Bonum Certa Men Certa

F-Droid Shows That Free Software is Actually Better at Preventing Back Doors and at Auditing Code for Quality

posted by Roy Schestowitz on Apr 05, 2024

Kids Reading

Nearly a couple of decades ago Richard Stallman said in his public talks that proprietary software had become a considerable risk of backdoors and gave an example from Microsoft [1, 2].

Some sites have begun speaking about F-Droid, where the F stands for freedom. We saw several articles about it. One such article, this one from Jason Koebler (in today's Daily Links some time later on, or in the sister site instead). Also see John Goerzen's "The xz Issue Isn’t About Open Source" (a bit long but better than the Microsoft noise and paid puff pieces).

To quote some key parts from Koebler's article:

In the case of F-Droid, Steiner linked to the GitLab thread where a specific potential update was discussed. This thread shows how a pressure campaign can potentially compromise an open source project.

[...]

The original poster continued to pressure Steiner and other maintainers of the code, and eventually wrote “nah man, I’m tired of this … I'm not coming back to this project until I see that contributions made in good faith are welcomed instead of fought every step of the way.”

When Steiner was finally able to audit the code, he found that it would have introduced a vulnerability that would have allowed for SQL injections, which is a very basic type of hack that could have crashed the app and would have also potentially introduced other problems. Steiner wrote at the time that he was unsure whether this was actively malicious or just sloppy, but noted that it was a “security risk” either way.

“I wonder if this was an attempt to insert a SQL injection vuln? Or am I just paranoid?,” he wrote. “Anyone know anything about the original submitter?”

Steiner wrote this week that the original coder deleted their account as soon as F-Droid’s maintainers attempted to review the code, and that he thinks that the user’s behavior, as well as “all the attention from random new accounts” has led him to believe “it could be a deliberate attempt to insert the vuln.”

So this actually shows how Software Freedom invites more resistance to rogue code. An associate also notes the part about FOSS being strip mined by corporate actors, and that the OSS part of FOSS needs to be re-addressed because it has failed as stepping stone towards software freedom. Also see:

  1. "What Comes After Open Source? Bruce Perens is Working on It"
  2. "The Next 20 Years of Open Source Software Begins Today"
  3. "Bruce Perens Solicits Comments on First Draft of a Post-Open License"

We wrote about that last one a month ago.

Other Recent Techrights' Posts

Flashback: Microsoft Enslaves Black People (Modern Slavery) for Profit, or Even for Losses (Still Sinking in Debt Due to LLMs' Failure)
"Paid Kenyan Workers Less Than $2 Per Hour"
Why We're Revealing the Ugly Story of What Happened at Libre-SOC
Aside from the fact that some details are public already
 
