Look at chromium vs chrome. The average person uses chrome and has no idea about chromium, open source or programming. The average consumer will buy a router with back doors in it, even if the average programmer patches chromium to be more secure. I am tired having to set up my own infrastracuture everywhere just to feel like there is no back doors anywhere there to spy on me, my code or whatever. And yet still i cant known if some firmware is enabling back doors anywhere. After all, the mental issues aside, terry davis is correct. And terry davis was correct about HolyC, when your OS is running code on the fly you can veryify and patch your code in real time.

He wasn't the first to have that viewpoint. I believe Symbolics LISP machines and Smalltalk VMs also have that approach. In fact, I think, to speed booting, Emacs works by booting from what is essentially a hibernated state file for the Emacs LISP VM.

The issue is that runtime patching gives you more opportunities for what's running to diverge from your records of what should be running.

Two things:

1) Who died and ;left OSI the final arbiter of what is and isn't open source? I don't remember there being an election them King of Open Source.

2) More importantly, who cares what they classify as open source?

This is so demonstrably wrong, it's not even funny.

How many bugs and vulnerabilities does XOrg have that were only found about 20+ years?

How many bugs and vulnerabilities does WINE have that were only found about 13 years?​

How about the memory leak that Gnome had for 10 years?

How about the vulnerability that curl had for 2+ years?

But i can end this argument very easily by pointing to Metasploit:



Metasploit is used fir penetration testing and in fact is also on the test when going for the Security+ Certification.

Under exploit there is only 1 available for FreeBSD and 1 available for OpenBSD.

Under MacOS there are 40 exploits.

Under Linux? 456.

Under Windows? 1179.

Under Payload, we find 24 for FBSD, 114 for Linux, 42 for Mac OS and 301 for Windows.

​
For Post modules we find 1 for FBSD, 45 for Linux, 23 for Max OS and 237 for Windows.

These numbers are indisputable and can be verified by installing Metasploit on a "attacker" system and then setting up a "victim" system on a VM or using the Hack Me website.

The Windows numbers tend to be skewed because they encompass all Windows versions and Windows has a much larger attack surface thanks to the greater functionality it has.

People can spin this anyway they want.

They literally created the term and, if not for the whims of the USPTO, they'd have registered it as their trademark.

"Open source" began as "Netscape is receptive to the idea of releasing the source to their Netscape Communicator rewrite, but calling it Free Software is too political/ideological for them to be comfortable with and English gives too much ambiguity in what kind of "free" is being talked about (libre vs gratuit, in French). Let's coin a new new term, create a list of guidelines that's like the Debian Free Software Guidelines but phrased in an apolitical way, and start a foundation".

What you're saying Is akin to "Who died and left Microsoft the final arbiter of what does and doesn't get Windows Logo Certification?"

A ton of people who only care about "open source" because it's functionally equivalent to having debian-legal agree that a license satisfies the Debian Free Software Guidelines, except better known and more respected. Reinterpreting the word won't voodoo-doll people into agreeing with you, it'll just cause them to abandon the term in favour of something else that still aligns with their intent.

This sort of thing is also why Creative Commons releases the text of their licenses into the public domain, but only allows you to use their trademarks (eg. the name "Creative Commons", shorthands like CC-BY, etc.) if you don't muddy the waters by trying to slap on additional restrictions like "must not redistribute the original icon collection as-is". (GNU also has GPL as a trademark with restrictions on its use, doesn't release the text of the GPL under a license that allows you to modify it, and all GPL version have some mechanism to deal with additional restrictions. The GPLv2 becomes "You can use this code when X = 1 and X = 2 simultaneously" unsatisfiable if you apply additional restrictions and the GPLv3 grants you permission to ignore any additional terms layered on downstream.)

As i have said numerous times, and as various posters of this forum keep proving, in order to be a Linux or GPL advocate you need to not know what you are talking about.

OSI did not create shit.

The Open Source initiative Foundation is a scam that was founded in 1998. Open source as a concept has existed since at least 1911 and as it relates to software since the 1950's:





Long before these self righteous assholes anointed themselves as the final say of what is and isn't open source, universities and scientists were sharing the source code to various Unix based OSes.

More importantly, the Open Source initiative Foundation is listed as a 501 charted under California state law yet the principle officer is a guy living in England that pulled in over $550,000 in 2018 and after "expenses" netted about 280 grand:



Half a million bucks in donations for him to tell us what is and isn't open source.

Open source advocates really are suckers,

And I said they created and popularized the term "open source" as a rebranding of the Debian Free Software Guidelines. When did I ever say they invented the concept?

Also, in case you missed it, I said that I don't give a damn what you call it because I am using "open source" as a rough equivalent to "approved for DFSG-compliance by debian-legal", which Windows doesn't satisfy either.

Stop playing into Microsoft's attempts to spin-doctor. There's a reason that, if the OSI had gotten the trademark on Open Source, the legal concept of "trademark dilution" would be relevant.

The concept people are referring to is a more equitable power dynamic which Microsoft very definitely doesn't want to give them, no matter what words they use.

Less than Xsun

Less than SFU

Less than CDE until it was open-sourced and the memory leaks were fixed. We fixed so much! So many flaws were fixed because the source was finally released and we could.

The closed versions used internally in Microsoft windows and Visual Studio are still vulnerable.

1179 is clear evidence that bugs are not easily found when full source is not available. The academic source is a version of the 2003 kernel with a lot (including ACPI) stripped out.
Once Windows is open-sourced, I hope you revisit this thread and admit you were a little naive.

I see you ignore the 456 that Linux has.

I also see that you ignore the 1 that FreeBSD has.

If you care about security and open source, stop using Linux and switch to a BSD based OS.