Language Selection

English French German Italian Portuguese Spanish

How open source builds distributed trust

Filed under
OSS

This is an edited excerpt from my forthcoming book on Trust in Computing and the Cloud for Wiley and leads on from a previous article I wrote called Trust & choosing open source.

In that article, I asked the question: What are we doing when we say, "I trust open source software"? In reply, I suggested that what we are doing is making a determination that enough of the people who have written and tested it have similar requirements to mine, and that their expertise, combined, is such that the risk to my using the software is acceptable. I also introduced the idea of distributed trust.

The concept of distributing trust across a community is an application of the wisdom of the crowd theory posited by Aristotle, where the assumption is that the opinions of many typically show more wisdom than the opinion of one or a few. While demonstrably false in its simplest form in some situations—the most obvious example being examples of popular support for totalitarian regimes—this principle can provide a very effective mechanism for establishing certain information.

Read more

More in Tux Machines

today's howtos

  • My pragmatic sysadmin view on subdomains and DNS zones

    This question is interesting to me because I had a completely different view of it than Julia Evans did. For me, NS and SOA DNS records are secondary things when thinking about subdomains, down at the level of the mechanical plumbing that you sometimes need. This may surprise people, so let me provide a quite vivid local example of why I say that.

  • An Exploration of JSON Interoperability Vulnerabilities

    JSON is the backbone of web application communications. The simplicity of JSON is often taken for granted. We don't usually consider JSON parsing as part of our threat model. However, in our modern, multi-language, microservice architectures, our applications often rely on several separate JSON parsing implementations, each of which has its own quirks.

    As we've seen through attacks like HTTP request smuggling, discrepancies across parsers combined with multi-stage request processing can introduce serious vulnerabilities. In this research, I conducted a survey of 49 JSON parsers, cataloged their quirks, and present a variety of attack scenarios and Docker Compose labs to highlight their risks. Through our payment processing and user management examples, we will explore how JSON parsing inconsistencies can mask serious business logic vulnerabilities in otherwise benign code.

  • Hardware RAID on the Raspberry Pi CM4

    After a long and arduous journey involving multiple driver revisions and UART debugging on the card, I was able to bring up multiple hardware RAID arrays on the Pi.

  • The Tao of Continuous Integration

    It is a truism in modern software development that a robust continuous integration (CI) system is necessary. But many projects suffer from CI that feels brittle, frustrates developers, and actively impedes development velocity. Why is this? What can you do to avoid the common CI pitfalls?

  • Install Kali Linux on Chromebook: Tips and Tutorials

    If you need more system privileges on your Chromebook, Kali Linux might be right for you, especially since Linux is free and open-source. But remember that this operating system is mainly for penetration testing and not very convenient for daily work.

  • How to install the Foxit reader on Linux

    The Foxit Reader is free PDF software for Linux, Mac, and Windows. It is open-source software. With it, users can create as well as annotate and collaborate with PDF files. Here’s how to install it on Linux.

  • How To Install Git on Manjaro 20 - idroot

    In this tutorial, we will show you how to install Git on Manjaro 20. For those of you who didn’t know, Git is a distributed version control system. Git is a free software designed to handle everything from small to very large projects with speed and efficiency. It can be easy to learn and used for tracking changes in source code during software development. Git has the features of data integrity, non-linear workflows, and fast performance. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Git on a Manjaro 20 (Nibia).

  • How to manage Flatpak permissions graphicly?

    Finding difficulties to manage Flatpak permissions using command lines? Maybe you should give Flatseal a try. The main purpose of Flatpak is to provide a centralized service for distributing applications. But while Penguin users enjoy the taste of updated and secured Linux apps, they have hard time managing Flatpak permissions for the lack of graphical front-end which helps them do so. Here the important of the Flatsealutility, which developed by the enthusiast engineer Martin Abente Lahaye, appears.

Why India Needs To Fuss Over FOSS

Did you know that over 85% of India’s Internet runs on FOSS, or Free an Open Source Software that strikes at the heart of software patents?

If your answer is ‘No’, you may be pleasantly surprised to know that India now ranks 3rd in the world in terms of FOSS usage, according to GitHub. In fact, some of India’s largest government projects, many technology startups, and some of India’s largest software services companies extensively us FOSS, according to a recently-released report titled ‘The State of FOSS in India’ by CivicData Lab.

FOSS communities in India, according to the report supported by Omidyar Network India, have also organized themselves to solve India’s challenges like digital inclusion by creating Indian language fonts, dictionaries and other essential tools that are widely used across the country.

Read more

Android Leftovers

Ubuntu 21.04 (Hirsute Hippo) Enters Feature Freeze, Beta Expected on April 1st

The Feature Freeze stage means that no major new features will be implemented in Ubuntu 21.04 until the final release hits the streets in late April 2021. Developers will no focus their efforts on fixing important blockers that won’t delay the final release. Dubbed as the “Hirsute Hippo,” Ubuntu 21.04 has been in development since late October 2020, shortly after the release of Ubuntu 20.10 (Groovy Gorilla). As its customary, the Feature Freeze stage will be followed shortly by an optional “Ubuntu Testing Week,” which will take place between March 4-11 and intended for those who want to help with the testing. Read more