Language Selection

English French German Italian Portuguese Spanish

Open Source vs. Windows: Security Debate Rages On

Filed under
Microsoft
OSS

It's a topic of fierce debate among high-tech cognoscenti: What's more secure -- "open source" code such as Linux and Apache, or proprietary "closed source" operating systems and applications, Microsoft's in particular?

The regularity with which Microsoft has taken to announcing vulnerabilities and consequent software fixes has left few cheering about its security. In contrast, high expectations endure for open source, with proponents arguing that it's inherently more secure because a much larger set of developers can read the code, vet it and correct problems.

"I'm struggling to think of anyone who would argue the other way," says Adam Jollans, chief Linux technologist at IBM Latest News about IBMSoftware Group.

"Discovery is different in the open source and closed source approach," Jollans says. "Because source code is visible to lots of people, if there is a security issue, it tends to be spotted earlier. The open source community isn't shy about criticizing bad code."

Thus, open source developers are "more able to respond quickly and to use new and more secure techniques. Because they perform for peers' kudos, this, too, behooves them to perform well," Clarke says.

"Open source development is centered around operating systems designed many years ago with security and Internet connectivity as a base requirement," he adds.

Open source is foremost an "ethos" that "is precisely the best social environment for the best development of anything," Clarke maintains. "By contrast, the principle culprit of poor security, Microsoft, has several major issues with producing secure code."

Microsoft seems lax to security threats," says Robert Swiercz, managing director of the Portal of Montreal, the city's Web site. "I have less and less ability to trust them." He, too, expresses confidence in the open source community, saying, "This is where the solutions are coming from."

However, some call these assumptions into question and assert there's a lack of accountability in fixing open source. A number of research firms are ready to puncture the belief that open source is by its very nature superior.

Other I.T. managers say they like a lot of open source security tools and applications but corporate policies prevent them from using them.

"We don't do open source because my lawyer says there's no one to sue," says Phil Maier, vice president of information security at Inovant, Visa's technology deployment division. "The lawyers had the final say."

Full Article.

More in Tux Machines

4 technologists on careers in tech for minorities

In honor of Black History Month, I've garnered the opinions of a few of my favorite technology professionals and open source contributors. These four individuals are paving the way for the next generation alongside the work they're doing in the technology industry. Learn what Black History Month means to them, what influences their career, resources for minorities wanting to break into tech, and more. Read more

Qt 5.15 Beta1 Released

I am happy to announce to you Qt 5.15 is moved to Beta phase and we have released Qt 5.15 Beta1 today. As earlier our plan is to publish new Beta N releases regularly until Qt 5.15 is ready for RC. Current estimate for Qt 5.15 RC is ~ end of April, see details from Qt 5.15 releasing wiki. Please take a tour now & test Beta1 packages. As usual you can get Qt 5.15 Beta1 by using Qt online installer (for new installations) or by using maintenance tool from your existing Qt online installation. Separate Beta1 source packages are also available in qt account and in download.qt.io Read more

Fedora’s gaggle of desktops

There are 38 different desktops or window managers in Fedora 31. You could try a different one every day for a month, and still have some left over. Some have very few features. Some have so many features they are called a desktop environment. This article can’t go into detail on each, but it’s interesting to see the whole list in one place. To be on this list, the desktop must show up on the desktop manager’s selection list. If the desktop has more than one entry in the desktop manager list, they are counted just as that one desktop. An example is “GNOME”, “GNOME Classic” and “GNOME (Wayland).” These all show up on the desktop manager list, but they are still just GNOME. Read more

Programming: 'DevOps', Caddyfile, GCC 8.4 RC and Forth

  • A beginner's guide to everything DevOps

    While there is no single definition, I consider DevOps to be a process framework that ensures collaboration between development and operations teams to deploy code to production environments faster in a repeatable and automated way. We will spend the rest of this article unpacking that statement. The word "DevOps" is an amalgamation of the words "development" and "operations." DevOps helps increase the speed of delivering applications and services. It allows organizations to serve their customers efficiently and become more competitive in the market. In simple terms, DevOps is an alignment between development and IT operations with better communication and collaboration. DevOps assumes a culture where collaboration among the development, operations, and business teams is considered a critical aspect of the journey. It's not solely about the tools, as DevOps in an organization creates continuous value for customers. Tools are one of its pillars, alongside people and processes. DevOps increases organizations' capability to deliver high-quality solutions at a swift pace. It automates all processes, from build to deployment, of an application or a product.

