit to FB or other social networks which has not already been solved by other technologies.
I wasn't making any argument here about what anyone should or shouldn't do. I was simply pointing out that it's not the case that deleting your FB account gets you "out of the game" when it comes to being tracked. That's not the same thing as "it doesn't make any difference".
FWIW, I have a FB account, never initiate friend requests, log in rarely, post ~never. I make no claim that this is the "best" strategy by any particular metric.
> it’s one thing to just be bad at your job and you leak a bunch of data and oops, you didn’t notice that a hacker was in your system like a Kofax for months.
Na, I'm tired of these excuses too. Maybe jail is too extreme in this case, but being sloppy isn't ok. Or not supporting MFA when you're dealing with financial data.
BitBucket doesn't have a large OSS community, but it does have a lot of larger business that need Jira and Confluence integration. So it could be worth it, just the user base isn't as visible as GH.
Definitely something to think about then, since I think larger businesses are the sweet spot for Reviewable and that's where most of the growth has been coming from in the last couple years. Still, forking the codebase _really_ doesn't sound appealing...
Abstractions are sometimes really good for understanding the business. But yeah comes with a price tag and potential mismatch to the real niche (like GitHub add on)
BTW, does anyone where to get better-than-anecdotal data on userbase size and composition for GitHub, BitBucket, and GitLab? And, ideally, growth trends?
The GitLab number tallies with Emily's answer, which gives me some moderate confidence that these numbers are in the right neighborhood. I'm also going to assume that the users-vs-teams numbers are all in roughly the same proportion.
Based one these numbers it doesn't make much sense to target BitBucket unless either 1) they're growing much faster than GitHub (unlikely) or 2) their customers are a much better fit for Reviewable (possible, but it would have to be a truly significant difference in userbase composition). Targeting GitLab doesn't appear to make sense at all (as a business), though perhaps they're growing fast.
It's hard to compare, since Reviewable is an OAuth app and hence needs an install per-user rather than per-org. However, on the page you linked I see a couple apps topping out at 6-7k installs, and most of the rest are in the low hundreds. This doesn't look particularly impressive to me...
Community Advocate for GitLab here. We can't share that data publicly (also because it's hard to track since many are on open source core), but we do have over 100k orgs using GitLab
Boeing does this with their seats in the factory too, they put a picture of a Lamborghini on the seats since they cost the same.
EDIT: Yes, it's hard to believe a seat costs the same as a Lamborghini, that's exactly why they put the picture on it. This is mainly for the first class seats, though rows apparently cost about the same too.
The commenter above could have been saying the seats cost the same as Lamborghini seats, which is plausible, or that it costs the same to print a picture of a Lamborghini onto the packaging as it does to print a picture of an airplane seat, which is true. There are many plausible ways to interpret their statement as being correct, but I don't think they're saying any airline seats cost $200k.
It's hard to say how much anything actually costs in aviation because no one pays list price and are outfitted per the buyers' specs (why airlines all have their own in cabin look). Discounts are usually north of 50% off "list". Economy style seats don't have a lot going on and definitely don't cost the same as a Lambo.
You can even buy your own if you want to be uncomfortable in your own home:
Actually they do. The drive to make thinner and lighter seats means lots of exotic materials can go into them. If the seats include in-flight entertainment devices, that'll increase the cost too. Plus the seats still have to be certified to the same stringent safety standards as the first-class seats.
Of course the claim was that a row of economy seats costs about what one first-class seat does. I think that's believable.
You could very much imagine that the cumulative cost in project disruption and inspections if a row of seats arrives damaged and then fails safety checks would easily exceed the cost of a Lamborghini.
True. I wasn't saying for sure that was the price. I just wouldn't be too surprised if it ended up averaging out somewhere around there between economy and first class seats. Things you wouldn't expect can be weirdly high priced. Aircraft are just one of those things I could see just about everything being more expensive than you'd think. If only because there's less manufacturers specializing in aircraft parts and the companies buying them tend to be those that have enough money to be buying parts for aircraft.
Given that the airplane manufacturers typically aren't the ones selling the engines (or the required maintenance) the list price is for the airframe itself. I believe Chrichton touches on this in his book, Airframe.
I heard about also over 10 years ago, some airplane maintenance companys print things like cars and houses on spare parts, so people know about what they cost.
Right. The first rule of password security: if you have a large enough user base, the odds of a user writing down a password increase, and as passwords become sufficiently difficult to remember, the odds approach 100% at some point that _some_ people are writing down passwords. No amount of defense in depth can protect the "I have a Post-It note under my keyboard" problem, if people can get into your building.
We've handled this by mandating password manager use and pushing length requirements to absurd levels to where it truly is easier to just use the manager, which has two factor.
Why can't we program our <something> support departments to act on information they're given? Why do we need to program these departments like they're half AI zombies?
For all we know, they DID act on the information given... and sent him down a pointless rabbit hole to prevent him actually taking the correct steps to address the problem. After all, Netflix is in the wrong here... and I don't know of any corporation who will happily assist someone in filing a grievance against themselves. On the contrary, if someone is sending repeated emails about something that could potentially be a lawsuit, I'd guess my lawyer would advise the same thing -- ignore it unless they actually file paperwork.
Think of it like getting pulled over for speeding -- Everyone knows you did something wrong. But when the officer says, "Do you know how fast you were going?", do you respond with "Yes, officer, I was going 31 in a 25. Please give me my ticket now." No, you admit no wrong and hope they don't push it so you get away with it.
Because it is in Netflix best interest if he doesn’t get a laywer. He said the images can easily go up to $600 and I believe this is truly what he would have gotten if they asked. Now since he they took it without asking, he probably could get a lot more (it is after all used as promotional material and there are a lot of ads for it). If Netflix wanted the copyright infringement to go away as quickly, and cheaply as possible, they would just pay him without lawyers on his part who would probably advice him to go to court.
You’re analogy with the police office is a bad one for this example. Image you dumped another can without you realizing that. Fortunately for you, the other person does not call the police immediately. Instead, they manage to track you down and send you a letter asking you to pay for the damages. You can assert that this did in fact happen because their paint is on your car. This is in your best interest. You really don’t want to get charged for a hit and run. You are glad he did not go to the police, pay the damages and send a nice apology letter. Netflix probably did not know about the copyright infringement. It probably was made by a design company. Netflix should have know whom the VGA cassette originates from, but they did not and this is unfortunate but can happen. It is in netflix’s best internet to go away silently.
What I believe had happened is that he was sent to the wrong department. That department saw the email and though it was not authentic/a fake to quickly export money or baseless. A company must get a lot of emails: “you owe me money because xyz”.
> A company most get a lot of emails: “you owe me money because xyz”
That is my point. It is their best interest (although not best ethics, arguably) to ignore and deflect such people unless they take further action to prove they are serious. At that point, someone from their legal department would certainly take a look, and in this specific case, act on it. I agree with your statements once someone has shown they are serious. But a call to CS and a couple emails don't yet put this guy in that category, despite his totally legitimate complaint.
> Fair enough, but why is there no standard shell or alternative interpreter?
There actually exists the UEFI Shell, but not every UEFI implementation has it built in. For example the UEFI implementation that Intel provides for the Minnowboard Max (now EOL) and Minnowboard Turbot does provide an UEFI Shell.
If the producer of the mainboard/laptop has not built in the UEFI Shell, there still exist options to start an UEFI Shell binary as an ordinary UEFI application (just as a bootloader etc. is also just an UEFI application):
