• MystikIncarnate@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    10 months ago

    Easy, since it’s open source, anyone could, if they’re inclined, edit the code to do something just differently enough to cause a problem, or unlock features they’re not supposed to have access to, or spoof something that they shouldn’t be able to spoof.

    This was a big argument against Windows getting a full Unix style socket in Windows 10, I believe. MS did it anyway and basically nothing changed. The blunt realty is that if an attacker is so inclined, they will find a way. Whether anyone wants them to or not. In the case of Unix style sockets, simply pushing the attack onto a Linux VM running on the windows system is usually enough, at most, moving the attack to a Linux or Unix system is also pretty easy but requires additional hardware (even a raspberry Pi) to complete.

    As simply as I can, there’s enough software defined radios out there that you can hack to accurately spoof a genuine (closed source) device with enough effort, that this argument dies on the table to anyone with the technical knowledge to know what it actually means. It’s the same argument as outlawing guns. If you outlaw guns, only outlaws will have guns; which is also total horseshit in it’s own right, but makes a point. They’re making it hard for people (the non-malicious public) to get access to services in the way they want on the basis that it would “make it easier” for hackers to do the illegal. While it may be true that hackers will be able to do some things easier, by not requiring specialized hardware to do whatever malicious thing they want, they’re effectively punishing thousands or hundreds of thousands of people who are not malicious and want open source by prohibiting it, just to make the small number of hackers work harder to do things.

    Fact is, if they allow it, they need to invest time and effort into implementing safeguards to ensure that any abuse is caught and stopped. They don’t want to put in that effort. The idiotic thing is that they need to put in those safeguards anyways because other tools exist that can still attack in the same manner. So they’ve saved themselves nothing in the prohibition, made the job of malicious hackers “harder”, and punished a large percentage of their client base for no good reason.