  • How to solve the DevOps vs. ITSM culture clash

    Since its advent, DevOps has been pitted against IT service management (ITSM) and its ITIL framework. Some say "ITIL is under siege," some ask you to choose sides, while others frame them as complementary. What is true is that both DevOps and ITSM have fans and detractors, and each method can influence software delivery and overall corporate culture.

  • JFrog Launches JFrog Multi-Cloud Universal DevOps Platform

    DevOps technology company JFrog has announced its new hybrid, multi-cloud, universal DevOps platform called the JFrog Platform that drives continuous software releases from any source to any destination. By delivering tools in an all-in-one solution, the JFrog Platform aims to empower organizations, developers and DevOps engineers to meet increased delivery requirements. For the uninitiated, JFrog is the creator of Artifactory, the heart of the Universal DevOps platform for automating, managing, securing, distributing, and monitoring all types of technologies.

  • New Caddyfile and more

    The new Caddyfile enables experimental HTTP3 support. Also I’ve added a few redirects to my new domain. All www prefix requests get redirected to their version without www prefix. My old domain nullday.de redirects now to my new domain shibumi.dev. Also I had to add connect-src 'self' to my CSP, because Google Lighthouse seems to have problems with defalt-src 'none'. If just default-src 'none' is being set, Google Lighthouse can’t access your robot.txt. This seems to be an issue in the Google Lighthouse implementation, the Google Search Bot is not affected.

  • Content Addressed Vocabulary

    How can systems communicate and share meaning? Communication within systems is preceded by a form of meta-communication; we must have a sense that we mean the same things by the terms we use before we can even use them. This is challenging enough for humans who must share meaning, but we can resolve ambiguities with context clues from a surrounding narrative. Machines, in general, need a context more explicitly laid out for them, with as little ambiguity as possible. Standards authors of open-world systems have long struggled with such systems and have come up with some reasonable systems; unfortunately these also suffer from several pitfalls. With minimal (or sometimes none at all) adjustment to our tooling, I propose a change in how we manage ontologies.

  • GCC 8.4 Release Candidate available from gcc.gnu.org
    The first release candidate for GCC 8.4 is available from
    
     https://gcc.gnu.org/pub/gcc/snapshots/8.4.0-RC-20200226/
     ftp://gcc.gnu.org/pub/gcc/snapshots/8.4.0-RC-20200226/
    
    and shortly its mirrors.  It has been generated from git commit
    r8-10091-gf80c40f93f9e8781b14f1a8301467f117fd24051.
    
    I have so far bootstrapped and tested the release candidate on
    x86_64-linux and i686-linux.  Please test it and report any issues to
    bugzilla.
    
    If all goes well, I'd like to release 8.4 on Wednesday, March 4th.
    
  • GCC 8.4 RC Compiler Released For Testing

    GCC 8.4 will hopefully be released next week but for now a release candidate is available for testing the latest bug fixes in the mature GCC8 series. GCC 8.4 is aiming for release next week as potentially the last of the GCC8 series while GCC 9.3 is also coming soon. GCC 8.4 represents all of the relevant bug fixes over the past year for back-porting to users still on GCC 8. GCC 10 (in the form of version GCC 10.1) meanwhile as the next feature release should be out in the next month or two.

  • Excellent Free Tutorials to Learn Forth

    Forth is an imperative stack-based programming language, and a member of the class of extensible interactive languages. It was created by Charles Moore in 1970 to control telescopes in observatories using small computers. Because of its roots, Forth stresses efficiency, compactness, flexible and efficient hardware/software interaction. Forth has a number of properties that contrast it from many other programming languages. In particular, Forth has no inherent keywords and is extensible. It is both a low level and high level language. It has the interesting property of being able to compile itself into a new compiler, debug itself and to experiment in real time as the system is built. Forth is an extremely flexible language, with high portability, compact source and object code, and a language that is easy to learn, program and debug. It has an incremental compiler, an interpreter and a very fast edit-compile-test cycle. Forth uses a stack to pass data between words, and it uses the raw memory for more permanent storage. It also lets coders write their own control structures. Forth has often being deployed in embedded systems due to the compactness of object code. Forth is also used in boot loaders such as Open Firmware (developed by Sun Microsystems) as well as scientific fields such as astronomy, mathematics, oceanography and electrical engineering.