Links 25/07/2024: Paul Watson, Kernel Bug, and Taskwarrior
Links for the day
[Meme] Microsoft's "Dinobabies" Not Amused
a slur that comes from Microsoft's friends at IBM
From Lion to Lamb: Microsoft Fell From 100% to 13% in Somalia (Lowest Since 2017)
If even one media outlet told you in 2010 that Microsoft would fall from 100% (of Web requests) to about 1 in 8 Web requests, you'd probably struggle to believe it
Microsoft Windows Became Rare in Antarctica
Antarctica's Web stats still near 0% for Windows
Links 25/07/2024: YouTube's Financial Problem (Even After Mass Layoffs), Journalists Bemoan Bogus YouTube Takedown Demands
Links for the day
Gemini Now 70 Capsules Short of 4,000 and Let's Encrypt Sinks Below 100 (Capsules) as Self-Signed Leaps to 91%
The "gopher with encryption" protocol is getting more widely used and more independent from GAFAM
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 24, 2024
IRC logs for Wednesday, July 24, 2024
Techrights Statement on YouTube
YouTube is a dying platform
[Video] Julian Assange on the Right to Know
Publishing facts is spun as "espionage" by the US government and "treason" by the Russian government, to give two notable examples
Links 25/07/2024: Tesla's 45% Profit Drop, Humble Games Employees All Laid Off
Links for the day
Gemini Links 25/07/2024: Losing Grip and collapseOS
Links for the day
LWN (Earlier This Week) is GAFAM Openwashing Amplified
Such propaganda and openwashing make one wonder...
Open Source Initiative (OSI) Blog: Microsoft Operatives Promoting Proprietary Software for Microsoft
This is corruption
Libre-SOC Insiders Explain How Libre-SOC and Funding for Libre-SOC (From NLNet) Got 'Hijacked' or Seized
One worked alongside my colleagues and I in 2011
Removing the Lid Off of 'Cancel Culture' (in Tech) and Shutting It Down by Illuminating the Tactics and Key Perpetrators
Corporate militants disguised as "good manners"
FSF, Which Pioneered GNU/Linux Development, Needs 32 More New Members in 2.5 Days
To meet the goal of a roughly month-long campaign
Lupa Statistics, Based on Crawling Geminispace, Will Soon Exceed Scope of 4,000 Capsules
Capsules or unique capsules or online capsules are in the thousands and growing
Links 24/07/2024: Many New Attacks on Journalists, "Private Companies Own The Law"
Links for the day
Gemini Links 24/07/2024: Face à Gaïa, Emacs Timers for Weekly Event, Chromebook Survives Water Torture
Links for the day
Why Virtually All the Wikileaks Copycats, Forks, and Rivals Basically Perished
Cryptome is like the "grandpa" of them all
A Total Lack of Transparency: Open and Free Technology Community (OFTC) Fails to Explain Why Over 60% of Users Are Gone (Since a Week Ago)
IRC giants have fallen
In the United Kingdom Google Search Rises to All-Time High, Microsoft Fell Nearly 1.5% Since the LLM Hype Began
Microsoft is going to need actual products or it will gradually vanish from the market
Trying to Put Out the Fire at Microsoft
Microsoft is drowning in debt while laying off loads of staff, hoping it can turn things around
GNU/Linux Growing at Vista 11's Expense
it's tempting to deduce many people who got PCs with Vista 11 preinstalled are deleting it, only to replace it with GNU/Linux
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 23, 2024
IRC logs for Tuesday, July 23, 2024
[Meme] Was He So Productive He Had to be Expelled Somehow? (After He Was Elected and Had Given Many Years of Work to Earn a Board Seat)
Things like these seem to lessen the incentive to devote one's life to Free software projects
GNOME Foundation is Causing Itself More Embarrassment With Secrecy Than With Full Transparency
It also arouses suspicion and hostility towards Codes of Conduct, which gave rise to 'secret courts' governed by large corporations
Links 23/07/2024: NetherRealm Layoffs and Illegitimate Patent 'Courts' (Illegal)
Links for the day
Gemini Links 23/07/2024: AM Radio, ngIRCd, and Munin
Links for the day
A Lot of GNU/Linux Growth on the Client Side is Owing to India (Where GNU/Linux Has Reached 16%)
A lot of this happened in recent years
Insulting Free Software Users in Social Control Media (Proprietary, Bloated With Opaque JavaScript) is Like Insulting Amish on TV
Why bother? Don't take the bait.
When Wikileaks Sources Were Actually Murdered and Wikileaks Was Still a Wiki
when Wikileaks was a young site and still an actual wiki
statCounter: Dutch GNU/Linux Usage Surged 1% in Summer
Microsoft is running out of things to actually sell
Microsoft's "Results" Next Week Will be Ugly (But It'll Lie About Them, as Usual)
Where can Microsoft find income rather than losses as its debt continues to grow and layoffs accelerate?
Julian Assange is Still Being Dehumanised in Media Whose Owners Wikileaks Berated (With Underlying Facts or Leaks)
Wikileaks and Free software aren't the same thing. Nevertheless, the tactics used to infiltrate or discredit both ought to be understood.
A Month Later
We're optimistic on many fronts
Links 23/07/2024: Downsizing and Microsoft and Still Damage Control
Links for the day
Gemini Links 23/07/2024: Friends and Solitaire
Links for the day
Why the Media is Dying (It Sucks, No Mentally Healthy People Will Tolerate This for Long)
linking to actual news articles helps fuel the spam, too
Censorship in Eklektix's Linux Weekly News (LWN)
Medieval system of speech, where the monarchs (Linux Foundation) dictate what's permissible to say
10 Years of In-Depth EPO Coverage at Techrights (Many Others Have Abandoned the Topic)
Listen to staff
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 22, 2024
IRC logs for Monday, July 22, 2024