this post was submitted on 07 Jul 2023
1675 points (93.0% liked)

Memes

45734 readers
762 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
1675
It's Open Source! (lemmy.dbzer0.com)
submitted 1 year ago* (last edited 1 year ago) by 001100010010@lemmy.dbzer0.com to c/memes@lemmy.ml
 

Not discrediting Open Source Software, but nothing is 100% safe.

you are viewing a single comment's thread
view the rest of the comments
[–] theblueredditrefugee@lemmy.dbzer0.com 6 points 1 year ago (1 children)

Closed source software can still be audited using reverse engineering techniques such as static analysis (reading the disassembly) or dynamic analysis (using a debugger to walk through the assembly at runtime) or both.

How are you going to do that if it's software-as-a-service?

[–] DrJenkem@lemmy.blugatch.tube 13 points 1 year ago (2 children)

See the first bullet point. I was referring to any code that is distributed.

Yeah, there's no way to really audit code running on a remote server with the exception of fuzzing. Hell, even FOSS can't be properly audited on a remote server because you kind of have to trust that they're running the version of the source code they say they are.

Ohhh, code that is distributed. The implication of that word flew over my head lmao, thanks for the clarification.

[–] EuphoricPenguin22@normalcity.life 1 points 1 year ago (1 children)

You can always brute force the SSH login and take a look around yourself. If you leave an apology.txt file in /home, I'm sure the admin won't mind.

[–] DrJenkem@lemmy.blugatch.tube 1 points 1 year ago (1 children)

Lol, unlikely SSH is exposed to the net. You'll probably need an RCE in the service to pop a shell.

[–] EuphoricPenguin22@normalcity.life 1 points 1 year ago* (last edited 1 year ago)

That's not universally true, at least if you're not on the same LAN. For example, most small-scale apps hosted on VPSs are typically configured with a public-facing SSH login.