1662
It's Open Source! (lemmy.dbzer0.com)
submitted 1 year ago* (last edited 1 year ago) by 001100010010@lemmy.dbzer0.com to c/memes@lemmy.ml

Not discrediting Open Source Software, but nothing is 100% safe.

you are viewing a single comment's thread
view the rest of the comments

Closed source software can still be audited using reverse engineering techniques such as static analysis (reading the disassembly) or dynamic analysis (using a debugger to walk through the assembly at runtime) or both.

How are you going to do that if it's software-as-a-service?

[-] DrJenkem@lemmy.blugatch.tube 13 points 1 year ago

See the first bullet point. I was referring to any code that is distributed.

Yeah, there's no way to really audit code running on a remote server with the exception of fuzzing. Hell, even FOSS can't be properly audited on a remote server because you kind of have to trust that they're running the version of the source code they say they are.

You can always brute force the SSH login and take a look around yourself. If you leave an apology.txt file in /home, I'm sure the admin won't mind.

[-] DrJenkem@lemmy.blugatch.tube 1 points 1 year ago

Lol, unlikely SSH is exposed to the net. You'll probably need an RCE in the service to pop a shell.

[-] EuphoricPenguin22@normalcity.life 1 points 1 year ago* (last edited 1 year ago)

That's not universally true, at least if you're not on the same LAN. For example, most small-scale apps hosted on VPSs are typically configured with a public-facing SSH login.

Ohhh, code that is distributed. The implication of that word flew over my head lmao, thanks for the clarification.

this post was submitted on 07 Jul 2023
1662 points (93.0% liked)

Memes

45660 readers
903 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS