• John Richard@lemmy.world
    link
    fedilink
    English
    arrow-up
    48
    arrow-down
    1
    ·
    5 months ago

    You’d think so, but the answer is no. They’ve employed companies like Microsoft, Oracle, etc. to write up the security handbooks that says proprietary software is more secure. Heck, even electronic voting systems in the US is closed-source.

    • seang96@spgrn.com
      link
      fedilink
      English
      arrow-up
      41
      arrow-down
      1
      ·
      5 months ago

      Security by obscurity the 100% least effective security measure! Wait what? MS left the government knowingly vulnerable for years for the shareholders?! That’s some good security right there!

      • cmhe@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        8
        ·
        5 months ago

        I don’t agree with the generalization here. Sure, it is generally advisable not to rely on security through obscurity, but depending on the use-cases and purpose it can be effective.

        I dislike DRM systems with a passion, but they, especially those for video games like denuvo, can be quite effective, if the purpose is to protect against copying something for a short time until it gets cracked.

        Otherwise I agree that software developed in the open is intrinsically more secure, because it can be verified by everyone.

        However, many business and governments like to have support contracts so want to be able to sue and blame someone else than themselves if something goes wrong. This is in most cases easier with closed source products with a specific legal entity behind it, not a vague and loose developer community or even just a single developer.

        • 0x0@programming.dev
          link
          fedilink
          English
          arrow-up
          4
          ·
          5 months ago

          However, many business and governments like to have support contracts

          What i don’t get is that governments can have their own in-house IT and can moderately large companies and up, so why the blame-shifting game?

          If i’m a customer and your software blows up in my face i will not care that It’s not our fault, it’s our contractors.

          • catloaf@lemm.ee
            link
            fedilink
            English
            arrow-up
            3
            ·
            5 months ago

            They don’t care about what their customers think. It’s about criminal and civil liability.

    • Geometrinen_Gepardi@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      20
      ·
      5 months ago

      Heck, even electronic voting systems in the US is closed-source.

      How can elections even be trusted to be fair in that case?

      • John Richard@lemmy.world
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        2
        ·
        5 months ago

        Simply, you can’t. I’m personally all for an open source alternative for electronic voting. I can bank online, but not vote online. I’d trust an open source online voting platform more than I’d trust poll workers to not skew some votes. I’d also like to be able to track my vote and ensure it was cast for the person I voted for.

        • iknowitwheniseeit@lemmynsfw.com
          link
          fedilink
          English
          arrow-up
          6
          ·
          5 months ago

          Banking is completely different from voting from a security point of view. None of the parties in a bank transaction are anonymous, and there are numerous ways to retry or roll back a transaction. Computerized voting is more like crypto currency. 😝

        • Fedizen@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          2
          ·
          edit-2
          5 months ago

          you can’t have secret ballot and have a secure, auditible online vote. One of the problems of social media is it has created enemy lists for authoritarian states.

          • milicent_bystandr@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            You kind of can. Depends how fully auditable you want, but you can have cryptographically anonymized entries, that (I believe?) could even allow the original voter to track their vote, without enabling anyone else to track the vote back to the voter.

            It’s a different project, but GNU Taler have some interesting work on anonymized but not forgeable money transactions.

        • uis@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          Biggest vulnreability for online voting stands behind voter

      • NotMyOldRedditName@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        1
        ·
        edit-2
        5 months ago

        I think we’re well past the open/closed discussion when hackers have repeatedly shown how easy it is to compromise the voting machines.

        We know they’re trash, it’s not theory.

      • uis@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        By claiming that everyone who do not trust is communist trumpist